idahsto8
Forum Replies Created
-
Forum: Plugins
In reply to: [Easy Forms for Mailchimp] Single Opt-In when using IntegrationThank you!
Forum: Plugins
In reply to: [Easy Forms for Mailchimp] Single Opt-In when using IntegrationThank you! I’d probably prefer to edit functions.php myself, if you can provide a few additional details? Where within the file do I need to place code… or can it go anywhere in there? thanks!
Forum: Plugins
In reply to: [FireStorm Professional Real Estate Plugin] Custom Sorting on Listings PageI deactivated the plugin, then reactivated it. That seem to fix it.
Forum: Plugins
In reply to: [FireStorm Professional Real Estate Plugin] Custom Sorting on Listings PageI actually did, 5 days ago… but I haven’t gotten a response :/
Forum: Plugins
In reply to: [FireStorm Professional Real Estate Plugin] Custom Sorting on Listings PageI upgraded to pro. Now, I have several issues I can’t seem to correct:
1) The listings no longer show up?
https://www.carmelmeridian.com/listings/(I notice it says to “login to view listings”, but even when I’m logged in they don’t show up).
2) When trying to adjust the “Pro” settings, no changes I make will save. It just goes back to the default settings.
P.S. I did put in my license # & uploaded the extension file they provided.
Thank you!
Forum: Plugins
In reply to: [FireStorm Professional Real Estate Plugin] Custom Sorting on Listings PageAhh. Pro Feature… got it. Thank you!
Forum: Fixing WordPress
In reply to: So I got hacked, 3 hours ago….I made the following security improvements & haven’t been hacked again, yet. Note: I haven’t password protected wp-admin like @awhitemage.
I found this person who had a similar type of hack. They made several changes. The one I changed was the wp-config.php permission to 400.
I added these to my public_html .htaccess:
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files># DENY PUBLIC ACCESS TO YOUR php.ini file
<Files php.ini>
order allow,deny
deny from all
</Files># DENY PUBLIC ACCESS TO YOUR php5.ini file
<Files php5.ini>
order allow,deny
deny from all
</Files># QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|?|”|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(“|’|<|>|\|{||).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ – [F,L]Forum: Fixing WordPress
In reply to: So I got hacked, 3 hours ago….I’ve sent midphase this thread [also see this thread](as did @awhitemage) and have been in communication with them and so far have been very helpful for my situation.
If you’re one of the people that have had your site hacked at midphase in the last week+/-, and had your wp username & password changed, please email jgriffiths [-at-] westhost [-.-] com and:
“tell me which files exactly you saw as hacked during your instances so that we may know where the hacker was targeting and probably the vulnerability. Also, can you please provide us with the domain names of the other clients who were seeing hacks so we can see if there was an correlation between them all? Please let us know.”
Forum: Fixing WordPress
In reply to: WP Version 3.0.1 hacked: Someone changed my username and passwordUpdate: For a 2nd time, I restored a pre-hack backup & have made a number of security enhancements. I don’t know if any of these will prevent this from happening again, but thought I’d share. If anyone has further suggestions please let me know.
I added these to my public_html .htaccess:
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files># DENY PUBLIC ACCESS TO YOUR php.ini file
<Files php.ini>
order allow,deny
deny from all
</Files># DENY PUBLIC ACCESS TO YOUR php5.ini file
<Files php5.ini>
order allow,deny
deny from all
</Files># QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|?|”|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ – [F,L]I found this person who had a similar type of hack. They made several changes. The one I changed was the wp-config.php permission to 400.
I’m working on restricting IP addresses to /wp-admin with .htacess in that folder, but keep getting a “page doesn’t exist” error after attempting to login. I had it working, until I added some of the public_html .htaccess items listed above. I don’t know if one of them is interfering or not.
Forum: Fixing WordPress
In reply to: WP Version 3.0.1 hacked: Someone changed my username and password@awhitemage Thank you. That’s exactly what I was looking for. However, I had two usernames I had created, one apparently was deleted. The remaining one only has partial permissions (Author permissions). Any idea on how to create a new user with full permissions? Or get back the previous user that was deleted? Thanks so much.
Forum: Fixing WordPress
In reply to: WP Version 3.0.1 hacked: Someone changed my username and passwordawhitemage – Can you walk me through how you changed your wp admin username & password back so you could again login? Or, have you not been able to get back in? Thank you.
Forum: Fixing WordPress
In reply to: WP Version 3.0.1 hacked: Someone changed my username and passwordawhitemage – where in your directory are the “two” files you found?
Forum: Fixing WordPress
In reply to: WP Version 3.0.1 hacked: Someone changed my username and passwordI’m at midphase as well. Sounds like we have the same issue.
Forum: Fixing WordPress
In reply to: So I got hacked, 3 hours ago….My username & password (only for wp-admin) was also changed twice in the last 3 days. I’m also at Midphase.
awhitemage – where in your directory are the “two” files you found?
Forum: Plugins
In reply to: XML Sitemap Generator for WordPress 3.1.1Hi jdembowski, thanks for the help. I think you’re right that the search engines aren’t having any problems. At least, Google webmaster tools has not given me any errors. I did try clicking on “use default,” but nothing changed.
I also tried to uninstall & reinstall. Kind of weird, Cpanel would not delete the sitemap.xml & sitemap.xml.gz files. Besides that, it re-installed fine but still have the readability issue.
I would like to get it working properly, if you have any other suggestions I would love to hear them.
Thanks!