amityweb
Forum Replies Created
-
@strengesmaedchen downgrading is not a good solution! And its also not good that everyone with this common issue start their own threads.
@netweblogic any update on this please?
- This reply was modified 5 months, 3 weeks ago by amityweb.
Its possible disabling File Generation has fixed it.
Therefore I believe Spectra has an intermittent problem with CSS file generation.
Although after re-enabling it I cant repeat the error anymore. But I dont want to keep re-enabling it, and nor have a regenerate button to manually click in case of issues it is not good practice for website managers. I do not have the confidence that would work so will keep disabled.
- This reply was modified 5 months, 3 weeks ago by amityweb.
I cant edit the review
The owner replied to my support fast which is good, but they made a good argument that it could have been an admin account used to login and then file manager used, so its not a vulnerability there. But there are lots of 8.0.2 vulnerability tickets on the support thread. Either way, I cant seem to delete the review, so I think I will change it to 3 and not 1, just because the plugin was still used to deface the site regardless of who used it. I wonder if it should have some other safe guards in it to prevent things like this. I dont use file managers they are too risky (must have been another admin who added it). I do not believe theme files should be modified inside the admin, or if they do prevent important files like wp-config, wp-admin/ etc being changed AND prevent uploads into the root folder, thats were malicious files were loaded.
If a file manager can only edit files in the theme folder maybe its not so bad. Although that could still be used to add PHP scripts to upload files elsewhere. Its too risky. I always say SFTP should only be the way in. We block all access to server ports like SFTP unless its from approved IP addresses in our firewall.
Forum: Plugins
In reply to: [File Manager] Site was hacked using File Manager 8.0.2What about all the 8.0.2 vulnerabilities reported on the support page, what are they about please? https://ww.wp.xz.cn/support/plugin/wp-file-manager/. We had 8.0.2 and it was the latest release, so I assumed there are vulnerabilities in it.
We see file manager used to upload a malicious file, but I cant see if that was a malicious admin user who gained entry or not. It was from a new IP not in the logs, like the first access from it.
Thanks
Forum: Plugins
In reply to: [The Events Calendar] FATAL Error after updatesince posting it my clients WP site reported there’s a smart coupons update to install but it’s a licensed plugin and we don’t have the license renewed.
so there’s a good chance updating the plugin may fix it. So I guess this issue above could be a red herring.
Forum: Plugins
In reply to: [The Events Calendar] FATAL Error after updateIt happens when WooCommerce Smart Coupons is enabled. I think that must be doing something with Action_Scheduler so its not found.
Forum: Plugins
In reply to: [WooCommerce] WooCommerce unused function stylesheets all still loadedThank you, although it is my opinion these should be auto-removed if not in use, for those who have not the experience to do such work as part of an optimisation process themselves. It would lower optimisation and makes no sense to keep them as default if not used.
Thanks
Forum: Plugins
In reply to: [WooCommerce] WooCommerce unused function stylesheets all still loadedThis script seems to have worked and not seen any negative effects on the site yet:
/*----------------------------------------- REMOVE UNNEEDED STYLESHEETS -----------------------------------------*/ function custom_remove_stylesheets() { global $wp_styles; $enqueued_styles = array(); $remove_styles = array( 'classic-theme-styles', 'wc-blocks-', ); foreach( $wp_styles->queue as $handle ) { if(stripos_array($handle, $remove_styles) !== false) { wp_dequeue_style( $handle ); } } } add_action( 'wp_print_styles', 'custom_remove_stylesheets' ); function stripos_array($haystack, $needles) { foreach($needles as $needle) { if(($res = stripos($haystack, $needle)) !== false) { return $res; } } return false; }Credit to Tryth on here for use of their stripos_array function. https://stackoverflow.com/questions/27816105/php-in-array-wildcard-match
Hi. Is there a solution for this yet? When we go to our login page (which is changed using iThemes security) it actually shows the admin login form and not your password protect. And also wp-login.php works but it should not.
Thanks
@scmsteve I think you’re right because after I posted that I had an issue I realised my variations table plugin is modified and pulled out of the updates check. So my plugin has not been updated and I have a task set to look into what the modifications are so I can apply it to the updated one.
I don’t usually modify plugins but sometimes you have to. And the risk is this happening!
Try disabling woo-variations-table-grid, it’s mentioned in the error. I’m not at my computer anymore to try.
@devtrials learn WP CLI because for issues like this its amazing. This is the rollback command:
wp plugin update woocommerce --version=7.8.2Same here, downgraded and OK now.
I wonder if its related to another plugin or theme as this only happened on one website we have, but we have other WooCommerce sites that upgraded OK. Any of you have any these plugins:
+-------------------------------------------------------+----------+-----------+----------+ | name | status | update | version | +-------------------------------------------------------+----------+-----------+----------+ | advanced-custom-fields-pro | active | none | 6.1.7 | | AGWooCommerceBarclayePDQPaymentGateway-premium | active | none | 4.5.6 | | auto-image-attributes-from-filename-with-bulk-updater | active | none | 4.3.1 | | taxonomy-terms-order | active | none | 1.7.7 | | classic-editor | active | none | 1.6.3 | | enhanced-e-commerce-for-woocommerce-store | active | none | 6.3.7 | | divi_cpt_layout_injector | active | none | 4.7 | | divi_module_acf | active | none | 3.3 | | facebook-for-woocommerce | active | none | 3.0.29 | | flexible-shipping | active | none | 4.21.5 | | gravityforms | active | none | 2.7.10 | | woocommerce-products-filter | active | none | 1.3.4.1 | | better-wp-security | active | none | 8.1.7 | | klarna-checkout-for-woocommerce | active | none | 2.11.3 | | klaviyo | active | none | 3.2.1 | | mailchimp-for-woocommerce | active | none | 3.1 | | wp-nested-pages | active | none | 3.2.4 | | ninjafirewall | active | none | 4.5.8 | | pixelyoursite | active | none | 9.4.0.1 | | woo-permalink-manager | active | none | 2.3.9 | | product-catalog-feed-pro | active | none | 4.0.7 | | public-post-preview | active | none | 2.10.0 | | redirection | active | none | 5.3.10 | | redis-cache | active | none | 2.4.3 | | regenerate-thumbnails | active | none | 3.1.5 | | search-by-sku-for-woocommerce | active | none | 0.8.0 | | uk-cookie-consent | active | none | 3.0.3 | | tracking-code-manager-pro | inactive | none | 2.0.10 | | woocommerce | active | available | 7.8.2 | | woocommerce-advanced-bulk-edit | active | none | 5.0.1 | | woocommerce-paypal-payments | active | none | 2.2.0 | | woocommerce-product-price-based-on-countries | active | none | 3.2.0 | | woocommerce-price-based-country-pro-addon | active | none | 3.3.0 | | woocommerce-gateway-stripe | active | none | 7.4.1 | | woo-variations-table-grid-modified | active | none | 11.3.11 | | wp-migrate-db | active | none | 2.6.8 | | wp-rocket | active | none | 3.14.2.1 | | wp-safe-mode | inactive | none | 1.3 | | wpvivid-backuprestore | active | none | 0.9.88 | | duplicate-post | active | none | 4.5 | | wordpress-seo | active | none | 20.11 | | SupportCenterMUAutoloader | must-use | none | | | 0-ninjafirewall | must-use | none | 1.0 | | wp-migrate-db-pro-compatibility | must-use | none | 1.2 | | advanced-cache.php | dropin | none | | | object-cache.php | dropin | none | | +-------------------------------------------------------+----------+-----------+----------+