Syncly.it

@bcworkz

if you refer to class creation:

add_action('plugins_loaded', 'stwc_loaded');
function stwc_loaded(){    
    if ( is_admin() )
    $settings = new Settings();    
}

This is firing correctly, what I dont get to fire is the function:

function wpso_add_admin_custom_css() {
  ?>
    <style type="text/css">
        #wpadminbar {
            background-color : #f1f1f1;
        }       
        #wpcontent {background-color: #f0f0f0; }
    </style>
  <?php
}

I also tried with do_action() but nothing, there is no way to call this function. Another test was using echo to print the style, absolutely nothing. I finally tried printing a log file but it never enter this routing, no matter how loud I cry or my cat comes visiting me on the desk.

@wfsupport

Sent.

Hi @rainfallnixfig,

That’s pretty bad from Automattic, do you realize that you are stating that A) WooCommerce is not GDPR compliant and B) you do not care at all and C) neither have a plan to make it compliant in the near future? It just take adding a checkbox, of course the newsletter one would be a nice addition to have but that is not required by EU laws, by not having a checkbox on the privacy notice, you are making every single shop out there not compliant to the GDPR just cause you live in US and do not care.

Hi @wfphil

Aside from keeping the theme updated, that is the minimum I think, is there a theme or builder more secure based on how it is built? I follow the wordfence newsletter and I remember that both divi and elementor had security issues that were promptly fixed, I dont recall any security issue being spotted on genesis or genesis based plugins. Is splitting the theme into parent/child more secure than having a single theme upon which build the website?

edit: using the second link worked, is it possible that switching the website under Cloudflare caused this?

Hi @drwpcom I saw that, but not all customers are on square, I need a broader solution, and in the last month I decided to code it myself as a service.

@wfadam

Hello!

I could not replicate the issue, probably it was due to switching to cloudflare?

@thup90 this plug-in sync webstored not brick-and-mortar store with the website.

@jmcelhaney Hello,

I was so swarmed of spam that my provider put a stop to the transactional e-mail on my website. So I had to quickly fix this and I added a questions/answer field. The v2 of recaptcha is by so long time flawed on the google end, and it is no longer a reliable way to filter out spam. Honeypot worked but they learned how to bypass it, plug-in is up to date. So far only one website got hit by this mass spam, other websites hosted on the same machine seems to be unaffected.

@netnothing that’s what I said, and since v2 is bypassed by the first spammer on a budget, is there a reliable captcha that we can actually implement?

@wfdave

Here is the original message:

https://share.creoweb.it/450c9a94.jpg I have many other similar files but only this one triggered the notification. Also what is the ixlibrb-0.3.5 library?

Hi @wfgerald

They cleaned all the payoads, the hosting company is Cloudways, from the log it seems they were able to login via sFTP. The website was not harmed but stolen, other websites were not relevant for this purpose.

That you know of, does this hosting have faulty sFTP service that let everyone in? They even cleared the Breeze cache just to make sure. I have the logs showing tests and payloads upload/delete of the the payloads after, their purpose was to steal the website files/database tables to replicate the website.

if you have a private e-mail address I could forward you the logs. Or better then a p2p Telegram account so we are sure that only us could read it.

Hi @wfgerald

I didnt receive the notification or possibly deleted it without answering, thinking that I already did, I dont remember.

However I see that many attacks are performed in a short period of time, why the firewall doesnt put the IP on a temp ban and prevents further attacks? A 1 hour ban would probably be enough. The point is that if an IP is used for XSS it should be blocked as first response, and block further attacks.

Hi @wfgerald ,

you gave me the same answer, I want to disable the notification sent from wordpress@ saying that “plugin X … ” etc.. as in my screenshot, and preserve those from Central.

Hello @wfgerald,

I rather want to receive central notifications and suppress those sent from wordpress@ since are redundant.