Would projectionpictures.co.uk forward destination direction to http://www.projectionpictures.com, rather than this:
I now have
IPv4: 89.242.86.242
IPv6: 2001:08d8:1001:5348:5e07:2f1f:9f4f:700e
As this goes to ‘Hello Welcome to Synology webstation!’ screen.
As a reminder virtual host has these variants: http://www.projectionpictures.com, projection.synology.me, http.www.projectionpictures.com, and https.www.projectionpictures.com.
What duplicate? I don’t see any duplicates 🙂 (I removed it from public view)
You might as well remove the SRDB tool’s files and folder, it’s not doing us any good. All the same, you should change the DB password one more time since it was visible on the tool’s page. Change through both phpMyAdmin and on wp-config.php. You could try installing and activating the Better Search and Replace plugin. As a reminder, the goal was to replace occurrences of 192.168.1.234/projectionpictures/ with http://www.projectionpictures.com in all URLs. The use of that IP address in the DB is insidious because any such links will work for you but not anyone else.
As a reminder virtual host has these variants: http://www.projectionpictures.com, projection.synology.me, http.www.projectionpictures.com, and https.www.projectionpictures.com.
Thanks, that’s useful. I think there are some typos in there though. Plus the forum’s parser may have auto-linkified the first domain name. None of the virtual host entries should include http or https AFAIK. Mind you, I don’t know what your user interface looks like. A normal virtual hosts entry does not contain http or https, just the domain itself, like projectionpictures.com
Whether the entry is HTTP or HTTPS is a separate parameter controlled by the related port numbers, 80 or 443 respectively. By any chance are there separate entries for server name and server alias? Typically, when editing the virtual hosts file directly, we would enter projectionpictures.com as the server name and right below, enter www.projectionpictures.com as an alias. Or vice versa, depending on which you prefer to be promoted.
If you don’t have a separate field for aliases, just make another virtual host entry for just projectionpictures.com. Also add projectionpictures.co.uk if you haven’t. And alias www.projectionpictures.co.uk as well. These .co.uk variants should point to the /www/projectionpictures/ folder as well. WP will rewrite any such requests to www.projectionpictures.com.
You said:
You might as well remove the SRDB tool’s files and folder, it’s not doing us any good. All the same, you should change the DB password one more time since it was visible on the tool’s page. Change through both phpMyAdmin and on wp-config.php. You could try installing and activating the Better Search and Replace plugin. As a reminder, the goal was to replace occurrences of 192.168.1.234/projectionpictures/ with http://www.projectionpictures.com in all URLs. The use of that IP address in the DB is insidious because any such links will work for you but not anyone else.
I have removed SRDB tool and installed Better Search and Replace tool plugin. It found 60 occurrences of changes it could detect on a dry run. I then made it do the changes. In phpmyadmin databases now has plugins tab to the very right side. Haven’t seen that before.
I have also changed the phpmyadmin root password and the DB password for projectionpictures live site.
You said:
As a reminder virtual host has these variants: http://www.projectionpictures.com, projection.synology.me, http.www.projectionpictures.com, and https.www.projectionpictures.com.
Thanks, that’s useful. I think there are some typos in there though. Plus the forum’s parser may have auto-linkified the first domain name. None of the virtual host entries should include http or https AFAIK. Mind you, I don’t know what your user interface looks like. A normal virtual hosts entry does not contain http or https, just the domain itself, like projectionpictures.com
I now have http://www.projectionpictures.com, projectionpictures.com, http://www.projectionpictures.co.uk, projectionpictures.co.uk, projectionpictures only, do there need to be anymore variants – no typos (with no https in front for any).
In WP DB general settings it has http://www.projectionpictures.com it has site address and home address, would http://www.projectionpictures.com without the http be better, to make it more compatible with projectionpictures.co.uk?
Can you see projectionpictures.com with you use projectionpictures.co.uk?
-
This reply was modified 7 years, 3 months ago by
pr0ject10n.
-
This reply was modified 7 years, 3 months ago by pr0ject10n.
