Kenny Moore

Ah, to stop form spam adhostingrj’s captcha suggestion is good. Even more effective if combined with a honeypot and/or a javascript challenge using a Cloudflare page rule or firewall rule.

Hi MrBrain, what sort of spam are are you getting – emails, comments, form entries, something else, some combination?

You could try a plugin like Sticky Menu (or Anything!) on Scroll. I would check the ad terms and conditions first. Some advertisers don’t allow fixed ads.

That’s a really broad question. There are many thousands of plugins that do many different things. You first need to narrow down what functionality you need – for example a contact form, SEO optimizer, security, etc. Then search the Plugins repository for one that is popular, well-reviewed, and regularly updated.

It works for me – Safari on iPhone. Please reconsider the pop-over.

Please provide a link to your site. Are you using brokenlinkcheck.com? It should show the location of the broken links – is it not?

I’m confident a moderator will be by shortly to give you a helpful link to all the different ways you can reset your WP admin username/email/password. Google can also quickly find the information. Or you could contact your host. Your situation is understandably frustrating but yelling (!) at people who are here to help you won’t help.

Hi ymca,

There are other approaches that are well-proven, such as two-factor authentication and obfuscating the login url, as suggested above. But if you want to try something novel, like deleting the login file, good for you. Give it a try. That’s how new approaches get discovered. If it works, and it suits your use case, great. If not, try something else. No one but you can decide what works best for you. Please report back here on your experience.

You can obfuscate your login url using WPS Hide Login or a similar plugin. That will effectively block direct access to wp-login.php.

Your link gives me a 500 error, which should be described in your hosting panel error log – I would start there.
“Otherwise, could we be supplied a unique domain/temporary URL to have access back to the portal.” – No one here can do that. Please contact your web host – looks like it’s names.co.uk.

I would start with Cloudflare – it offers a free tier that includes global distributed caching and many other performance and security features. Caching locally is also helpful. If your host offers a server-side cache solution like LiteSpeed or Varnish, that’s the way to go. If not, I’d use Comet Cache or another highly rated WP caching plugin. If you do decide to switch hosts I would look for one that offers LiteSpeed server.

Yep, I get these too. LiteSpeed Cache makes these backups whenever I deactivate/reactivate it for troubleshooting or make a change to the cache configuration that impacts htaccess. I usually change the access permissions to 400. When there gets to be too many I delete all but the most recent – just in case I need to roll back.

I use a Cloudflare firewall rule to issue a JavaScript challenge …
(http.request.full_uri contains “/?s=” and not
http.referer contains “mysite.com” and not
cf.client.bot)

You can disable the plugin using SFTP or the file manager in your hosting control panel. Browse to the wp-content/plugins/ folder and rename the folder of the mixed content plugin – just put an ‘x’ in front of the folder name or something like that.

“I would like to know who hacked my website.”

Are you thinking about revenge? If so, take a deep breath. Jeff Starr of Perishable Press put it this way (https://perishablepress.com/what-to-do-when-your-site-gets-hacked/)…
“After discovering that hacker forum thread discussing how the greasy scumbags hacked my site, I was livid. I wanted revenge. I wanted to “get even”. But even in my rage I knew better than to stir up the hornets nest. Taking any form of direct action against the perpetrators ultimately would have backfired. Seriously, we’re talking about people who spend their lives exploiting vulnerabilities. Of course, not all hackers are bad guys, but you definitely don’t want to pick a fight with an army of people who share that “hacker” mentality. No matter how upset or justified you might be, you’re better off just letting it go. Clean up the hack, secure your site, and move on with your life. My advice.”