PeterB
Forum Replies Created
-
Sure:
[link rel=’stylesheet’ id=’pps-series-overview-style-css’ href=’https://XXXX.XXX/wp-content/plugins/organize-series/css/series-overview.css’ type=’text/css’ media=’all’ /]
[link rel=’stylesheet’ id=’pps-post-list-box-frontend-css’ href=’https://XXXX.XXX/wp-content/plugins/organize-series/addons/post-list-box/classes/../assets/css/post-list-box-frontend.css’ type=’text/css’ media=’all’ /]
[link rel=’stylesheet’ id=’pps-series-post-details-frontend-css’ href=’https://XXXX.XXX/wp-content/plugins/organize-series/addons/post-details/assets/css/series-post-details-frontend.css’ type=’text/css’ media=’all’ /]
[link rel=’stylesheet’ id=’pps-series-post-navigation-frontend-css’ href=’https://XXXX.XXX/wp-content/plugins/organize-series/addons/post-navigation/includes/../assets/css/post-navigation-frontend.css’ type=’text/css’ media=’all’ /]Thank you.
- This reply was modified 6 months ago by PeterB.
No problem. Thank you.
One more thing…
The plugin includes 4 css files (1 is minified, the others are not) in every pageload (incl. the front page) + even on those pages that have nothing to do with series handling.
Would it be possible to optimize it? Not including them would be the best, but even merging the css code to single file would improve performance.This request:
GET /wp-content/plugins/organize-series/addons/post-list-box/classes/../assets/css/post-list-box-frontend.css HTTP/1.1
Triggers a Path Traversal Attack mod_security alert using the default OWASP_CRS rules. Have not upgraded to CRS4.x yet (have too many custom rules), but iirc it has not been an issue until the last (few?) updates.Message: Warning. Pattern match “(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 …” at REQUEST_URI_RAW. [file “/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf”] [line “48”] [id “930100”] [msg “Path Traversal Attack (/../)”] [data “Matched Data: /../ found within REQUEST_URI_RAW: /wp-content/plugins/organize-series/addons/post-list-box/classes/../assets/css/post-list-box-frontend.css”] [severity “CRITICAL”]
Removing the /../ part (as in rewriting
……post-list-box/classes/../assets/
to
……post-list-box/assets/…..
before rendering ) would fix this.Thank you in advance!
Thank you, the warnings are gone now.
Have a nice day!Thank you and thank you.
Thanks, I tried that but the pagespeed score is still 5+ points below what it was.. 🙁
Yes it is part of the Jannah theme.
Once I disabled lazy loading there, the errors stopped, but pagespeed score dropped about 5-8 points.
How to proceed from here? TIA!Hi Mustafa,
Thanks, I think the .htaccess line was the culprit, since the pc-config file had the rejected cookie value.I am still testing it, but I think the cookie name was not added automatically by the PoweredCache .htaccess builder function.
Will report back once it is fully tested.
Thanks for checking it.
My cookie name is test_member_hash_loggedin.
Can the object cache responsible for serving the cached pages while the cookie is present?Do you happen to need any help with the testing?
Thank you, will happily test the fixed version 🙂
That was my first try, but even with the cookie, I got served with cached pages.
I know it can be done by adding
if(isset($_COOKIE['mycookiename'])){ return; }to the page-cache.php somewhere near the top, but I’d rather have some more upgrade-proof solution 🙂
Forum: Developing with WordPress
In reply to: WordPress User Scaling IssuesSame here…
I’ve got a wp3 site with thousands of users (subscribers).
Currently they’re sending me articles via email.
When I create a new post and try to set the author from the authors’ dropdown list, it takes ages, because the dropdown list is huge.
What can be done?
Thanks.P.