billc108

Thanks. Support ticket initiated.

I’m using WooCommerce Subscriptions.

All those older orders are set to Pending… I’ve tried setting them to other things and back to Pending, but no change.

Would this have anything to do with the fact that his most recent invoice payment failed? I received a different card number and am currently waiting for the automatic retry. (Is there a way to force it to run the card on demand?)

ah. i see. thanks. fixed.

https://2umedical.com/contact-2/

If I remove the radio button

<label> Are you currently a patient at 2UMedical?
    [radio currentpatient id:currentpatient label_first default:1 "yes" "no"]</label>

the errors

!1 configuration error detected in this tab panel

and

!(configuration error) Multiple form controls are in a single label element.

go away. I’m not seeing anything wrong with that code though.

Belated thanks for your reply, Mike.

I keep all the site software up to date with the latest releases (checked by scripts daily).

A scan report found the URI_NOW.conf file on the site in question this morning (9/7). So it’s still happening – though I’ve never seen any malicious activity related to its existence.

The site in question wouldn’t happen to be hosted with GoDaddy, would it?

@wpmudevsupport12

I’m actually looking for feedback from the original thread starter and subsequent posters on the subject.

Did they find the source of the files?

Are they still seeing the files regenerate? (I am…)

Do we have any plugins in common which might indicate where this is coming from?

So thanks for the suggestion but no, I do not wish to start a new thread.

Still seeing this on a client’s site. Near as I can figure it writes the most recently visited URL to the file.

Plugins on the site are:

Akismet Anti-Spam
Black Studio TinyMCE Widget
CallRail Phone Call Tracking
Cincopa video and media plug-in
Classic Editor
Contact Form 7
Flamingo
GNU Terry Pratchett
Google XML Sitemaps
Header and Footer Scripts
Header Footer Code Manager
Insert Headers and Footers
iThemes Security Pro
ManageWP – Worker
Markup (JSON-LD) structured in schema.org
Master Slider
Nextend
Nextend Accordion Menu
Page Builder by SiteOrigin
Quick and Easy FAQs
Redirection for Contact Form 7
Responsive Menu
SEO Ultimate Pro
ShareThis
Simple 301 Redirects
UpdraftPlus – Backup/Restore
Widget CSS Classes
Wordfence Security
WP SEO Structured Data Schema
WP-PageNavi

Where do we overlap with the plugins on your site(s) with the same issue? Maybe we can narrow things down a bit. A number of the plugins above are used by many of our other clients (Akismet, Contact Form 7, Classic Editor, iThemes Security, Manage WP, Wordfence), so I can probably eliminate them but I’ve included them here just in case.

It doesn’t appear to be hurting anything, but it’s annoying that the files are created in an unexpected location.

This one is hosted on GoDaddy.

It also says that “April 28th, 2021, v3.7.1 released, fixing the issue”. Since the issue had been outstanding for a while, I suspect the WP Plugin team is just doing a full review to insure there aren’t continuing problems. It does say that this was pulled temporarily.

Either way I’d keep an eye on it.

I’m seeing the same on a client’s site.

The contents of the file are:

https://www.domain.com/wp-admin/plugins.php?action=activate&plugin=seoupro%2Fseo-ultimate-pro.php&_wpnonce=9230e8a95e

also seeing a file by the same name in the root with the contents

https:///cgi/addon_GT.cgi?s=GT::WP::Finder::SiteData+%28drtothco%29+-+10.0.87.40+[Server%3b+/var/hp/common/lib/Server.pm%3b+1344%3b+%28eval%29]

Does that give you any clue?

Tried reinstalling WordPress core, didn’t see any change in behavior.

Drat. I guess i’ll have to brush up on custom pages and posts again then. it’s been a while…

Also getting the

Submitted URL marked ‘noindex’

flag from Google. Checked the source code and there’s a meta tag:

<meta name=”robots” content=”noindex,follow”/>

Apparently they want that gone.

If you’re getting an error when you try to create a new user or recover a password, comment out line 56. Just change

$args[‘headers’][] = ‘X-Clacks-Overhead: GNU Terry Pratchett’;

to

// $args[‘headers’][] = ‘X-Clacks-Overhead: GNU Terry Pratchett’;

Which apparently adds the X-Clacks line to outgoing mail as well (password recovery, new user notices, and maybe more)

It’ll keep the user mail function working.

I don’t know what the “proper” fix is, but that seems to work for me.

Ok. I’ll ask the host for that. More later.

Unfortunately, it’s not my server and I don’t have immediate access to the error logs. Will see what I can retrieve.

I just reinstalled and activated and the problem is still there. (deleted immediately after)

Email me through https://sustainablesources.com/about/contact-us/ if you want access to the site to see it for yourself.

thanks. Let me know if you need anything else from me.