bcworkz
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: You totally destroyed my visual editor! :(((Downgrading could expose you to security vulnerabilities. Don’t do it. If you’re not happy with the block editor, you’re not alone. Most users seem to like it, but some prefer the old editor. For those, the Classic Editor plugin is the solution. You can continue to use the old style editor while keeping your WP installation safe and up to date.
FYI, members helping out in these forums are all volunteers and are not in any way involved with WP development. Ranting at forum members about the direction of WP development isn’t reaching who you think it is. I do understand your frustration though.
Forum: Fixing WordPress
In reply to: Moved from 7.4 php to 8.3, Abspath warningYou need to edit your wp-config.php file. Changing themes or plugins will not help with this kind of error. It’s unrelated to sub-somains, it’s an issue with your base WP installation itself.
The ABSPATH definition typically looks like this:
define( 'ABSPATH', __DIR__ . '/' );
It can be found at line 25 of your wp-config.php file. It doesn’t belong in that location. Make it into a comment like so:\\ define( 'ABSPATH', __DIR__ . '/' );That’s the easy part. Accessing the file for editing is a bit more complicated. If you know how to use FTP, download the file, edit it, then upload back. Otherwise use your hosting file manager. There is usually an edit file option. If that doesn’t work, you can use the file manager to download, edit, upload just like we can with FTP.
Do not use a word processor like MS Word to edit PHP files. Use a plain text editor such as MS Notepad or some sort of programmer’s editor.
If by chance the ABSPATH definition is something besides what I’ve shown above, you have a non-standard installation and you should seek the advice of whomever set this up for you.
Forum: Fixing WordPress
In reply to: Pagespeed insights thumbnail image larger than it needs to beYou have 150px images saved but they are not being used by your theme because the thumbnails (featured images) your theme generates are larger than 150px. If you desire smaller thumbs to be displayed, you’ll need to customize your theme or find an alternative that has smaller thumbs. There is however a small chance your theme has a setting where you could specify smaller thumbs.
The 150px media setting only defines one of the sub-sized images that WP generates during upload. Whether they are used or not depends upon your theme. IMO 150px is too small to be used for much beyond an avatar-like icon. I think the larger sizes currently in use look better.
Forum: Fixing WordPress
In reply to: Pagespeed insights thumbnail image larger than it needs to beYour thumbs are larger than 150px so the default thumb size would be unsuitable. There are a limited set of available intermediate sizes. The image tags on your site do offer srcset data so browsers can choose an appropriate size based on the actual responsively rendered size. It’s impractical to serve an perfectly sized image for all the possible responsive image sizes, it’s inevitable the image will be somewhat larger than the display size. It’s reasonable to ignore some optimization recommendations if implementing them is difficult or impractical.
Forum: Fixing WordPress
In reply to: critical issue“Cannot reach WordPress” errors are usually temporary in nature. If the issue persists, some sort of security measures on your hosting end may be interfering. If you have any security plugins, try deactivating it to see if it resolves the issue. If so, contact the plugin developer for a more permanent fix. It could also be some kind of security measure implemented by your host, such as firewall or modSecurty. Contact your host for assistance in resolving such problems.
Updraft AFAIK doesn’t contact ww.wp.xz.cn in order to do a backup. Backup issues also indicate security measures are interfering, assuming the connection to the backup resource was working previously.
Reviewing access logs could reveal the source of the automatic posts, but if you lack plugin installation capability, you might not have log access as well. Log access is typically via the hosting account.
This is sounding more like a hack. I recommend reviewing the FAQ on hacks.
How often are these posts created? The interval might be useful information. It’s likely due to a recurring wp-cron event. Try using one of Cron management plugins to examine what has been scheduled. The recurring event that creates posts will likely reference back to the responsible plugin or your theme by how the event’s callback function is named. You may be able to stop the behavior by just removing the responsible wp-cron event via the manager plugin.
If removing the recurring event doesn’t help, confirm you’ve identified the correct theme or plugin that’s responsible by deactivating that plugin or switching the theme, then remove again any recurring event that was created. The automatic post creation should stop. Consult with the responsible theme or plugin’s dedicated support channel for how to prevent automatic post creation.
If you’ve not taken any additional measures, users should not be able to navigate cross-domain unless the user has logged in separately into each domain. Browsers will not send an auth cookie to a non-matching domain. In order for users to navigate cross-domain with a single login, you’ll need some sort of single sign on (SSO) scheme. Some domain mapping plugins may provide for this. The built in WP domain mapping does not. There are numerous SSO plugins you could try out.
