bloggwriter

With pleasure. Thanks for the offer of help. I prefer not to send this publicly – can I send it to you discretely?

Gosh! I wish there was an edit function here so I could correct my blooming typos. Forgive me.

On my VPS I do this via iptables. However, if you don’t have that level of access to your server, there are a number of plugins that can block ranges of IP addresses that cover entire countries.

Yes, thanks Steven, I can do that and sadly it will come to that very soon fo certain countries. But in any event, just knowing that somebody is using an IP address in a ‘questionable’ location can be used to flag their contacts with a view to blocking them if necessary. That is why my prime interest is a slick and simple geolocation device on as much oncoming traffic as possible. I’d like to do the same for emails but for now its my WP I need to attend to here.

Thanks for that tip, @a2hostingrj. I am now trying it.

Like so many of us, I am plagued by the countless demented R. Soles who try Brute Force and other attacks, scams and other nefarious nonsense. Geolocation is one way of flagging and/or blocking possible/probable hacks.

And all this is on top of the countless phone calls I get daily from ‘The Microsoft’ about a ‘wirus’, from claims people about an accident somebody had in the last 3 years, from BT saying my internet is about to be cut off (haven’t touched BT or a BT cable for decades!), Amazon about my Prime being renewed at a cost of million ‘dollars’ a month unless I unsubscribe, E Bay about an overcharge for something I never bought etc etc.

In short, I am becoming desperate to automate as much filtering as possible in everything. For a start, there are certain countries’ IP addresses I’d like to simply block entirely.I’m sure you know the ones I mean.

Unless and until some central authority acts to stop this rot, these are the only ways we can keep the internet alive – if not to say ALL electronic means of communication.

Thanks, Yui but given the circumstances in the real world today, I do not agree that openly showing Usernames is not a vulnerability. I believe it is.

Judging by the number of such attacks I am seeing, the amount of CPU and other resources must be enormous but manually blacklisting all the dodgy IP addresses would be full-time job, so clearly is not the answer. My site is blocking them for a while after so-many failed attempts but that is all I can do. What I do NOT understand is why Usernames have to be openly visible. It seems an illogical waste of a whole additional level of protection for no benefit whatsoever. An authorised user is expected to know his own Username, after all – even more so if he is an Administrator.

Lucas, thank you for the tip. I will have a look at the Wordfence plugin. But I still feel that my above comments remain true. Username obfuscation needs to be built in.

Thank you so much for this kind response, James. Unfortunately, clicking inside the block does nothing but highlight the block and other parts of the page above and below it! It offers no editing funcionality at all. Frankly, the change to ‘blocks’, far from enhancing the experience seems to have ruined my ability to use WordPress.

My site has been developed over many years and I am loath to interfere now with Themes for the fact that changes were made to the code (for formatting etc) so long ago that I no loner have the parent/child means to track the changes and cannot risk the functionality OR appearance of the site to suddenly change and be lost.

Regarding plug-ins, yes – I do have quite number of them running and again, disabling anything that would change the appearance or functionality of the interactive site is not an option for me. I note with great interest that you say it can be done using ‘Health Check’ ‘without affecting normal visitors to [the] site’.

I ran the check using that suggested plugin and it came back with a few issues. Two were CRITICAL:

• The REST API request failed due to an error.
  <br>Error: [] cURL error 52: Empty reply from server

and

• The loopback request to your site failed, this means features relying on them are not currently working as expected.
  <br>Error encountered: (0) cURL error 52: Empty reply from server

The three Performance recommendations were:

• We recommend that you update PHP
• Outdated SQL server and
• The scheduled event, wp_privacy_delete_old_export_files, failed to run. Your site still works, but this may indicate that scheduling posts or automated updates may not work as intended.

Despite having surprised myself with how much I managed to accomplish using WP over the years, I now fear I am getting out of my depth unless the fix is going to be within my capabilities. (I SO wish they would have left it alone.) Any thoughts?

First of all, thank you for your interest.

I cannot link it to ANY changes in the site. That was my first thought too.

