TangerineFrog
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: How to whitelist an IP address to htaccess fileJust thought I’d provide an update to my earlier post in the hope that it might help someone else who may be having the same issue. As mentioned in my previous post, after a customer purchased off my website, the IPN logs just kept saying ‘retrying’ and I was getting an HTTP Response Code of 403.
Those wonderful, helpful people at Hostgator have solved the problem for me which has had me pulling my hair out for days. I have a fair amount of security code in my htaccess file and it was one of those lines of code that was blocking PayPal IPN. Hostgator coded out that line and now it works perfectly. The culprit was:
SetEnvIfNoCase User-Agent ^$ keep_out
Description from Hostgator: When the IPN POST request is coming into the server it’s not using a user agent, it’s left blank, so that line in the .htaccess is keeping it out.
Hope this helps someone.
Thanks.
Forum: Fixing WordPress
In reply to: How to whitelist an IP address to htaccess fileThanks for your reply. I’m not sure what could be causing the 403 in my htaccess file as it contains a fair amount of security code to deter spammers and hackers. I’m cautious and not entirely comfortable about deleting anything from inside it, hence I was hoping just by whitelisting the IP address that it would solve the problem. I added RewriteCond %{REMOTE_HOST} !1.2.3.4 (replacing 1.2.3.4. with the PayPal IP) that you kindly suggested, but sadly I’m still getting the same problem.
I have a downloadable eBook on my website with a PayPal button which I inserted using the plugin named Bookshelf. I have enabled IPN on my PayPal account and correctly named the Notification URL to match that of Bookshelf. However, the IPN history in PayPal keeps saying ‘Retrying’ and when I select the Message ID I see an HTTP Response Code of 403. The logs in cPanel on my host say ‘client denied by server’. My host says there is nothing untoward server side.
Looking through the forums, I notice other people have had similar problems when using the plugin BadBehaviour and WP Better Security – both of which I’m not using. However, I am using Wordfence and I’ve already whitelisted the PayPal IP address there.
Not really sure where to go from here?
The URL containing the PayPal button is http://jamespitter.com/in-memory/barbara-pitter-poet/
Thanks.
Forum: Fixing WordPress
In reply to: Widget Dragging Not Workingesmi’s link above solved the problem for me.
I can now edit and drag widgets to the sidebar in version 3.5 after updating the RewriteCond in the 5G Blacklist/Firewall of my htaccess file and all is now working again – thanks so much, esmi.
Thank you for explaining that to me, Pankaj. The information in the links make complete sense—much appreciated.
I’ll now mark the topic as resolved.
In codex.ww.wp.xz.cn they advise changing the prefix to prevent SQL-injection attacks. I’ve used different prefixes in a DB before without a problem until now. Below is an excerpt from the codex:
codex.ww.wp.xz.cn/Hardening_WordPress
Change the table_prefix: Many published WordPress-specific SQL-injection attacks make the assumption that the table_prefix is wp_, the default. Changing this can block at least some SQL injection attacks.
Thanks.
Thanks for your reply. It’s odd. I have the DB and my web page side by side in different browsers and can physically see the change when I refresh the screen. I’ve never had this happen before.
A single entry in the _postmeta table in the meta_key column changes from _xxxxxxxx_page_template back to the wp default of _wp_page_template.
Forum: Fixing WordPress
In reply to: Unable to locate WordPress Content directory (wp-content)Have moved wp-content out of new folder and back into root directory which has eliminated all errors and theme is now visible in my url.
However, other comments on this forum suggest the wp-content folder can be moved outside of the root directory (and out of the wordpress folder) and renamed to deny access to hackers. But each time I do that I get the errors as mentioned in my previous post.
Does anyone have any ideas or solutions, or does the wp-content have to remain as it is in the root directory alongside the wordpress installation?
Thanks.