Something rather odd happening with regards to the .co.uk variant in Opera
If you just type projectionpictures.co.uk you get ‘Hello Welcome to Synology webstation!’ screen.
If you type http://www.projectionpictures.co.uk (with www) it reverts to http://www.projectionpictures.com. (without http it works)
If you type http://www.projectionpictures.co.uk it reverts to http://www.projectionpictures.com. (it works with http)
Absolutely nothing comes up in Internet Explorer. Would the addition of an SSL plug in certificate improve matters.
There is only the projection.synology.me in the security control panel issued by Let’s Encrypt Authority. At the moment apart from the projectionpictures variants it has it also has System Default, WebDav Server, and FTPS.
I also have wordpress app on my iphone and the login account for projectionpictures has an invalid certificate for the server which I’m invited to TRUST, which I select but the View Site option refuses to display the live site with wifi on my my phone. However if a use the data connection only in safari I can see the live site – most odd.
-
This reply was modified 7 years, 3 months ago by pr0ject10n.
You don’t really need “projectionpictures” alone with no top level domain in virtual hosts, unless you’re planning on using it that way locally on your own computer. But it does no harm to have it there either.
Happily, all other domain variants now get redirected to http://www.projectionpictures.com, (which I’m calling your “main domain”) which appears to look like the proper site. I hope that is you intention. Doing anything differently will require a bit of custom WP coding. You’ll want to get a Let’s Encrypt SSL certificate for that main domain. A certificate for the .co.uk variant is much less important because it simply redirects to the main domain anyway.
The bad news is that search bots had accessed your domains during the time when we were getting the web station page, which tries to get visitors to download a file. The search bots interpreted this as a severe security risk and black listed your domains. Now requests result in a big red “site contains harmful programs” warning in Chrome. One can click past this, but no regular visitor will do this. The warning recurs on every request. (I have Chrome’s safe browsing option enabled)) You will need to get this resolved through Google Search Console. There should be some way of appealing this designation.
I think this designation is why IE and your phone simply refuse to work. I think it will be resolved when the dangerous site designation is resolved. Getting the web station page in Opera is likely due to cached content. If you flush the browser cache you should then get redirected to the main domain. Make sure no domain request in any form returns the web station page or your attempts at appeal will be stymied.
If you you’ve not yet setup your domains for Search Console, it’s something every domain owner should do no matter what. You’ll need to prove you have control of the domain. There are several options. The easiest is to simply add a special file (one for each domain, multiple files can be at the same location) to the public root folder, /www/projectionpictures/. You’ll be provided with the file when your register the domains. Start at https://search.google.com/search-console
I’m not sure how to resolve the dangerous site designation within Search Console. Fortunately for me, I’ve never encountered such a designation. It shouldn’t be too hard to figure out. I’m still available to try to answer any questions you might have.
In summary, aside from some stale cached data and the need for a SSL certificate, I think everything related to your site on your end is now working correctly. A small celebration is in order 🙂 On to Search Console…
OK so I went to that link in Opera. As adding http://www.projectionpictures.com in internet explorer didn’t do anything. I was asked to upload a html file named google with some numbers after it, into http://www.projectionpictures.com so I put that file in web/projectionpictures
The results from Opera were in that console.
Harmful downloads
Description
These URLs host malware or unwanted software downloads. Learn more
Sample URLs
http:// projectionpictures.com/ Photo.scr
http:// projectionpictures.com/ info.zip
and
Links to harmful downloads
Description
These pages contain links that lead to malware or unwanted software downloads. Learn more
Sample URLs
http:// projectionpictures.com/
I deleted photo.scr and info.zip in the web/ root folder not in web/projectionpictures. I then CLICKED on REQUEST REVIEW and typed in the box I had deleted those files and named them. There was also a file next to them called ‘dead.letter’ I deleted that as well. All the files are now in recycle bin within /web/ folder itself. I cleared out the recycle bin.
What do I wait for now? as the Security Issues tab hasn’t changed with its concerns about those files (photo.scr and infor.zip), does someone at google have to evaluate what I’ve done manually?
