SnorkleZ
Forum Replies Created
-
Mark and Miguel – it works like a champ again! Thanks so much for such prompt attention – I am impressed.
Forum: Fixing WordPress
In reply to: Setting SCRIPT_DEBUG or WP_DEBUG_LOG fixes theme-changing problem.I think when WordPress sends stuff minified some of it doesn’t get sent properly by Nginx. Turning chunked_transfer_encoding off in Nginx doesn’t fix it.
Setting the WP_DEBUG_LOG or SCRIPT_DEBUG flag probably tells WordPress to not minify. So I’ll just leave the SCRIPT_DEBUG flag on until I resolve this on Nginx.
Since this doesn’t seem to be a WordPress issue I will mark this topic as resolved.
Forum: Fixing WordPress
In reply to: Could this Iframe be part of a plugin trojan?@songdogtech: Thanks for the reply. Yes, that author seems to be a genuine contributor and not at all sketchy. I tend to look for that before I consider loading someone’s plugin. I should have anonymized the url. I want to be clear that I am not accusing him or anyone, just performing an evaluation. I do of course realize that there is always the possibility of a project having a new junior contributor who is, perhaps, not too mature. And passwords can leak for repositories and the like. At least this seemed experimental rather than malicious.
The content loaded into that Iframe currently is just an ad. The file being loaded being named the same as a WP template file caught my eye, but I realize now that that is probably just because that file is a sidebar on his own WP site.
I’m not aware of any way that Iframe could be made to execute php code on my site but wanted to let some more knowledgable eyes verify that.
I now see that it would be wise for me to run my development web server in a chroot or something similar, under a limited account even though I am behind a NAT router.
As a learning exercise I will continue to look at the code in the plugins that were loaded at the time and see if I find anything obfuscated.