chriscarman
Forum Replies Created
-
Forum: Plugins
In reply to: [WooCommerce PayPal Payments] Cart simulation is killing my siteI decided to just switch to Payment Plugins for PayPal WooCommerce and so far it’s working great. It hasn’t slowed down my site and I haven’t noticed any strange and excessive ajax requests in the server logs. No offense, but I don’t think I’ll be using your plugin again.
Forum: Plugins
In reply to: [WooCommerce PayPal Payments] Increase of fraud ordersI don’t use CloudFlare and I wasn’t sure if it would work if I put it in Wordfence, so I added this to the .htaccess file:
# Enable RewriteEngine RewriteEngine On # Block specific request RewriteCond %{REQUEST_URI} ^/wp-json/wc/store/products$ [NC] RewriteCond %{QUERY_STRING} ^stock_status=instock&order=asc&orderby=price&min_price=1&max_price=5000&type=simple&page=1&per_page=100$ [NC] RewriteRule ^ - [F,L]Seems to be working so far! It’s pretty likely that the string will change anyway – build a better mousetrap and all that.
Forum: Plugins
In reply to: [WooCommerce PayPal Payments] Increase of fraud ordersFYI I looked into the apache log and found this GET request at the start of every spam order:
GET /wp-json/wc/store/products?stock_status=instock&order=asc&orderby=price&min_price=1&max_price=5000&type=simple&page=1&per_page=100
If there was a way to easily block that specific request, then it should stop the spam orders. reCaptcha didn’t work for me.
Thanks for the quick clarification!
Forum: Plugins
In reply to: [WooCommerce] WooCommerce breaking script using wp-load.phpFor anyone who stumbles across this thread in the future, the issue was that I didn’t realize that PHP cli was using 7.3.33. When I ran my custom script by calling php74, there was no conflict with the WooCommerce plugin. Sorry for any confusion this might have caused!
Forum: Plugins
In reply to: [WooCommerce] WooCommerce breaking script using wp-load.phpI’m still having this issue on both of my websites that use the WooCommerce plugin. I did the following on my lower-traffic site and still encountered the same fatal error each time
- Verified that my site is running PHP 8.2
- Deleted the woocommerce plugin folder and installed the latest version from ww.wp.xz.cn
- Disabled every plugin so that WooCommerce was the only active plugin
The only time I could get wp-load.php to work is when WooCommerce is deactivated. When it’s active, I still get this error:
PHP Parse error: syntax error, unexpected ‘LegacyProxy’ (T_STRING), expecting function (T_FUNCTION) or const (T_CONST) in /home/[username]/public_html/wp-content/plugins/woocommerce/src/Internal/TransientFiles/TransientFilesEngine.php on line 48
Line 48 of TransientFilesEngine.php is:
private LegacyProxy $legacy_proxy;This is the only file I can find in the WooCommerce source code that uses the string LegacyProxy in the private variable declaration. Other files use:
private $proxy;but even when I remove LegacyProxy from line 48 in TransientFilesEngine.php, it still gives this parse error:
PHP Warning: class_implements(): Class Automattic\WooCommerce\Internal\TransientFiles\TransientFilesEngine does not exist and could not be loaded in /home/[*username*]/public_html/wp-content/plugins/woocommerce/src/Internal/DependencyManagement/ServiceProviders/AbstractInterfaceServiceProvider.php on line 34
At the top of AbstractInterfaceServiceProvider.php, I tried adding this line:
use Automattic\WooCommerce\Internal\TransientFiles\TransientFilesEngine;Same error. I also can’t use WP CLI to add a user, because I get the same fatal error. Anything you can do to help would be appreciated!
For the original author of this thread and anyone else in the future who stumbles across this, I figured out that Apache ModSecurity was triggering on rule id #390149 with the message “Atomicorp.com WAF Rules: Possible remote shell or bot access denied” any time I tried to go to the Wordfence “All Options” page. I’ve added an exception to this rule to the ModSecurity whitelist and I’m going to restart apache this weekend when my site traffic is lower to see if it resolves the issue.
I’m having the same issue on my site – any time I click on “All Options”, it takes me to a “404 Not Found” page. I’m also not using multisite, and I’ve been using WordFence for three and a half years without encountering this problem.
That worked, thank you very much for the quick solution!
Forum: Networking WordPress
In reply to: Multisite installation not working after move to new hostingThanks for replying! I checked the images, and they’re the same URLs as they were on our old server. For example, the image:
http://domain/files/2015/08/logo-transparent.png
doesn’t work, but:
http://domain/wp-content/blogs.dir/1/files/2015/08/logo-transparent.png
works fine. Also, I still can’t get /wp-admin/ to load, so it still feels like a .htaccess issue, not an image URL issue. Thanks, though!
Forum: Networking WordPress
In reply to: Login attempt to network admin kicks to login screenThat sounds interesting – I’ve done a little .htaccess hacking, but I have to admit I don’t understand the syntax fully. I googled and found this example:
RewriteCond %{HTTP_HOST} !^www\.domain\.com [NC] RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]Would this force things like http://domain.com/superblog to become http://www.domain.com/superblog?
Forum: Networking WordPress
In reply to: Login attempt to network admin kicks to login screenNo, that’s not it – I’ve tried changing it in the database to domain.com and http://www.domain.com , and it has no effect. I think it’s because the network admin link is using PHP’s value for $_SERVER[‘SITE_HOST’] or something similar, even though none of the other links at the top of the bar use this constant.
I’d be glad to change it myself, but I don’t know what file(s) those links are found in. Any idea?
Forum: Networking WordPress
In reply to: Login attempt to network admin kicks to login screenI’m having this same issue in multisite – it seems that when I go to the “Updates” link in the top hovering menu bar, it trims off the “www.” from our domain name, while every other option keeps it in there. If I go directly to “domain.com/wp-login.php”, and log in there, it refreshes the login screen and seems to go nowhere. However, if I log in at “www.domain.com/wp-login.php”, it gets me into the Dashboard, and then the “Updates” link works fine.
Basically, if the Network Admin links didn’t cut the www. prefix off, this problem likely wouldn’t exist. Any idea why it does this? All of the non-Network Admin links leave the www. on, and they work fine.
Forum: Hacks
In reply to: Clear all existing wordpress cookies?Nevermind, this worked once I moved the script to the root directory.
Forum: Fixing WordPress
In reply to: Can login in on Chrome but not IE or FirefoxI’m having the exact same problem in a multisite setup in our school district – most users can login, some can’t. For most, neither IE nor Firefox works (haven’t tried Chrome), but for a few they can get in through Firefox. Clearing the cookies/cache doesn’t help, and deleting their Windows profile has helped in some but not all cases.
I looked in our Dashboard > Settings > General and don’t see any options for setting a URL; all of the URLs in our site settings (when I go to Super Admin > Sites > Edit) seem fine. This bug is driving me crazy!
