<?php /** * The base configuration for WordPress * * The wp-config.php creation script uses this file during the * installation. You don’t have to use the web site, you can * copy this file to “wp-config.php” and fill in the values. * * This file contains the following configurations: * * * MySQL settings * * Secret keys * * Database table prefix * * ABSPATH * * @link https://codex.www.ads-software.com/Editing_wp-config.php * * @package WordPress */ // ** MySQL settings – You can get this info from your web host ** // /** The name of the database for WordPress */ define(‘DB_NAME’, ‘dpsjadwi_dpsjadwinow’); /** MySQL database username */ define(‘DB_USER’, ‘dpsjadwi_dpsjad’); /** MySQL database password */ define(‘DB_PASSWORD’, ‘Jadwinow2016’); /** MySQL hostname */ define(‘DB_HOST’, ‘mysqlhost’); /** Database Charset to use in creating database tables. */ define(‘DB_CHARSET’, ‘utf8mb4’); /** The Database Collate type. Don’t change this if in doubt. */ define(‘DB_COLLATE’, ”); /**#@+ * Authentication Unique Keys and Salts. * * Change these to different unique phrases! * You can generate these using the {@link https://api.www.ads-software.com/secret-key/1.1/salt/ www.ads-software.com secret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 */ define(‘AUTH_KEY’, ‘e4JQXF8@tC=_F6FIT(G+h,etP<hE||@fldF@]UM=:-K]KC!s ($G>SR(SpUak?~6’); define(‘SECURE_AUTH_KEY’, ‘*gqk5>dqz8Lx,$=Ntv0oHI9*<1[kD+>oaZq=qP9rTB?~}y#D#s)Oq(2AHSv1S_!i’); define(‘LOGGED_IN_KEY’, ‘ua8q:?J2>k.[%TP^Pta4sDS)*+q3GBbaKlQlOc6W2G6|Z#GbyW.;em-b_j=Tn?sw’); define(‘NONCE_KEY’, ‘[YFeW@ui%PJV<qP{-o<EO+YGUX:vu;D+MbG&9jO4gXa+P$2c5<A5M~a@2;S!]PX$’); define(‘AUTH_SALT’, ‘1v,0Tp[$fi)3R7l_W~?>).Z{//HZyoVOS)VL7@LG<^0%6wloq,]JR)ys0?&6|re'); define('SECURE_AUTH_SALT', '.0Ed5tU=rpvykeP$drpSVzqHuZOA49SDQuf(Z)xGyv_^l3S-A.w$]%OKG G,ll'); define('LOGGED_IN_SALT', ']B7_ATqx=H;])DODfoS&SY)[UeN[acjI:.,EX+|n30a$tK feLG9ywH.Ii.@v’); define(‘NONCE_SALT’, ‘<?nP%Jb#g5!9>?M{d-h;]EaR,gP@u%F(yv#Z.(r<` VPuc&#DEX;I<<G2vdEc,t=’); /**#@-*/ /** * WordPress Database Table prefix. * * You can have multiple installations in one database if you give each * a unique prefix. Only numbers, letters, and underscores please! */ $table_prefix = ‘wp_’; /** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. * * For information on other constants that can be used for debugging, * visit the Codex. * * @link https://codex.www.ads-software.com/Debugging_in_WordPress */ define(‘WP_DEBUG’, false); /* That’s all, stop editing! Happy blogging. */ /** Absolute path to the WordPress directory. */ if ( !defined(‘ABSPATH’) ) define(‘ABSPATH’, dirname(__FILE__) . ‘/’); /** Sets up WordPress vars and included files. */ require_once(ABSPATH . ‘wp-settings.php’);

[19-Oct-2024 21:31:10 UTC] Automatic updates starting…
[19-Oct-2024 21:31:10 UTC] Automatic plugin updates starting…
[19-Oct-2024 21:31:10 UTC] Upgrading plugin ‘wp-job-manager-alerts’…
[19-Oct-2024 21:31:10 UTC] Plugin ‘wp-job-manager-alerts’ has been upgraded.
[19-Oct-2024 21:31:12 UTC] Scraping home page…
[19-Oct-2024 21:31:16 UTC] ‘###### wp_scraping_result_start:81e888074d460a0399e9bf62e3d0b4bb ######
true wp_scraping_result_end:81e888074d460a0399e9bf62e3d0b4bb

