Sven D.

You could try adding this to .htaccess in wp-admin:

<Files admin-ajax.php>
order allow,deny
allow from all
</Files>

Good luck

Hi Mehdi

You are asked for the password on every post because this file is loaded from the wp-admin folder:

https://canot.ir/wp-admin/admin-ajax.php

I guess you have used htaccess to protect the folder, and then you can add a few more lines to let everyone load this file (making it unprotected/without password).

Thanks for your reply and link, gcaleval.

It might not be a bad idea to break WordPress in to “moduls” and be able to enable, disable or choose another supplier.

About the XMLRPC; the author of this plugin links to this information (dated December 17, 2012), and the problem is much wider than pingback spam:

This can be abused in at least fours ways:

1. WordPress is trying to resolve the Source URL and will return different error messages if the Source URL exists (host exists) or not. This can be abused by attackers to try to guess hosts inside the internal network. The attackers can use URLs like https://subversion/ or https://bugzilla/or https://dev/to see if these hosts exist in the internal network.
2. If the Source URL is resolved, WordPress will try to connect to the port specified in the URL. Therefore, if an attacker will use a URL like https://subversion:22/, WordPress will try to connect to the host subversion on port 22. The responses are different if the port is open or closed. Therefore, this functionality can be used to port scan hosts inside the internal network.
3. This can also be used for distributed DOS (Denial of Service) attacks. An attacker can contact a large number of blogs and ask them to pingback a target URL. All of these blogs will attack the target URL.
4. From the tests I’ve carried out, I’ve seen that WordPress is also supporting URLs with credentials. So, an attacker can use a URL like https://admin:[email protected]/changeDNS.asp?newDNS=aaaa to reconfigure the internal router like in the email hack attack.

And How do you protect against this vulnerability? Currently there is no fix. Disabling pingbacks and trackbacks from the Discussion Settings page doesn’t fix the problem either.

If this is true then our servers can be abused and get blacklisted, and that is reason for concern.

Thanks Mitcho, it worked just fine ??

Thanks for the reply Mitcho, and sorry for being unclear about my question. This is the case:

I have YARPP installed and have added the PHP in my theme (below post), it works as intended ??

I was about to upgrade to version 4, but this line from the changelog no PHP required — just visit the settings page made me unsure: should I remove my old YARPP PHP from the theme or will it still work as before?

Hi

Try this:

$result .= "<li>$description</li>";
                } else {
                        $result .= "<li><a href=\"$link\" target=\"_blank\" ".
                                   "title=\"$tooltip\" rel=\"nofollow\">$title<br>$related[1]</a></li>";
                }
            }
            return $result.'</ul>';
        }

You can use FTP and go to the folder and change the permission (often as simple as: rightclick on the folder and find properties or permissions it in the list).

Or you can ask your host for help ??

I am not sure that this is the real problem, but wort investigating.

Good luck

Thanks a lot Jerry, I really appreciate your suggestion.

I will try it out as your suggestion can not do any harm if it fails.

Cheers ??

The theme creator chose the esay way out with that answer ??
Better of him to send you to your host, as this is not a WP problem ??

My guesses is:

1. you have not set the correct path for the images
2. php does not have write access to the server
3. something else

Could you try to see if any thumbnails is created on the server at all? Also check the folder (via ftp) for any error logs that might give a clue of the problem.

If you know some PHP and you are using TimThumb as the thumb generator, then you could turn on the debug by adding this line to the top of the file, but after <?php

define ('DEBUG_ON', true);

And then try to debug the script yourself, after seeing what information you get from it. Remember to remove that line from the script asap after you have debugged, as is prints all info to visitors screen.

This is a forum for www.remarpro.com

I guess you want the WordPress.COM forum:
https://en.forums.wordpress.com/

Does the server log any error messages (check via ftp)?

Does php have write access to the server?

Could be several causes….

Try to ask your hosting company, most have a live chat or phone number.

You can also check via a short php script, but contacting your host is faster ??

Have you checked that your server has PHP image processing (GD) enabeled?

If you have all comments held for moderation the 1600 spam comments you received after that is sent to the moderation que (not displayed public), right?

Try to add a comment when you are not logged in, and report back here what happens to your comment.

You are using a paid theme and should contact the theme company and give all details (including a link to your site). The seller even has a forum for customers.

I am sure they will help you and at the same time fix this issue for all their foreign customers with the same issue.