wfryan
Forum Replies Created
-
Forum: Plugins
In reply to: [SyntaxHighlighter Evolved] Ampersand characterHTML entity encoding/decoding in PHP excludes quotes by default, which is why the filter above doesn’t work on
"as-is. A quick modification addresses that:function kagg_syntaxhighlighter_precode( $code, $atts, $tag ) { if ( 'code' === $tag ) { $code = wp_specialchars_decode( $code, ENT_QUOTES ); } return $code; } add_filter( 'syntaxhighlighter_precode', 'kagg_syntaxhighlighter_precode', 10, 3 );Thanks for reporting that. We’ve scheduled that change in.
Thanks for reporting this. It is slated to be fixed for the next update.
We have a fix underway for this. In the meantime, if you want to use the current version, you can work around the problem by using a named time zone equivalent. For +5:30, Asia/Colombo will work. Any others can be looked up here if needed: https://en.wikipedia.org/wiki/List_of_UTC_time_offsets. Typically one or more of the principal cities listed will appear in WordPress’s list.
In every HTTP call made by one of WordPress’s functions (e.g., wp_remote_post), it automatically sets the HTTP Referer header to the URL being requested. This includes every call we make back to our own servers. We don’t need it, and it’s just a waste of bandwidth, so we’re now suppressing that header for those calls and only those. All other internal HTTP calls made by WordPress itself or other plugins are not affected.
Forum: Plugins
In reply to: [Genesis Simple Sidebars] MALWARE found in plugin?The file was flagged because it matched the signature Win.Malware.Agent1592130909/CRDF-1 from the ClamAV databases. This and one other signature in those databases were hashes for single byte files (this one was a single \n character), so we’ve manually removed those two from the list we check against.
Hi,
That XML file looks like it is updated dynamically by the theme to include the overall data structure of the site. Included in in that are unapproved comments, which are often spam, and one of those is most likely matching for one of our malware rules. The issue on the scan page should show a snippet of the matched text, and the link in that is probably a spammy URL.
Ryan
The file it’s saying is missing is the core file for Wordfence’s Web Application Firewall. You should be able to get up and running by following the steps in the last section here to manually uninstall that portion: https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#How_can_I_remove_the_firewall_setup_manually.3F
- Depending on your server’s setup, you may have changes in the files .htaccess, .user.ini, and php.ini, all in the site’s main directory.
- Wordfence surrounds its code with comments “Wordfence WAF” and “END Wordfence WAF” in the files it modifies. You can remove the code between these comments in these files:
- .htaccess code varies by server configuration, but is surrounded by the comments mentioned above
- .user.ini is only used on some server configurations, but if it exists, Wordfence code is surrounded by the comments mentioned above
- php.ini is only used on some server configurations, and would have a single line beginning with “auto_prepend_file”
- The file wordfence-waf.php in the site’s root folder can be removed after the files above are updated.
- Important: If your host uses .user.ini or a PHP cache, the changes can take 5 minutes or so to go into effect. You may see white screens or error messages during this period.
The directory you have WordPress installed in needs to be writable by the user your web server is running as. If it’s not, you’ll get that message, and the file needed to tie in the firewall can’t be created.