I also added http://www.projectionpictures.co.uk that generated the same html google named file with the same numbers. No security issues were flagged.
I’ve has a look around the settings in this console (to be nosey) and its given me a green tick for that I am the verified owner for the .com version.
You don’t really need “projectionpictures” alone with no top level domain in virtual hosts, unless you’re planning on using it that way locally on your own computer. But it does no harm to have it there either.
I have now removed projectionpictures on its own.
-
This reply was modified 7 years, 3 months ago by pr0ject10n.
-
This reply was modified 7 years, 3 months ago by pr0ject10n.
-
This reply was modified 7 years, 3 months ago by pr0ject10n.
-
This reply was modified 7 years, 3 months ago by pr0ject10n.
Also tried to this but I felt I got lost so I removed the subdomain for projectionpictures.com that the instructions below invited me to add even the my ownership of the domain has been verified.
In the console you can also verify owner by entering a subdomain with the registrar 1and1:
Edit your DNS settings
Follow the steps below to create a DNS (Domain Name System)
record that proves to Google that you own the domain.
Log in to your account at https://admin.1and1.com.
If it’s not already selected, click the Administration tab.
Click Domains. The Domain Overview page appears.
From the New drop-down menu, select Create Subdomain.
Enter the following code
############.projectionpictures.com, and click OK.
Check the box next to the subdomain. (Subdomain should now read:
token_code.yourdomain.com).
From the DNS menu, select Edit DNS Settings.
Click the radio button next to CNAME.
Next to Alias, enter
host name autodiscover.kauqekeckpgk########
Points to
gv-gfnj5drmmxx7dk.dv.googlehosted .com
TTL 1 hour by default
Click OK.
Congratulations! Your CNAME record is now configured to point to Google. Keep in mind that changes to DNS record settings may take
up to 24 hours to take effect.
I’m sure somewhere there should be 89.242.86.242 or http://www.projectionpictures.com
UPDATE from Google.
I received this email response at 5.40am this morning.
Review successful for http://www.projectionpictures.com/
To: Webmaster of http://www.projectionpictures.com/,
Google has received and processed your security review request. Google systems indicate that http://www.projectionpictures.com/ no longer contains links to harmful sites or downloads. The warnings visible to users are being removed from your site. This may take a few hours.
It invites me to:
Add all your website versions
Make sure that you add separate Search Console properties for all URL variations that your site supports, including https, http, www and non-www.
The warnings visible to users are being removed from your site.
YAY!! That’s a reasonably quick review from Google I think, not that I have any experience with the process.
Does your site work OK from Internet Explorer and your phone now? From my end using Chrome, everything looks good.
FYI, you only need to do the Google file bit OR the CNAME bit to prove ownership. Both were not required, though doing so does no harm. Leave one or the other or both in place permanently so Search Console continues to work properly.
You can add all the domain variants into Search Console, though the only one to really focus on is the site’s “canonical” URL, which is http://www.projectionpictures.com
You should create a sitemap and submit it to Google through the Search Console. The easiest way IMO to make a sitemap is to install and activate a SEO plugin that auto generates one for you. There are several to choose from. The Yoast SEO plugin is extremely popular. I know a “white hat” SEO expert who loves the All in One SEO plugin. Both have a sitemap option, but it is not “On” by default, you need to enable it in the plugin settings. I imagine there are other SEO plugins you could choose from, in addition to plugins specifically just for generating a sitemap.
By all means poke around in Search Console! It’s not very meaningful yet with a new site. It’ll be more meaningful as your site gets discovered.
OK, although you can see the site on Chrome and I can see it in Opera (and have always been able to, unless the DDNS wasn’t set up correctly). Internet Explorer flat refuses to show both the webpage itself of the wp-login page to access the WP dashboard, however in Opera the box immediately to the left of the URL states the ‘Not Secure’ – which might account for IE still not displaying it at all.
