tomdkat
Forum Replies Created
-
Thanks for the information!
Peace…
Forum: Plugins
In reply to: [Contact Form 7] google invisible recaptcha soon ?I wasn’t aware Google’s Invisible reCAPTCHA wasn’t supported yet. 🙂 I’m configuring it now and I wasn’t sure how things were supposed to look. 🙂
In any event, when will Google’s Invisible reCAPTCHA functionality be supported by Contact Form 7?
https://developers.google.com/recaptcha/docs/invisible
Thanks!
Peace…
Great question! This is something I would like to know more about as well.
Thanks for the reply. No, I don’t have the Wordfence firewall fully enabled. I don’t have FTP access to this site, so I decided not to enable the firewall since my ability to deal with blocking access to the WordPress Dashboard would be limited. The above examples came from the same IP address, but I’ve seen entries like that from other IP addresses. My policy has been to block such traffic, if it hasn’t been blocked by the Wordfence Security Network.
Thanks again!
- This reply was modified 9 years, 4 months ago by tomdkat.
Great! Thanks!
I didn’t think that would be appropriate, but I certainly can post some. 🙂
Here are some URLs I’m seeing in the Wordfence log:
http://www.{oursite}.com/wp-includes/js/jquery/%5D,_default:k.htmlSerialize?[0, http://www.{oursite}.com/wp-includes/js/jquery/===c)&&(b.defaultValue=a.defaultValue)%7D%7Dm.extend(%7Bclone:function(a,b,c)%7Bvar http://www.{oursite}.com/wp-includes/js/jquery/,data:b%7D).done(function(a)%7Be=arguments,g.html(d?m( http://www.{oursite}.com/wp-includes/js/jquery/).length,k.htmlSerialize=!!b.getElementsByTagName(These look suspicious to me and I want to confirm whether or not they actually are suspicious or malicious.
Thanks!
Thanks for the info. Our site is a single page. I’ll definitely look into the country blocking setting.
Thanks again!
Thanks for the info about adding the IP address to the “Exclude” section. That helped me tremendously! 🙂
Peace…
Thanks for the reply. What concerns me is:
1) We don’t have Shareaholic installed
2) The IP address being logged does resolve to a machine in Google’s domain. So, the IP address appears to be legit.
I’m wondering if hackers are now using Googlebot (or other bots) to sniff out vulnerabilities in WordPress installations.
I’ll certainly look for any directories in “wp-content/uploads” that don’t look familiar.
Thanks!
Peace…
Thanks for that info. Yes, my administrator account is whitelisted, however your suggestion pointed me in the right direction so my issue is resolved. 🙂
Thanks!
Peace…
Forum: Plugins
In reply to: [W3 Total Cache] W3 Total Cache and PHP 7.0.9Thanks for the link to the compatibility checker! I’m in the process of migrating a WordPress blog from Hostgator to another hosting service and found W3 Total Cache was causing crashes when run with PHP 5.5. 🙁 I do realize PHP 5.5 is obsolete but I think I received a message indicating W3 Total Cache wasn’t compatible with PHP versions later then 5.4.x.
In any event, I’ll scope out moving to PHP 5.6, if not PHP 7 on the new hosting service.
The compatibility checker has shown give me some great info to consider! 🙂
Thanks!
Peace…
Tom
webado, I’m in the same boat as you. The past 2 days have been insane. I feel like I’m getting a lesson in geography, I’m seeing so many different cities and countries attack wp-login.
As you, I’m also blocking IP addresses and the block list is getting quite long. lol
*sigh*
Peace…
Tom
Forum: Plugins
In reply to: [File Manager] ChangelogGreat! Thanks! 🙂
Peace…
Hmmm, I actually _DO_ see some updates of additional hits on blocked IPs on the “Blocked IPs” page. I just don’t see the updates for all IPs I’ve blocked.
For some IPs I’ve blocked, the “hits after being blocked” (or whatever the exact text reads) stat is greater than 0.
However, I’m with you in that I would also like to see these stats updated more consistently. 🙂
Sorry I haven’t had any time to respond as I’ve been busy. 🙂
From the standpoint of being realistic, I think it’s even more important to differentiate between _Wordpress_ issues, meaning issues with the WordPress core, and WordPress plugin issues. We occasionally hear about security fixes being made in the WordPress core and those are obviously “WordPress” issues. However, a poorly developed plugin isn’t the responsibility of the WordPress core developers/maintainers.
It’s up to those choosing plugins to do proper research to determine if they plugin they’re interested in meets their standards to be deemed worthy of installing. The reality is, a lot of people either don’t know how to do the research or simply choose not to do any research before installing something that they think will enhance their site.
I tend not to install many plugins in the WordPress sites I maintain, but that’s not to say I never look at plugin that are available.
Also, look at the sheer number of plugins that offer the same functionality. Different approaches to providing a feature or function that has value. Not all of them will be developed the same or with the same level of quality (or lack thereof, in some cases :)). So, it’s really up to the WordPress site maintainer to make better decisions about which particular plugins to install or not.
Of course, we’re not talking absolutes here. I’m _not_ saying there will never be another security issue found in the WordPress core nor am I saying one shouldn’t install any plugins. I’m saying it’s important to be aware of the differences between an issue with the WordPress core and with any given plugin one chooses to install.
Lastly, NONE of my comments directly apply to WordPress.com.