I suspect, after much experimentation that it is more related to the client’s browser being outdated than to my site. When we replicated the problem on a particular laptop and then did a software update on that laptop, it started to work. HOWEVER, if this really is the case it does not help me as it seems millions of browsers/OSs out there are not ‘sufficiently’ updated and they only discover the lack of ‘compatibility’ after getting to the end of a long form. (It really did start happening at about the same time a couple of months ago from all around the world.) It drives them nuts and they give up! I wish there was a simple ‘compatibility identifier’ plug-in that could warn them at the start that theirs needs updating.

But all the above hinges upon my guess being correct that it arises from their browser. If not, then ???

• This reply was modified 6 years, 8 months ago by bloggwriter.
• This reply was modified 6 years, 8 months ago by bloggwriter.

I suppose its too easy to forget that these plug-ins are offered free of charge by people trying to help us all for no personal gain whatsoever.

This is clearly one of the useful plugins we would all like to use to full advantage and must wait for the developer to have the time to deal with it. Please do try, Takien, you can see we look forward to it.

Just to say that I uploaded WP into a clean, new directory and rebuilt the site from scratch and the problem is solved. It worked first time and was a GREAT deal easier to do than trying to find the corruption. Thanks again to all concerned.

I am now on WP 3.3.2 but two quirks are there which were not there before…

1) On composing pages the HTML tag works fine, but the (more useful) VISUAL tag reveals only an empty box! It makes composing more difficult. I see on other parts of the forum that this is a known problem – which is odd – but I cannot find a way to fix it that is decisive and understandable by mere mortals.

2) The other thing is trying to find a user-friendly way to change the font colours on the Header appearing on all pages. It seems that once you create your front page, you are locked out from editing it.

With these apparently insoluble yet pretty basic obstacles, I am seriously doubting my sanity, which rather throws my suitability to my day job (don’t ask!) into question! Any suggestions?

I am finally conceding defeat! I will ask the ISP to do it. I gave it my best shot but it beat me in the end. Just one question for you – as all this came about because of some corruption creeping in to the access/password code, are you certain that the problem will not lie in the very (wp-config.php) file you are suggesting I keep?

Thank you for trying so hard to help me. People like you and Floridian12 make SUCH a difference. Keep it up! You make a difference.

I have felt all along that it was not file-content related, but that only supports the belief that to start again would be the easiest solution, to rid the site of whatever hidden corruption crept in – however it may have occurred. I sought a ‘simple’ solution rather than involve the ISP in a detective hunt for perhaps one tiny piece of code in an obscure, hidden file.

I was rather hoping I might be able to simply use ftp to remove specific files/folders and replace them with clean ones. It seems anything BUT as simple as that. To be honest, I am now feeling so intimidated by the mess I find myself in, I am frightened to do my own re-install of WP for fear of messing up something anew. You know, when you just feel like you can only make things worse – dig yourself in deeper.

From your advice, it seems (am I right?) that I can carry out your steps 1 & 2 and then ask the ISP to install WP into a chosen new folder in my server – and start again? Are there any specific page-content files or folders you think I can safely rescue and ‘drag’ onto a new folder thus created?

Once again I am most grateful for such helpful advice from you guys.

Certainly I do. Indeed, I want to be able to do what is needed myself and be independent of the ISP – if at all possible. I can upload and download with ftp at will. Why? Can you help me?

How very interesting!!! As it happens, I first noticed it on Firefox, but sadly I now get it on everything and every machine – even iPhone!

Not much of a whizz on these hacking tools or how they work (let alone the imbeciles behind them), but I keep coming back to wanting to simply start again with a clean new folder, yet I can’t seem to find how to do that – without unbelievably verbose and complex descriptions and jargon that make my eyes meet in the middle! Isn’t that odd?

Well, frankly I doubt it. I have been trying so many ways to get out of this mess, Lord ONLY knows what files I have messed up along the way. I thought I could just set up a clean folder on my server and start over with a clean set of whatever WP files need to be there before I start.

Even that seems impossible to fathom. As you see, it is proving incredibly difficult to get WordPress to work right. Trying to remove the mysterious uncommanded password thing has brought the whole thing down around my head!

I take it from your latest advice that simply starting again is not what you would be able to help me with. Even so, I am really grateful to you for attempting to help. I appreciate it!