xprt007

Hi

Thanks for the clarification. Then I have left it as it is.

OK, I am just trying to see what is possible without moving to bonus packages as yet, which I wanted to do at a later point.

I implemented the suggested “Bonus Custom Codes” above & in addition,
• are using captcha from the All In One WP Security (currently not all features activated). It otherwise adds code at the top of the .htaccess file.
• Akismet (basic)
• Bad behavior
• IP Blacklist Cloud
• SI Captcha
• Wordfence Security – basic settings

In spite of this, 3 hours after I also disabled Wanguard, I have 3 bastards who managed to remotely register, 2 “approved” & one on the “pending” list.

• Is there anything more on the side of BPS basic I can do, short of getting a Pro version?

Wanguard basic has been able to block all spambot registrations since the onslaught begun about 2 weeks ago.

• Lastly, if I was to enable all features of All In One WP Security, is it OK to just integrate its .htaccess code via BPS custom code. It otherwise places it at the top of the .htaccess.

All assistance appreciated.

Regards

I think there was something wrong with the resulting .htaccess code I had used. After re-doing everything, this time no side-effects.

Going to disable Wanguard & see.

Thank you

Hi
This time, I successfully added the code below:

# XML-RPC DDoS & TRACKBACK/PINGBACK PROTECTION
# Using this code blocks Pingbacks and Trackbacks on your website.
# You can whitelist your IP address if you use A Weblog Client
# or want to whitelist your IP address for any other reasons.
# Example: uncomment #Allow from x.x.x. by deleting the # sign and
# replace the x's with your actual IP address. Allow from 99.88.77.
# Note: It is recommended that you use 3 octets x.x.x. of your IP address
# instead of 4 octets x.x.x.x of your IP address.

<FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
Order Deny,Allow
# Remove the # sign below to whitelist Jetpack/the Automattic CIDR
#Allow from 192.0.64.0/18
Deny from all
</FilesMatch>

but did not quite get the issue of IPS to allow.
In the Cpanel of my website’s hosting account (shared host), I have something like:
Shared IP: 173…….
Is the correct thing to replace
# Remove the # sign below to whitelist Jetpack/the Automattic CIDR
#Allow from 192.0.64.0/18

# Remove the # sign below to whitelist Jetpack/the Automattic CIDR
Allow from 173. ….. ?

What about
# Remove the # sign below to whitelist Jetpack/the Automattic CIDR
#Allow from mysite.com

The question is does one need to edit this IP code at all?
Not quite sure what this “Using this code blocks Pingbacks and Trackbacks on your website.” is good for.

PS: My site is a buddypress-based community site, which has to allow login & registration by other people.

Thank you (in advance) . ??

Hi

Thank you for getting back to me. There seems to be a problem with adding the following WP Fastest Code to the box “CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE”:

# BEGIN WpFastestCache
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
AddDefaultCharset UTF-8
RewriteCond %{HTTP_HOST} ^mysiteaddress.com
RewriteRule ^(.*)$ https://www.mysiteaddress/wp-login.php
RewriteCond %{REQUEST_URI} !^/wp-admin
RewriteCond %{REQUEST_URI} !^/wp-content
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/all/$1/index.html -f [or]
RewriteCond /home2/somefoldehere/public_html/wp-content/cache/all/$1/index.html -f
RewriteRule ^(.*) "/wp-content/cache/all/$1/index.html" [L]
</IfModule>
<FilesMatch "\.(html|htm)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Mon, 29 Oct 1923 20:30:00 GMT"
</ifModule>
</FilesMatch>
# END WpFastestCache
# BEGIN GzipWpFastestCache
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE font/opentype font/ttf font/eot font/otf
</IfModule>
# END GzipWpFastestCache
# BEGIN LBCWpFastestCache
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|x-html|css|xml|js|woff|ttf|svg|eot)(\.gz)?$">
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A0
ExpiresByType image/gif A2592000
ExpiresByType image/png A2592000
ExpiresByType image/jpg A2592000
ExpiresByType image/jpeg A2592000
ExpiresByType image/ico A2592000
ExpiresByType text/css A2592000
ExpiresByType text/javascript A2592000
ExpiresByType application/javascript A2592000
</IfModule>

The sites gets extremely slow & if I remember well, some pages at times do not load. The slowness is such that even https://www.webpagetest.org/ & gtmetrix.com mostly fail to fetch & scan the site or take much, much longer.

Things immediately change if I either remove it & re-activate the BPS .htaccess OR like currently, simply re-installing the WP F.Cache plugin after, so that its code is at the top, which however makes the BPS plugin complain with this error message => “BPS Alert! Your site does not appear to be protected by BulletProof Security”.

So I am sort of in a dilemma.

Some advice would be very much appreciated.

Regards

Hi

I was trying to add that code to BPS .htaccess but it was at the same time as I was adding the code for WP Fastest Cache mentioned in this post and since the “foreign” code, at least either this or that suggested here for antispam was leading to serious page loading problems, I decided to first remove it, but have not yet got time to try it out alone without that of WP Fastest Cache.

I can say more after I try this out, probably tomorrow or the day after.

Regards

Well, I have for the time being gone back to a backup of the site of many months back & fished out Version 2.64, whose feeds update with no problem at all.
…

Hi

I have not yet gone through all steps suggested on the different pages/sites, but let me mention what I have done.

