hausinteractive
Forum Replies Created
-
Marking as resolved.
Thanks MBR, I did discover and enable this ‘Rename Login page’ option. Immediately after enabling it the email notifications of blocked IPs stopped arriving.
Since this new login page is not in the site index any attempts to scan and find it will likely trigger the server firewall.
Ultimately this is probably the best solution because it does not fill the DB with miles of logs. If I had continued down this path the next feature request would have been to auto-prune the blocked IP logs so the DB doesn’t get too big. XD
Cheers!
+1 for Curtis’ suggestion. Let’s get this baked into the next version!
Forum: Plugins
In reply to: [WP-FFPC] [Plugin: WP-FFPC] Backend status: down?Strange, I swore we had memcached and yet there it is: working using the “memcache” option. I now see:
Backend status: 127.0.0.1:11212 => up & runningCheers.
Hey kpgraham,
I don’t absolutely need, just providing some feedback.
When reviewing you might consider hooking into the rich text editor that WordPress proper uses. That might reduce the weight a bit as well as have these widgets look like the page/post editor which would be nice.
Also: Don’t forget that there are also a lot of Chrome and Safari users out there!
Cheers.
Forum: Plugins
In reply to: [WP-FFPC] [Plugin: WP-FFPC] Backend status: down?Hi Peter,
I’ve downloaded 0.6.1 and when saving the settings I get this:
ERROR: Memcached cache backend activated but no PHP memcached extension was found.
I see this in our server error logs:
[Fri Mar 08 08:22:26 2013] [error] PHP Fatal error: Call to a member function flush() on a non-object in /directory/wp-content/plugins/wp-ffpc/wp-ffpc-common.php on line 196, referer: http://domain.com/wp-admin/options-general.php?page=wp-ffpcoptions
Additionally, I see this message in the settings:
Backend status: 127.0.0.1:11212 => unknown, please try re-saving settings!
Nothing has changed in our server software from my first post but my test copy of WordPress is now 3.5.1 and our wordpress memcache instance is now on port 11212.
Not sure of Jabawack’s specific issue but this has been my experience with Scissors and Watermark on WordPress 3.5:
Upon Activation these are the messages at the top of the screen:
The plugin Scissors and Watermark need to be set. Please visit the Settings page | Hide Notice.
The plugin generated 242 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.
So the error is of some concern but I forged ahead and clicked on “Settings” and made custom max dimensions for the “Large” size. After the settings were saved this still shows at the top of every WordPress admin page:
The plugin Scissors and Watermark need to be set. Please visit the Settings page | Hide Notice.
Not sure what this means and what isn’t being set. No errors in the apache logs so not much I can do to debug.
Anyway, I uploaded an image larger than my “large” setting image and chose “edit”. In the Scissors and Watermark section I tried Resize, Crop and Rotate:
Resize “worked” but offered none of my presets for thumbnail, medium or large. This is very bad for usability as I don’t want my site admins to have to remember an exact pixel value like 817px to get images sized correctly. It would be nice to allow images to be sized to the max width given, allowing the height to vary or for the height to be cropped.
Crop simply doesn’t work. When I select an area and click “crop” the page refreshes with the original cropping.
Rotate works.
I can confirm ikovacic’s fix. Many thanks!
Quick follow ups:
– Is this going to be baked into a soon-to-be-released update? I would like to vote for this as a working plugin.
– Is this plugin “healthy”? Eg: is this going to continue to get updates?
Forum: Plugins
In reply to: [WP-FFPC] [Plugin: WP-FFPC] Backend status: down?Hi Peter,
We are running memcached
I am emailing the config to the address listed on your website.
Cheers.
—
AaronForum: Plugins
In reply to: [WP-FFPC] [Plugin: WP-FFPC] Backend status: down?Update: Just downloaded and ran a copy of http://code.google.com/p/memcache-top/ (which is kind of cool, btw) and while hammering on a site running FFPC I did not see the stats do much of anything.
This leads me to suspect that the Backend status: DOWN message is accurate.
If I’m right then the question becomes: Why is the plugin seeing memcache as down when it is not?
Here is the list of WL locations used. The ones at the bottom have line breaks between them for readability (both here as well as in the *actual* config used on the site, for the same reason).
