thinqlabs

sigh the hacker keeps on coming.. i just got a Wordfence Admin Login alert from an ip in a different country. There is only one admin account on my wordpress, I don’t know how this happened, I just quickly did a “Deny for all” to put my website offline until i figure out how. All these php/sql injections attacks and stuff really intensified in the past few months. Is this type of hacking normal for the average website, or do I have some online enemies?

hi thanks for the quick reply. I added the following to the standard .htaccess

# Blocks some XSS attacks
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F,L]
</IfModule>

# Restricts access to PHP files from plugin and theme directories
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
RewriteRule wp-content/plugins/(.*\.php)$ – [R=404,L]
RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
RewriteRule wp-content/themes/(.*\.php)$ – [R=404,L]

# Protect Against SQL Injection
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ – [F,L]
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|”|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*WordPress_logged_in_.*$
RewriteRule ^(.*)$ – [F,L]
</IfModule>

I will have a look at the CF-Connecting-IP thing tongiht

thanks again

hey thanks for your message. actually i upgraded php from 5.x to 7.x on my server, but since then my multisite install still sees php 5.x and still gives me the outdated php warning. I checked with phpinfo the domain is running at php 7.3 fcgi, but wordpress still doesn’t detect it. I read somewhere that I needed to reinstall the multisite if it was originally installed while running an old version of php. I’m just out of other ideas beside this….

ok will do!

that would be amazing! we were trying this frontend admin plugin, it was horrible, a lot of lags. Another question is there a simple way to control which user level has access to which redux setting tabs in the menu?

We run our own servers, they are all running php7 because I set them up myself. Its common knowledge you’d have to reinstall wordpress if it was installed in php5 enviroment.

hey thanks figured it out a while back. I made a wordpress frontend custom page. Is there any way to display the redux settings menu on that page via php?

ok last observation, the plugin only works if you list all the variable amounts in the shortcode like:
[qpp amount=5,10,15,20,25,30,35,40,45,50,55,60,65,70,75,80,85,90,95,100] when you use the range slider. I set the range slider to 20 increments by 5 units, 0 to 100. it didn’t work until i added every single increment in the shortcode. Are you able to bypass that? its quite tedious thanks

I kinda figured something out, it oonly happens if i added and check the terms/condition or consent boxes. if i leave them out, it works fine

EDIT: actually no, it just randomly works sometimnes and error other times

• This reply was modified 5 years, 4 months ago by thinqlabs.

did you figure out how to fix it?

same problem