megmo

Awesome, thank you so much. I’ll review those resources and go from there!

The theme has a file called thumb.php and it says Tim Thumb in it, but I seem to remember an older version of one of my themes having timthumb.php, not thumb.php. I installed and ran the Tim Thumb vulnerability scanner you recommended and it found that there was an old version installed that was vulnerable, but that was all it said. I updated the script and now it says that I’m up to date. Is that all that I need to ensure there are no back doors left open to the site? Or do I still need to remove the theme and then re-install it and make all my CSS changes, etc., to it again?

I think the plugin I used originally was called Exploit Scanner, but I’m not entirely sure because I deleted it after it returned all those errors for a fresh install. ??

Thanks for all of your help!!

I actually don’t mind re-building the rest of the site from scratch, as I had just recently modified a new theme so it didn’t look anything like it did back in Feb. of 2011. ?? I guess I will keep looking for an XML backup, or at least make myself a note to make one on a fairly regular basis. I wasn’t aware that I could import the database file and choose to only bring in the posts and comments. My host seemed to think that if I wiped the database and then reinstalled from a backup, I’d be bringing back the bad files that existed.

I also didn’t realize the timthumb vulnerability went back that far, which makes me worried about a client’s website I set up earlier this year using a Woo theme. The site was finalized in March, but I think the theme had been installed as early as December of 2011. Do I need to wipe the entire site and start over to ensure there are no vulnerabilities? I haven’t heard anything from him regarding any messages from his webhost about bad files being placed in his site, but I’m also not exactly sure how to check for that. I tried a plugin when I set up the site, but an initial scan (right after I installed WordPress for the first time) told me there were about 3,000 problems, which I found a little hard to believe.

Looks like I started backing up the database in February of 2011. I tried figuring out a way to extract just the posts and comments from the database files, but didn’t ever find anything that didn’t require quite a bit of technical knowledge. ??

I’m planning to continue to do the database backups, I’d just like to also back up only the XML file of posts/comments if that’s possible.

You know what, I just realized that it appears even when the admin bar appears. So it’s not replacing it, it’s showing up between the admin bar and the top of the website header: https://skitch.com/meganmorris/rsbsr/whitebar

Oh, I see what you’re saying!

So one more question: I’ve implemented the script as instructed using your code, but now when the form is submitted and that page is accessed there is a white bar across the top of the site, as though it’s replacing the WordPress admin bar. Except it appears whether someone is logged in or not–even if they wouldn’t have normally seen the WordPress admin bar.

Here is a screen shot of what’s going on: https://skitch.com/meganmorris/rsbpb/thankyou

Thanks again so much!!

Not sure I understand… I have the javascript snippet from Google Analytics and have created the Thank You page in WordPress, I just don’t know how to add the script to only that Thank You page, not every page on the site. Where can I access the head of just that page?

Thanks!!!

So is there not any way to achieve this?

Excellent… So would I call the loop template file within the category.php file?

And is there a place I can look to find all of the template tags that I’d want to use?

Thanks!!

Thanks so much, I was able to get excerpts of the category posts to show up, but now I’m trying to figure out how to edit that down a bit (ie I don’t want to show what each post is tagged with, allow people to comment, etc.) right from the excerpt.

This is the code that’s pulling in excerpts of each post in the specific category; what are the loops or snippets I should use just to show a headline, excerpt and “continue reading”? I’d also like to keep the “older posts” and “newer posts” links at the top and bottom.

<h1 class="page-title"><?php
					printf( __( 'Category Archives: %s', 'twentyten' ), '<span>' . single_cat_title( '', false ) . '</span>' );
				?></h1>

				<?php
					$category_description = category_description();
					if ( ! empty( $category_description ) )
						echo '<div class="archive-meta">' . $category_description . '</div>';

				/* Run the loop for the category page to output the posts.
				 * If you want to overload this in a child theme then include a file
				 * called loop-category.php and that will be used instead.
				 */
				get_template_part( 'loop', 'category' );
				?>

I tried that, too, but it doesn’t work. I read on the Widget Logic FAQ page that in order to make a widget appear both on a category page and a single post within that category, you’d put

is_category('blog') || (is_single() && in_category('blog'))

I figured if that makes it appear, then adding ! should make it disappear. But it doesn’t work on the individual posts.

I guess? All I know is the theme was developed by their IT department and they are not using a WordPress theme that someone else created.

When you say the template page should be using the same header.php file and the same CSS, how do I make sure that it is?

For example, in a page template, which does display correctly, I see this;

<head><meta charset="<?php bloginfo( 'charset' ); ?>" />
<title>Title here</title>
//Some other info here
<link rel="stylesheet" type="text/css" href="<?php bloginfo('template_directory'); ?>/css/reset.css" />
<link rel="stylesheet" type="text/css" href="<?php bloginfo('template_directory'); ?>/css/style.css" />

But in the category template, I don’t have that. I just see this:

get_header(); ?>

And then some other code that has to do with the category description, etc.

Do I need to bring over the header and CSS code from the Page template?

But what about when it’s a custom theme? I can see in the various templates where the stylesheet is being called, but I don’t see it in category.php. Do I need to edit that template to call in the stylesheet?