‘
[19-Oct-2024 21:31:16 UTC] The update for ‘wp-job-manager-alerts’ has no fatal errors.
[19-Oct-2024 21:31:16 UTC] Upgrading plugin ‘wp-job-manager-application-deadline’…
[19-Oct-2024 21:31:16 UTC] Plugin ‘wp-job-manager-application-deadline’ has been upgraded.
[19-Oct-2024 21:31:18 UTC] Scraping home page…
[19-Oct-2024 21:31:21 UTC] ‘###### wp_scraping_result_start:1515c4f4a043b91442413e79341d5f67 ######
true wp_scraping_result_end:1515c4f4a043b91442413e79341d5f67

I have found a page that is live and accessible, despite it not existing as a page on my WordPress (it is the right theme and domain). I have check multiple times, but it is not among drafts or published pages, and it is not a subdirection either. So why is it indexed and accessible still?

I would like to take it down or at least do a redirect. But the redirect is not working.

The URL in question: https://www.stinto.com/stinto-hyrer-ny-cco-med-fortid-hos-multinational-it-virksomhed/

(Unfortunately, I could not upload the screen shots)

(

Martin from SiteGround here.

I will use this opportunity for a short followup ??

As @generosus mentioned, our team was contacted regarding this matter. I provided somewhat more detailed information in the communication we had through our official support channels. I will spare some details in this public thread but here it is, without omitting anything important:

• this file /var/lib/sec/wp-settings.php adds additional functionality for the SiteGround managed hosting for WordPress
• it is used for various features, one of them being the custom dashboard SiteGround ships along with the “SiteGround starter”
  • the SiteGround starter itself allows clients that perform new installations to more easily start building their websites with preinstalled plugins, themes and overall website setup relevant to the needs they have
• due to a bug in the code that was shipped in the end of last week, instead of preserving user preferences for the default dashboard the options that are modified in the custom SiteGround starter dashboard were hidden.
• it was not expected, it was a regression in the code for the shipped version
• the issue was rectified yesterday by the SiteGround team and distributed across the hosting infrastructure

To answer your question why there was no announcement: The change was not supposed to affect existing customers in a way that it changes the expected functionality of their websites. More of a under the hood type of tweaking. Still @generosus made a very nice comment also, suggesting we consider putting up a website that would provide regular updates for new features, up to date service status and similar announcements for clients.

Not quite sure why the front end matters, but I am sure it does to you. Just wanted to hide posts from the main blog/news page of a WP website. That plugin will do it just fine.

Deactivate all plugins first. Does this solve the problem? If not, contact your host’s support team.

• The directory and file permissions in your hosting are set incorrectly. WordPress cannot write here. Under Tools > Site Health you should also find a message if this is the case. In this case, contact your hoster’s support.
• The FS_MODE is set incorrectly in the wp-config.php file. Look at the file via FTP and search for something that looks like define('FS_METHOD', 'direct'); – remove this.

It sounds like you’ve already taken solid steps with Wordfence and IP range blocking. For further action:

1. Rate Limiting: You can implement stricter rate limiting on your server to slow down or stop the bot if they’re sending frequent requests.
2. CAPTCHA: Add CAPTCHA for specific pages or after several failed attempts to verify human visitors.
3. IP Reputation Services: You could use an IP reputation service (like Spamhaus or Project Honey Pot) to dynamically block known bad IP addresses without manually maintaining your own block list.

Regarding Microsoft, it’s tricky, but you can escalate the case by documenting everything and reaching out via security-specific contacts at Microsoft, like their Abuse team or through their Security Response Center.

When I click, “Update to version 6.6.2” I am challenged for FTP credentials. I am confused. Isn’t the php code on my site simply going to copy file(s) from www.ads-software.com? How does FTP become involved, and what are the expected credentials?

I’m not sure what the answer is. I am already logged in as a WordPress administrator, so that should be sufficient, but it doesn’t seem to work. I get “Error: Could not connect to the server. Please verify the settings are correct.”.

Thanks for the help,

Chris.