!is_page(‘membership’)
is_page(‘photos’)
is_page(‘mothering’)
is_page(‘about’)
is_page(‘faq’)
is_page(‘community’)
is_page(‘aboutjane’)
is_page(‘philosophy’)
is_page(‘trying’)
is_page(‘blog’)
is_page(‘membership’)
is_page(‘materials’)
is_page(‘contact’)
is_page(‘thinking’)
is_page(‘renew’)
is_page(‘paypalbutton’)
is_page(‘newsletter’)
is_page(‘smc-questions’)
is_page(‘about’)is_home()
is_single() || is_home() || !is_(‘products-page’) || !($post->post_parent==’products-page’));
is_page(‘information’) || is_page(‘registration’) || is_page(‘the-agenda’) || is_page(‘hotel-information’) || is_page(‘childcare-options’) || is_page(‘sponsorship-opportunities’)
is_page(‘post-celebration’) || is_page(‘celebration-photos’)
global $post; return (is_page(‘products-page’) || ($post->post_parent==”products-page”));
is_home() || is_single() || is_archive()
is_home() || is_single() || is_archive()
Thanks alanft,
Our developer reported that “…some of the code I was using was copied and pasted from some WP forums that may or may not have been written correctly to last through an update.”
I think he’s going to remove it and run a few tests.
Will report back when we know how they went.
Cheers.
Hey Jaumesala,
If your web hosts allows WordPress FTP/SFTP access you can modify the file /wp-admin/theme-editor.php to also use this function.
This would be considered an advanced hack because:
(1) You are modifying core WordPress files
(2) You will need some understanding of how the code works to only modify the needed parts of the file so that…
(3) you can redo it after you upgrade WordPress if upgrades overwrite the /wp-admin/theme-editor.php file
jafcobend’s pastebin code shows the *differences* between the modified theme-editor.php file and the *original* file that came with WordPress 3.2.1. You will have to manually insert the changes to add this functionality to your wordpress sites running 3.2.1
I should also add that while I agree this isn’t *seriously* more insecure, generally FTP/SFTP accounts are protected by login rate limiters (locking out brute-force attackers after a certain number of attempts) while WordPress is not.
As such I would HIGHLY RECOMMEND installing a plugin such as Login Lockdown as a favor to your web host if you allow WordPress FTP/SFTP access.
Hey Ipstenu,
Thanks for the clarification.
It sounds like everyone wants wordpress to be able to live up to it’s full potential (and have all of the admin options be available to as many people as possible)
To that end, do you (or anyone reading this) know of any pages/wikis/docs that map out the different methods that people employ and their end result?
While most people obviously have no control over their hosts, I would bet that many web developers would still be interested (because, you know, knowing is half the battle).
Since I couldn’t find anything I put together a *super* incomplete (and possibly somewhat inaccurate) doc here:
…that is publicly editable here:
https://docs.google.com/spreadsheet/ccc?key=0AmG40U4O15VGdFI2RE1KR1lnamZXZWVMb0VTVUtDLVE&hl=en_US#gid=0
Hey guys,
Many already put their SFTP credentials into their wp-config.php file in order to add/delete themes and plugins. What jaumesala is suggesting makes absolute sense–why give WordPress permissions to add a theme if it can’t then proceed to edit it?
One of the main security issues I see is that WordPress accounts aren’t protected as well as SFTP accounts are by default (and are more subject to script attacks).
It seems that use of the WordPress plugin Login Lockdown would go a good distance to resolving that problem.
Additionally, if one’s server handles it, the connections WordPress is making are easily made tighter with SSH vs FTP:
/** in wp-config.php */
/** Force WordPress to use SSH method for plugins and themes */
/** This eliminates the need to log in every time */
define(‘FS_METHOD’, ‘ssh2’);
define(‘FTP_SSL’, ‘true’);
define(‘FTP_BASE’, ‘/home/SFTP-Account/wordpress/’);
define(‘FTP_CONTENT_DIR’, ‘/home/SFTP-Account/wordpress/wp-content/’);
define(‘FTP_PLUGIN_DIR ‘, ‘/home/SFTP-Account/wordpress/wp-content/plugins/’);
define(‘FTP_USER’, ‘SFTP-login’);
define(‘FTP_PASS’, ‘SFTP-password’);
define(‘FTP_HOST’, ‘servername.com’);While not all servers have (S)FTP access, this would be a HUGE addition for those that do. This might seem small to an engineering type, but would be a game-changer for end users, which is the point.
So all this to say +1 to using (S)FTP credentials to enable theme/plugin editor to “work”.