Forum Replies Created

Viewing 15 replies - 1 through 15 (of 50 total)
  • I deactivated all plugins except Jetpack since that was needed to send the email newsletter and akismet. Same problem. Links in emails do not work. It just goes to the website address followed by:

    ?action=user_content_redirect&uuid=b45edc11c19900577351b2a9f9422d1957bf07a60d0959515c32850a06dbf8ad&blog_id=111022934&post_id=24808&user_id=107571228&subs_id=211583391&signature=c5c249f618dc924bda502bf3853e30a6&email_name=new-post&[email protected]&encoded_url=aHR0cHM6Ly93d3cubWlsaXRhcnl0aW1lcy5jb20vZmxhc2hwb2ludHMvZXh0cmVtaXNtLWRpc2luZm9ybWF0aW9uLzIwMjQvMDEvMDUvdHJvb3BzLWRvLW5vdC1oYXZlLWFuLWV4dHJlbWlzbS1wcm9ibGVtLWJ1dC12ZXRlcmFucy1kby1zdHVkeS1maW5kcy8

    I manage 60 plus WP sites. Not all use the Newsletter or old Subscribe feature. Same problem here but some sites’ email links work and others don’t. All using the same version of WP, latest. Next time I will try disabling all plugins except the main Jetpack and see if that helps.

    Thread Starter Lubyg

    (@paontheweb)

    Yes, it was at the very bottom. As previously stated:
    There appears to be a syntax error on this line:

    $uwp_settings = get_option( ‘uwp_settings’ );

    That shows up in the cPanel File Manager when you edit the code. There is an X to the left and when you mouse over it then it says Syntax Error.

    Thread Starter Lubyg

    (@paontheweb)

    I am comfortable with editing wordpress files but not with understanding the code. When I added the code you sent to the wp-config.php the website throws a 500 error.

    There appears to be a syntax error on this line:

    $uwp_settings = get_option( 'uwp_settings' );

    Thanks

    Similar issue:
    Failed to generate Critical CSS:
    Failed to verify page at https://www.wewhoserved.com/user-list-item/?jb-generate-critical-css=83bcfcb96c

    Try again, or contact Jetpack Boost support for assistance.

    Here is a weird thing. I just noticed on one website where I use DIVI and Yoast the Page Builder disappears when you try to edit a page. I deactivate Yoast SEO and the Divi Page Builder reappears. Yes, I clicked the checkbox to show the page builder in screen options. I also tried to unchecking the Yoast SEO in screen options. Everything is up to date with the latest themes, plugins and core WordPress. I also use Cloudflare and their Flexible SSL but I did not try to bypass Cloudflare but I did disable all plugins before determining it was Yoast causing the issue.

    I’ve done 50 or more sites with Divi and Yoast and don’t see the issue on any other site. I checked a Network site using Divi and Yoast, no problem. I also checked another site using Cloudflare, Flexible SSL, Divi and Yoast and no problem. Therefore it must be a glitch with just this one website. Posted this so if you see this issue you won’t feel alone.

    I just disable Yoast when I want to update the website because the pages work fine. Just can’t see the builder in the backend and yes, I repaired and optimized the db just in case and that did not fix the issue.

    Thread Starter Lubyg

    (@paontheweb)

    Ooops, forgot to hit resolved.

    Thread Starter Lubyg

    (@paontheweb)

    Nevermind. I found the feature in Wordfence. It worked during a real time attack. The trick was to remove the deprecated Brute Protect plugin which returned a Status 403 but allowed the IP to keep hammering on one of our sites. I removed Brute Protect then, enabled
    Block IP’s who send POST requests with blank User-Agent and Referer
    In Wordfence Options. Problem solved.

    Thread Starter Lubyg

    (@paontheweb)

    I’ve pasted in a small part of my one .htaccess file. Would the bold lines be placed correctly or should there be an [OR] somewhere. Just not sure where to place it. Thanks so much for your help dwinden!

    RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Zeus [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule ^(.*)$ – [F]

    Thread Starter Lubyg

    (@paontheweb)

    Hmm, when I said Root I should have said Home (if using cpanel). As long as you have SSH you can do this. There is another way without SSH. Anyway, I found a better set of instructions with two options and you don’t need a dedicated server. See this link https://support.hostgator.com/articles/specialized-help/technical/wordpress/wordpress-login-brute-force-attack

    Of course, there is always Managed WordPress hosting that takes the worry out of security. I like this one as it appears to be the cheapest compared to WP Engine. DreamHost and others. https://hosting.wewhoserved.net/hosting/wordpress.aspx?ci=43232&prog_id=501494

    I used their easy to use Migrate tool for WordPress and it worked perfectly. The only reason I don’t move all my WordPress sites to something like this is the cost. We do have a dedicated server with over 150 WordPress sites running now and it would be time consuming to do them all. I still think we need something like CPHULKE in the WHM for WordPress.

