sffandom
Forum Replies Created
-
Well, THAT’s inconvenient. Thanks for pointing that out to me. 🙂
It will be a few hours before I can set aside time to test your suggestion.
So sorry. I got sidetracked last week and never got around to testing this. Will try again today. Didn’t mean to leave you hanging.
I can give that a try. But I don’t know how to do it.
As an aside, I have just noticed something odd on another site that does NOT use Subscribe2. I had a display issue with a site where I had installed the Rename Wp-Login.php plugin. By deactivating that plugin and reactivating it I was able to resolve the display issue.
I don’t know if that is somehow related to what is happening with Subscribe2 but perhaps there is something in the core code that is messing with some plugins. I have no idea of what to look for.
I updated EVERYTHING: WordPress, themes, and plugins. On some sites the previous version was 3.6.x (last version in that series). On a couple I had upgraded to 3.7.0 and it installed the 3.7.1 automatically.
I only keep a record of when I manually update a Website. I don’t know when the automatic updates were applied. I assume within 24 hours of WP releasing 3.7.1.
Mentioned it in the first message.
I usually wait 2-3 days after a WordPress update is released because I know plugin and theme vendors will usually roll out new updates. So I performed mass updates on these blogs and many others on October 29.
Since then I have only run a couple of updates on blogs that don’t use the Subscribe2 plugin.
I have not encountered any other issues.
No modifications to the core.
Common plugins include:
Akismet
Stop Spammer Registrations
Ad Injection
Better Search
Limit Login Attempts
PC Robots.txt
Rename Wp-login.php
Search Meter
Jetpack
Whitelist IP for Limit Login Attempts
Wordpress Editorial Calendar
Wordpress Importer
WP Social Bookmarking LightI don’t believe any other plugins are used across all these sites.
All of these plugins (and yours) were installed months ago and functioned normally throughout that time. The problem only began a few days ago, apparently after I ran the updates.
On some sites I have yet to update WordPress Editorial Calendar.
All implementations of the plugin were site-activated, not network-activated.
This issue is NOT resolved. If your way of dealing with these problems is to mark all complaints as resolved I will be sure to review your plugin in a most unflattering way.
I can’t tell you what to do to create the problem because the only thing I did do on all these Websites was update the WordPress, plugins, and themes.
The plugin broke with multiple themes, so I am sure it’s not a theme-specific issue.
I have no way of isolating which plugin might have some sort of conflict with Subscribe2 if it is indeed a plugin conflict.
I have disabled the plugin on all sites for now.
Forum: Plugins
In reply to: [Rename wp-login.php] Rename wp-login.php on Multisite TestI would be happy to test it for you. I can be a little slow at responding some times but it’s a useful plugin and I have some sites where it would be nice if I could deploy it as a network function.
The only other issue I am seeing is that my older blogs, where people were required to register as users in order to comment, now block user logins. Unless I share the admin login page with those people (and the number is substantial) they cannot login to their dashboards to enable/disable a couple of notifications they have set up.
If the plugin could be modified to create a separate user plugin page, that would help protect admin security and still give legacy users some control over their own accounts.
Forum: Plugins
In reply to: [Rename wp-login.php] Rename wp-login.php on Multisite TestAha! I remembered that some plugins are not “network-compatible” (at least when you use subdomains) so I typically do NOT use network activation for them. Instead, I activate each plugin through the individual site dashboard.
In this case, I was able to get the plugin to work on a test subdomain. I will activate it on other subdomains and see if I have any problems. If not, you really don’t need to change anything except your documentation if you don’t have time to play with the code.
Forum: Fixing WordPress
In reply to: Too many redirectsThe FILES directive was placed as an attempt to protect the blog from Brute Force Dictionary Attacks (which since April 2013 have been increasing across the Web thanks to a new botnet).
The standard advice I have found on Websites is to place a “deny from all” inside the FILES block directive and this works fine.
However, when you try to “white list” any IP address (so that people can log in to their own dashboards) Apache gets stuck in a redirect loop for any DENIED addresses (trying to access the WP-LOGIN.PHP script).
I have found many discussions on technical fora where people into this problem and asked for help but could not find a resolution.
As best I can determine the issue has something to do with how WordPress needs to rewrite URLs.
I run into the same problem on both single installations and multisite installations.
I don’t think the redirect loops are harming anything, except that hundreds or thousands of compromised servers and individual PCs could be attacking a site at any given moment, and the servers might crash from all the concurrent redirect loops.
If anyone knows how to get around this problem, please share.
Otherwise, you have three choices:
1) Live with the BFD attacks, knowing they’ll eventually get in.
2) Live with the redirect loops and hope your shared hosting can take the load
3) Just use “deny from all” and temporarily enable the WP-LOGIN.PHP when you need to get into the dashboard (setting a cookie should allow you to bypass this check for a while)I have not tried renaming WP-LOGIN.PHP as I don’t know how many scripts would have to be changed.
There is at least on RENAME WP-LOGIN plugin available here on ww.wp.xz.cn. I may try that on a couple of sites and see if that helps.
ON EDIT: On some installations I still get the infinite redirects even with just “deny from all” in the FILES section. It may be due to different versions of Apache running on different servers. I don’t know and don’t have time to start logging htaccess executions.
Okay. I’ll have to think about this. Thank you.
Apparently it does work with that setting active. Can you quickly explain what I’m giving up by leaving that setting active?
Forum: Reviews
In reply to: [Limit Login Attempts] Does a pretty good job but could be betterYes, I see the whitelisting trick in the FAQ. I don’t want to have to edit code on multiple installations. I just want the ability in the user interface.