Greg Marshall
Forum Replies Created
-
Thanks for the reply and yeah thats basically what I thought.
I had considered excluding the file names / directories but if someone does hack the site I want to be able to find the issues too should they arise in any image files.
Is there anyway that wordfence can detect optimised images and ignore them? I am sure many people will face this issue. normally I just mark to ignore til file changes but EWWW will rescan and reoptimise if any savings can be found.
What would you recommend as the best solution? I’m wary of excluding the directories and extensions
Forum: Fixing WordPress
In reply to: WP Media uploader doesnt work from frontendYeah, Im using Ultimate Member for the profile etc, and User Submitted Posts for the front end post form.
I have tried this on a plain wordpress install with out UM and attempted other front end post submission forms. Any plugins that use the standard wordpress media uploader hit this issue.
Sadly, I often find folks have been compromised for weeks or months before hacker actually does anything malicious. That said, it’s unlikely WordPress is at fault.
I would agree with this to an extent. admittedly the site was not updated for a short while but not that long at all, I always install core updates and plugins ASAP when I notice them. The hack has possibly been there for upto 4 weeks (last time I thoroughly looked through plugins folder)aside from that I’d log into dashboard and just click the updates section and go.
The only reason I suggest that the WP core may be vulnerable is because of the way the link in my first post describes the attack. not only that there is also a reference that Jetpack or the 2015 theme can allow these hacks to happen and I do use Jetpack..
thanks for both replies,
The plugins were removed immediately, I was not for a second fooled by them and I removed the admin users that were created, I did have an anti malware and brute force plugin installed but clearly it failed miserably (So i shall not be naming it) will be goign with wordfence and whatever else I find thats highly rated.
The problem is though, these hacks are supposed to leave hidden code around the site, the wp-uploads is clean, wp-includes looked clean wp-config and index.php were also fine but aside from that its practically impossible to find it manually. My host ran a Malware scan and found nothing too. I understand these hackers like to use base64 however wordpress, plugins and themes also use this so really its a needle in a haystack job to try and find anything left over.
Obviously I am going to dramatically increase the security on all our sites but from what I have seen there is nothing anyone can do to actually stop this Just postpone it which is why I am kinda looking for an official answer because if I am correct then WordPress needs to be updated like yesterday to protect people from this
Yeah ok I get your point there, obviously it wont check all 3 sites simultaneously that does make sense. What I may do then is to see if there is another free monitoring tool I can use on some of my development sites to see if I get similar results.
also in the link you gave in your first reply I checked the know issues link and it does mention W3TC but it didnt go into too much details, is there any further notes on this? Because if W3TC and jetpack are conflicting that could also slow the sites and make the monitor think its gone down. I think I may have to switch to WP super cache….
Hey thanks for the reply,
I will admit the Time Assistant website does load a bit slower because we have a single slide video at the top, it takes a little longer but the other 2 sites actually run fairly fast with decent load times, I do also run W3TC but it has been having issues recently on the time assistant site, for some reason it keeps failing to create some of the Caches,but thats a topic for another thread obviously.
I have noticed though that the hosting server we are on does tend to slow down occasionally in terms of disk and processors, but again I’d have thought if one was going to fail all would at the same time.