    Thread Starter Lubyg

    (@paontheweb)

    Yep, I sure did. Tried the deprecated Brute Protect that will become part of Jetpack soon, tried iThemes Brute Protect, Firewalls, and disabled pingbacks and trackbacks completely.

    Even the double login feature does not stop them. You set that up by creating a .wpadmin file in the root so it is not in public. Here is how to do it. Note: replace your usernames and feel free to change after the : in pickausername and use your actual username for the website you want to protect.
    Create root file .wpadmin and put in the following
    pickausername:n5MfEorOIQkKz
    Run SSH Command below
    htpasswd -c /home/webusername/.wpadmin pickausername
    Add the following to your .htaccess
    ErrorDocument 401 “Unauthorized Access”
    ErrorDocument 403 “Forbidden”
    <FilesMatch “wp-login.php”>
    AuthName “Authorized Only”
    AuthType Basic
    AuthUserFile /home/webusername/.wpadmin
    require valid-user
    </FilesMatch>

    Now when you try to login you will get a double login but the first one will be a pop up.

    To see what is happening across your WHM server SSH the following:
    ssh root@YourServer IP -p YourPortNumber

    Enter your password. Note: MAC Terminal will not show it. Just paste it in and hit enter.

    Next paste in this code and change the date. You may also need to replace your quotes manually by using your back arrow keys.

    grep “POST /wp-login.php” /home/*/access-logs/* | grep “1/Jan/2015” |cut -d/ -f5|cut -d: -f1|sort|uniq -c|sort -n|tail

    That will bring up all the wp-login.php post attempts with the domain name.

    Next use this to see the IP’s if you don’t want to bother going to your cpanel logs.

    grep “POST /wp-login.php” /home/*/access-logs/* | grep “1/Jan/2015” |awk ‘{print $1}’|cut -d: -f2|sort|uniq -c|sort -n|tail

    Again, replace your date and quotes manually

    OK, this is working great on most of my a few test WP sites. (we’ve got hundreds we want to protect) It is not working on a WP Network site at lubyg.com. It also uses domain mapping for several sites. I do not have Bad Behavior installed. The message says

    We’ve noticed that you have not allowed My BruteProtect to remotely monitor your site. Please log into the WordPress admin at , and enable remote monitoring on the BruteProtect settings page.

    After the words admin at there is nothing further. It shows it is enabled when I login to wordpress.com and it takes me to https://my.bruteprotect.com/dashboard

    Uninstalled and re-installed several times to no avail. It says the site is protected, just not monitored.

    Hi Adrian,
    It is likely ALL Caching Plugins, even those that allow for not caching for mobile devices and those that even have a WP Touch exception. Can’t recall which one has that. We have tried the following with the same results:
    W3 Total Cache
    WP Super Cache
    Quick Cache
    Falcon Engine with Wordfence

    If you are only dealing with one website then you can monitor it if you are visiting your site daily. If you are like us with hundreds of websites then I advise NOT using any cache with WP Touch Pro or Jetpack Mobile. We’ve seen it happen with both those mobile plugins and we don’t have time for more in depth testing.

    As time goes on we will be replacing all designs with

    Responsive Designs

    . That way there is no issue with Caching. Right now DIVI from Elegant Themes is our favorite responsive design. Of course, we can now customize our own themes. If you’re looking for a good one then I’d try DIVI.

    The exact same thing happened to my site. The hosting provider is Clook, if that means anything. I wonder if they’re somehow to blame for this?

    One thing I would do if you lost your webmaster is get a new one and use a standard theme or buy one. I use Divi from Elegant Themes for lots of our customers. Second, host with a company that not only does routine backups but can restore them for you. Third, see if you can get ClamAV installed and run a scan on your cpanel if it is linux. If Windows hosting you have problems I cannot help with or advise on. You must keep your site up to date. Of course, don’t use mail poet as this seems to cause issues all over the forum on this subject. Best of luck.

Viewing 15 replies - 1 through 15 (of 50 total)