Since I thought the issue might be caused by some incorrect steps during updating & importing previous feeds, which never quite run properly, I decided to simply re-install the module & re-do the feeds.
After deactivation, I failed several times to get the plugin deleted. It always ended with a blank page & nothing deleted. So I did so manually. Unusual(??)

After the initial installation, fresh feeds where automatically imported as I was adding them, but I later noted it was not updating, in spite of the settings of “30 min” intervals.

The fact is: there are no other problems with cron as much as I know, because for example, I am alerted of plugin & other updates eg, even several times a day (unless this has nothing to do with cron.). I also have other sites, including Drupal-based using the same account & have no cron issue. They use the normal default Drupal & server settings.

I installed the crontrol plugin you mention somewhere & disabled all plugins & re-enabled them again.
Funny enough, under “Name” as you see at this linkyou do not see names of the module behind in some cases, which forced me to this step as I saw nothing referring to the rss importer.

I established that the 4 entries between the arrows only appear when the rss importer is enabled, so I assume they have to do with it.
I suppose that means according to this they are supposed to be included in the cron process working for other modules … (or not?)

Then I checked out the wp-config.php script …
there was nothing looking like “define(‘DISABLE_WP_CRON’, true);” or meant to block cron …

In one of the articles you recommend reading, they suggest adding “define(‘ALTERNATE_WP_CRON’, true);” …

I added it. It does not seem to have helped.

As of today, I have

“Last Update of the Feed Database: Sep 23, 2014 @ 7:28 pm; 15 Hours ago”

I suspected the Fastcache plugin settings where affecting something, but even after disabling it, …./wp-cron.php?doing_wp_cron=1 … did not lead to updating …

Does that help suggest where the problem could be or the right measure to try out, since there is I think no general site- or serverwide problem with cron & … as mentioned, with the older version of the module, before the major update – there was no issue?

Thank you in advance

Hi

I have another problem which seems to be related to the updated version of the plugin.
Before the recent major updating, external feeds would automatically get updated, but currently, it seems this only happens if they are manually updated on the settings pages (/admin.php?page=wprssmi_options5). Currently, if dont, I have rss feeds showing quite old news of several days ago.

What settings do I need to activate to achieve this?

Secondly, if I may ask, what is “autoposts” for? Is it necessary to activate this, if I only use external feeds?

Thank you in advance.

Well, any sensible guest counter, like the one in form of the Statcounter plugin shows a record of all visits to a website if installed in its statistics. NONE of the records show a single visit on the registration or login page.
If those idiots where physically on those pages to register, they would be logged. ??

Try going to any page on your site & you will see it is recorded in Statcounter statistics … – each page you visit.

The bots use scripts which I guess are not detected by normal guest counters but by plugins like “IP Blacklist” & manage to register or post comments, if not blocked.

None of these bastards uses the registration form or visits the site at all, which certainly has captcha. The registrations are made by bots. ??

Hi there

I hope this is also nothing to worry about, also showing in debug mode:

Notice: Undefined index: rpr_recipe_servings_type in /home2/asp/public_html/com/hab/wp-content/plugins/recipepress-reloaded/php/template_tags.php on line 209

Thank you for the pointer regarding debug mode. I turned it off on a production site, but have to keep it on hopefully for a short while on one under development, with the above issue, hopefully so a problem related to another plugin can be seen & solved by its author very soon.

Best regards.

Update:
For some unconnected reason, I have the debug mode enabled & have the following errors showing:

Notice: Undefined index: rpr_recipe_calorific_value in /home2/as/public_html/com/hab/wp-content/plugins/recipepress-reloaded/php/template_tags.php on line 233
Notice: Undefined index: rpr_recipe_fat in /home2/as/public_html/com/hab/wp-content/plugins/recipepress-reloaded/php/template_tags.php on line 233
Notice: Undefined index: rpr_recipe_protein in /home2/as/public_html/com/hab/wp-content/plugins/recipepress-reloaded/php/template_tags.php on line 233
Notice: Undefined index: rpr_recipe_carbohydrate in /home2/as/public_html/com/hab/wp-content/plugins/recipepress-reloaded/php/template_tags.php on line 233

What could it all mean? ??

Regards

Hi

Thank you for responding.

I made a preliminary check in the database & could not see any post, but just some “signs” like I think the recipe title, comments but no complete recipe, at least the pages I checked. The images where also in the gallery. the only complete recipe I saw, is the demo entries – “muffin”(?).

Anyway, I re-submitted the recipe, though I am still a bit confused as to why it disappeared, because I do not remember deleting it and I have not added or posted/deleted anything much on this test site, except some custom content, which however has its own interface for posting/editing.

Many thanks & regards.

Hi

I did just that and it made no difference.
I also enabled debug mode, but the only 2 error messages are connected to Buddypress. I disabled it & they did not come, but this also had no impact on the super rss reader widget’s behavior.

??

Still hoping, though. ??

Thank you & regards

Hi

Thank you for following this up.
Yes, last night I installed a new test version of this directory plugin & it seems to be faulty. So this morning, I am replacing the plugin files with an older version as the author deals with the problem.

After that the page will shortly be in a state referred to before when you look at it.

Thank you in advance.