When I typed in projectionpictures into google in internet explorer it gave me the site results and sub-pages headings and some description (for the first time). There was also a mention that the site is not mobile friendly. I clicked on that and it took me back to the console and this problem below was flagged up as needing attention.
site 'http://www.projectionpictures.com/wp-content/plugins/a3-lazy-load/assets/css/loading.gif
I will now do the site map and install a plugin to do that and upload it in the google console and add the other projectionpictures variants.
Once I’ve done that I’ll do a further update.
Ok so I installed Yeo Seo and had to deactivate another SEO that was already installed. Yeo asked me to get an authorisation code from Google and it reciprocated with another I pasted into it and I chose .com version as my default web page. Not entirely sure if doing that alone has established the site map, although that function amongst others is switched on in the Feature tab – XML sitemaps.
I only added the wp-login to the google console URL as that was the only other variant that would be accepted with http at the front of it.
I think we need to do the SSL so we can get internet explorer can see the site and wp app in my iphone still asks to TRUST it and the live site refuses to appear.
The problem maybe being caused by the fact that the http for the DSM is itself is not secure in Opera and always asks me if I want to ‘Continue Anyway’ to the login screen as it thinks the Let’s Encrypt certificate issued to projection.synology.me is invalid, but I can still gain access. I can see the DSM login page in internet explorer but not the live site or the wp-login for projectionpictures, but I can login to the wordpress login default page.
Update: for wordpress on iPhone. I managed to delete the entry that was there and re-login as I (we) changed the password. I can now see the site live in wordpress app and it fetched all the pages and media.
Still no change with internet explorer.
Getting security warnings for the login page on browsers is normal because (as you suspected) the Lets Encrypt SSL certificate only applies to that one domain name. You need one for projectionpictures.com domain to avoid security warnings on any form. As you found, it’s possible to tell your browser to load the login page without a certificate anyway and all will work normally. You could decide this is acceptable for a small group of users who need to log in who you always communicate with, but it’s not acceptable for any form the general public will be using.
I borrowed a Win10 computer with Internet Explorer and your public site appears to work fine. The login page even loads — without any warnings! A completely default IE. The computer owner never ever used their IE. Update version 11.0.110. Maybe try flushing the cache of your IE? Unless I’ve glossed over something else you mentioned, I think we’re down to the possibility that your site is only not doing as expected on your IE alone and is OK in all other situations. Forgetting about the need for a SSL certificate for the moment.
Thank you very much for all your assistance and for checking IE on someone else computer. Just so you know I can import an SSL from 1and1 that I already had for projectionpictures.com on its own and I’ve put it in. Would the SSL certificate function in the domain dashboard in 1and1 need to be activated to recognise the certificate I have uploaded the .key and the .cer. into the DSM security.
I’m only doing this as the Opera display of my website states its ‘Not Secure’, even though it appears as it should.
Or there is a SSL certificate plugin in WP dashboard called Really Simple SSL which I haven’t used, would activating that improve security (instead of the 1and1 certificate) for Opera and get the consent from Internet explorer.
My current plugins are as follows:
a3 lazy load
akismet ant-spam
All in one SEO pack (deactivated)
All in one WP Migration
All in one WP Migration File Extension
Autoptimize
Better Search Replace
Breeze
Classic Editor
Contact Form 7
Cookie Notice
Duplicator
Easy Google Fonts
Easy Media Download
Flamingo
GPDR Cookie Consent
Health Check ad Troubleshooting
Hello Dolly
Jetpack
Mail Chimp
Nimble Portfolio
Photo Station Word press
PHP Compatibility Checker
PHP Settings
Really Simple SSL (deactivated)
Social Media and Share Icons (USM)
Tiny MCE Advanced
Use Any Font
Velvet Blues Update URLS
Wordpress Database backup
Wordpress Importer
Wordpress Migration and Duplicator
WP Google Fonts
WP image Borders
WP Maintenance Mode
Yoast CEO
Youtube embed.
Sorry about being hung up on the SSL issue but its seems a little odd to me how different browsers are processing the page.