Forum: Fixing WordPress
In reply to: Need guidance for nonce-based CSP in WordPress setupI’ve not successfully implemented general application of nonce based CSP because it’s impractical to do so and remain 100% compatible with what ever plugins someone might want to use. While it’s technically feasible to add nonces to script and style elements that match a nonce in a CSP header, we could be conveying trust where it’s not warranted. IMO it’s better to call unknown code what it is: (possibly) unsafe.
What is feasible to do is implement good CSP policy for a specific website that uses only specific, known plugins. The onus then falls upon the site owner to evaluate plugin security, then indicate exactly what is trusted via CSP directives. Ideally, every site owner should be doing this, but doing so requires much expertise that most site owner’s lack. Of course they could hire an expert to do this for them, but many are unable or unwilling to spend more money on their site.
The problem is compounded with 3rd party code that we have no control over. What might be safe when we first evaluate the code, could later become unsafe when the 3rd party code is updated. Sadly, plugins are and will remain the largest security risk in a WP environment. Throwing a nonce into an element with a 3rd party reference might get rid of a security warning, but it doesn’t really make the code any safer.
It’s possible to implement a hash based CSP policy so only the code that was specifically evaluated can be used. But then the hashes need to be updated every time there’s a code update. I doubt most site owners are willing or able to do this.
Forum: Fixing WordPress
In reply to: Files that will not dieFWIW, WordPress has absolutely nothing to do with a request like that. It’s definitely something about how your server is set up. It looks like it may be something cached by cloudflare.
Forum: Fixing WordPress
In reply to: Files that will not dieWhere are you seeing these links that will not go away? If they are in post or page content, they need to be removed manually via the post/page editor. Or you can do a global search and replace operation with the Better Search and Replace plugin.
The links shouldn’t resolve to any data. If you’re still seeing deleted content after following the links, the data is stuck in a cache somewhere. If you’ve no WP caching plugins, ask your host if they’re caching content and how to flush the cache.
Forum: Fixing WordPress
In reply to: critical error on this websiteDetermine what the actual error is by checking your server’s PHP error log. Be aware that the error listed may not be the root cause, you may need a debug backtrace to determine the root cause.
If the root cause is not easily determined, there’s still a very good chance it’s due to a faulty plugin or theme. You can regain basic site functionality by renaming the /plugins/ directory in /wp-content/; and by renaming your current theme’s directory in /wp-content/themes/. Renaming can be done via FTP or your hosting file manager.
This will deactivate all plugins and cause WP to use one of the default themes, thus taking the likely cause of the error out of play. You should now be able to login to the backend. Once logged in, restore the proper directory names. Switch back to your normal theme and begin re-activating your plugins. When the error is encountered again, either WP will refuse to activate it, or you’ll get the fatal error message again. Whichever module you were trying to activate would be the root cause.
If you got a fatal error again, rename the problem module’s directory. You should be able to regain normal site access, albeit without the problem module. Seek further help via the problem module’s dedicated support channel, or find an alternative module that offers similar features.
Forum: Fixing WordPress
In reply to: video heightWhen we encode video we should adhere to specific standard heights (lines per frame, such as 480, 720, 1080, etc.). This is somewhat irrelevant to the height of the video viewer element a user sees in their browser. The element height is managed by element attributes and CSS and is unaffected by the video encoding height.
The answer to your question is do both. The encoding height relates to the overall video quality but does not directly impact the viewer element height. You must make a choice when encoding a video. You should also specify the desired viewer height. This could vary depending on the browser’s viewport size, so you would likely want to follow responsive design principles.
Note that embed codes obtained from video streaming services often include arbitrary viewer sizing. Our ability to alter this varies by the nature of embed codes.
Forum: Fixing WordPress
In reply to: 2 URLs – One WP siteRegister your new URL with your host as an add on domain, if you’ve not yet done so. Add on domains normally point to a sub-directory, but in this case it’d be pointed to your WP installation. If you’ve not done so, update the domain’s NS DNS records to go to your host’s name servers. If you’ve registered your domain with Hostinger, some or all of this may have been done for you.
Update the site and home URL values in general settings to reflect the new domain. Install and activate the Better Search and Replace plugin. Use it to search and replace all instances of your old domain in the DB with the new one.
Anyone still using the old domain will be redirected by WP to your current domain.
Forum: Fixing WordPress
In reply to: Header space showing Footer contentWhen you use the customizer, the adjacent page preview shows the correct header menu? But on the actual front end the wrong menu appears in the header? You’re likely seeing cached content. Try clearing any caches involved, both server and client (browser) side.
How did a footer menu end up in the header? There’s a fallback mechanism that could use another known menu when the specified menu cannot be found. When you deleted the original header menu, the fallback mechanism came into play, then that scheme got cached, making it unusually “sticky”.