ianatkins
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: WordPress “chokes” on Turkey emoji for ThanksgivingI can replicate this, on Godaddy Managed WordPress hosting – the emoji are stripped from the post title. Also see the same issue with the Instagram importing plugin.
Could this be related to database collation?
MySQL charset: UTF-8 Unicode (utf8)Posts table collation is utf8_unicode_ci
Post Meta collation is utf8_unicode_ci
Term Meta collation is utf8mb4_unicode_ciOther tables are utf8_general_ci or latin1_swedish_ci
Any thoughts @otto42 – what should be collation, could it be connected?
Thanks,
Ian.
Forum: Plugins
In reply to: [WooCommerce] Coupon discount increases with sales taxThis doesn’t make sense.
I have setup a cart discount coupon for £10.
Product is £55 (inc £9.17 VAT).
Apply the coupon and the coupon is shown with a value of £12, and order total is £43.00 (includes £7.17 VAT).
Agree that taxes should be applied after discount, but taxes should not be applied to the coupon value. Is this a bug?
Forum: Plugins
In reply to: [Cloudflare] Website broken with 3.0Same.
Inundated with emails this morning. Glad this is resolved in the new release.
Forum: Plugins
In reply to: [AJAX Thumbnail Rebuild] Deprecated Methods running php7.0.0+1 Came here to note the same thing.
Forum: Plugins
In reply to: [WooCommerce] Woocoomerce generates MANY queries! Is it normal?I’m also seeing high query numbers, will do some testing on a clean install. Even on non WooCommerce pages (we have the mini cart in the header), we are loading about 54 woocommerce queries, not including the wishlists plugin.
exlege we’re having some success caching certain bespoke functions with the Transients API:
https://codex.ww.wp.xz.cn/Transients_APIForum: Plugins
In reply to: [WooCommerce] WooCommerce and PHP 7 RC5Did you ever resolve this, interested in trying PHP 7, but cautious of support.
Forum: Fixing WordPress
In reply to: Hacked via usernames with additional charactersHi Evan, no cleaning the site in house, it’s a simple site with no additional / external files. Sucuri’s audit log is useful, reinstall everything, then we use a custom script to scan ‘wp-content’ for .php files that shouldn’t be there.
Seems the hosts had left phpMyAdmin open and accessible, and that was then used to create the user accounts with multiple / duplicate characters. After the initial hack, the MySQL connection details were not updated.
Forum: Fixing WordPress
In reply to: Hacked via usernames with additional charactersThanks Tara, the site is hardened already and I’m familiar with the guide. After the initial hack the secret keys were reset, any active users logged out and the access passwords changed.
I’m more interested in seeing if anyone has seen similar patterns with the duplicate letters in the username to login.
I’ll download the server log’s shortly and cross reference the IP address from the login logs to see what files were hit prior to the successful login. It’s possible we missed some malware hidden, but we’ve scanned the site using Sucuri and checked through the uploads folder for stray .php files.
Forum: Requests and Feedback
In reply to: Security LockdownForum: Requests and Feedback
In reply to: Security Lockdown@claytonjames re ‘Disabling Appearance > Editor’ – in a few blog posts on Sucuri I’ve read about the editor being used to install backdoors once access to the admin area has been gained.
@otto in the last 10 years of building sites, this year has seen most malicious activity, my personal experience is different. I’m not suggesting making WordPress less successful – I’m suggesting having options to lock down functionality which a user doesn’t require that can be a security risk. Whilst I do put my trust in WordPress, I don’t think its stupid to minimise the risk!
The best way we’ve found to secure / maintain our sites has been dedicated hardware, putting the sites behind a WAF, regular update routine, daily backup routines and regular uptime monitoring and strong passwords. This is quite the service overhead for smaller clients – but so be it.
Forum: Plugins
In reply to: [Invoices for WooCommerce] Edit Order : Create PDFSorry for the delay Bas, that did indeed work perfectly and cleared up any confusion.
Best.
The plugin is one piece of a security system, consider adding Sucuri’s firewall or Cloudflare / equivalent.
Install Jetpack and enable the Login protection. The username could of been accessed from the RSS / meta tags, and then the password brute forced (where script guess hundreds of passwords). Enable ‘Brute force’ notifications in Sucuri’s alert settings to get email when this happens, be warned the frequency can be alarming if your site is under attack.
Delete any plugins / themes you aren’t using, the less code the better.
Hope that helps!
Forum: Fixing WordPress
In reply to: visual editor wordpress not workingLikewise similar issues here.
Uncaught TypeError: wp.mce.views.toViews is not a function
If I disable javascript concatenation, then the link button on the editor and tag system don’t work. Selecting a tag then returns undefined after every letter of the tag.
Latest version of WordPress. Just trying to debug further now.
Forum: Fixing WordPress
In reply to: Adding post tags: "undefined" between each character in the tag nameSeeing the same bug on a site I manage.
Also seeing a JS error:
wplink.min.js?ver=4.2.2:1
Uncaught TypeError: Cannot read property ‘select’ of undefinedAbout disable all plugins one by one and see if I can get to the bottom of this!