Adendum

As regards .htaccess I can’t see anything that is different to any other site I have installed EWWW. In fact except for the custom path to php.ini I could copy the htaccess file to any other domain.

That’s interesting. When I put the same phpinfo into the wp-content/ewww/ folder it shows exec() as disabled.

The configs are:-

‘./configure’ ‘–disable-fileinfo’ ‘–disable-phar’ ‘–enable-bcmath’ ‘–enable-calendar’ ‘–enable-ftp’ ‘–enable-gd-native-ttf’ ‘–enable-libxml’ ‘–enable-magic-quotes’ ‘–enable-mbstring’ ‘–enable-pdo=shared’ ‘–enable-soap’ ‘–enable-sockets’ ‘–enable-zip’ ‘–prefix=/usr’ ‘–with-bz2’ ‘–with-curl=/opt/curlssl/’ ‘–with-freetype-dir=/usr’ ‘–with-gd’ ‘–with-gettext’ ‘–with-imap=/opt/php_with_imap_client/’ ‘–with-imap-ssl=/usr’ ‘–with-jpeg-dir=/usr’ ‘–with-kerberos’ ‘–with-libdir=lib64’ ‘–with-libexpat-dir=/usr’ ‘–with-libxml-dir=/opt/xml2’ ‘–with-libxml-dir=/opt/xml2/’ ‘–with-mcrypt=/opt/libmcrypt/’ ‘–with-mm=/opt/mm/’ ‘–with-mysql=/usr’ ‘–with-mysql-sock=/var/lib/mysql/mysql.sock’ ‘–with-mysqli=/usr/bin/mysql_config’ ‘–with-openssl=/usr’ ‘–with-openssl-dir=/usr’ ‘–with-pcre-regex=/opt/pcre’ ‘–with-pdo-mysql=shared’ ‘–with-pdo-sqlite=shared’ ‘–with-pic’ ‘–with-png-dir=/usr’ ‘–with-sqlite=shared’ ‘–with-xmlrpc’ ‘–with-xpm-dir=/usr’ ‘–with-zlib’ ‘–with-zlib-dir=/usr’

But further down I can see:-

disable_functions >>> show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen

So, what would be causing that do you think?

Update:

I have deleted the cache but the problem remains.

I also logged in using a different browser and still get the ‘Do you reall…’ message and the link is always the same e.g. ../wp-login.php?action=logout&_wpnonce=e39e581d75

So what’s happening and how do I stop this?

Late to the party but same for me.

Uninstalled and reverted to 3.6.8.

But clearly we all need an alternative now and I guess we can’t trust the original author to ix the errors?

Jeff,

Thanks – I’m not that bad honest! I missed the = and the link text cos I was in a hurry! Many thanks!

The lastest Yoast SEO version does have an option to opt out of the OnPage connection. Unchecking that removes the problem. But if you want OnPage to assess your site you have to uncheck the Fake Google setting in Wordfence.

I have a similar issue but I can edit a page or post title in the snippet preview for a PUBLISHED page/post but if it is in DRAFT mode it just disappears.

Andrew,

Ah, thanks that’s useful!

Still hopeful for an updated version soon though.

The problem is 100% a Wordfence setting “Immediately block fake Google crawlers”.

If checked – as I have in all client websites – Yoast reports the error. If unchecked, no error.

And what if you can’t edit directly from the snippet preview?

All sites I have tried this with do not allow it – the page title simply disappears and you only see the URL and Meta Description – both of which I can edit.

EDIT: Correction, I can edit a URL but for a home page it dumps /example-post/ on the end????

Reading a number of other threads on the same subject I believe the problem is with WORDFENCE and ONPAGE.ORG. Deactivating Wordfence has an immediate effect and the error message goes away. Re-activate and it returns.

Wordfence is probably blocking access but I see no way in WOrdfence to allow access other than by whitelisting an IP address.

I won’t lower Wordfence security settings so I need a way to allow OnPage to access all my client websites – how do I do this OR is the SEO plugin being updated to fix the issue?

Yep – I have the same – having to log into all sites to reset the settings.

Appreciate that.

OK, so no responses…maybe this is too long and appears daunting?

Here’s a much shorter version then….

I have one site I can’t update the theme from my desktop PC but I can update plugins HOWEVER I can update the same site using my iPad….why is that?

James,

I am nervous of doing that because when this issue first happened I deactivated and uninstalled VFBPro and manually uploaded the plugin via FTP.

On logging back into the site after the manual upload I activated the plugin and was asked to update the database, which I did, and then found that the plugin data (a complex form) had been zapped. No form. That’s why I had to restore the site.

So I have now just updated that restored site to 4.2.1, updated the plugin and everything is back to normal. Now I have just one site (one of my own – not a client site) that refuses to budge.

But the good news is that I can do whatever I want with that site! allsortsofstuff.net is a WordPress site with the Classipress theme plus a flat styled child theme. I have changed this to 2015 and deactivated plugins but VFBPro still wont update.