Get jili app login register link.REGISTER NOW GET FREE 888 PESOS REWARDS!

Unwanted spam messages from “my blog” that iI cant’t locate on my wordpress

goodwilllanguage — Tue, 24 Sep 2024 14:38:41 +0000

Hello,

I’m currently going through spam message attack from an unknown source and I’ve tried to locate where my blog is located but i cant really find it on my wordpress but each spam message always comes in, i have installed several plugins and other connections but it is not stopping

Hackers Card-testing. How to mitigate?

serenityinchains — Wed, 24 Jul 2024 15:40:07 +0000

Hi. I have been hit several times in the last few months with hackers card-testing on my site. They attempt to make a small purchase on various credit cards under various names and addresses, sometimes hundreds of times in an hour.

Stripe’s docs suggest rate-limiting in the payment plugin, so that after a certain number of failed attempts the user is locked out of checkout. I don’t see that as an option in the plugin.

I’ve already updated my firewall’s settings to block them after the fact, but there is no way to stop them during the process without involving the plugin running checkout.

Is there something you recommend to stop these card-testing attempts?

Thanks!

“logged in successfully as wp_update-17xxxxxx

gohanlover — Tue, 11 Jun 2024 08:06:53 +0000

Hey guys,
maybe someone can help me? I’ve been having problems since last October that every one to two weeks (at the latest) Wordfence gives me the message “”logged in successfully as “wp_update-1718073525”” and that the user was created outside. I also have what feels like thousands of people trying to hack into my site every day. And every time my website is gone when someone has managed to do it again and you are immediately redirected to a virus page when you go to my site and that is of course also super dubious for people who are coming on my website and and many people wrote to me about it. But I’m getting really fed up with having to check every day to see if there’s another user in there. I’m constantly changing my password, have tried so many “secure” themes, use no plugins (except Wordfence and one to allow cookies to be blocked) and keep everything to a minimum, have also paid attention to the xml-rpc thing etc. but I don’t know how and through what they get in every time, I’ve already blocked hundreds of people but have no idea what else to do. I have also rebuilt the website 3 times, deleted everything, nothing helps. I’m really desperate.

thnx

How to Prevent WooCommerce Fake Orders?

jscmal — Sun, 02 Jun 2024 14:02:26 +0000

Hi.

Does AIOS prevent WooCommerce Fake Orders?

Does AIOS add an honeypot or captcha in the checkout page?

I ask because I am not sure if AIOS checks also the Checkout Page to prevent fake orders. I would know what the tool does for these cases.

Waiting for your reply, I wish you a very nice day.

King regards

G. Aloe

Increased attack rate but cannot block IP

neverpaintagain — Mon, 13 May 2024 10:57:52 +0000

Hi, in my Wordefence “live traffic” section, I keep getting reports about an IP (127.0.0.1) and having emails about increased attack rate. Wordfence is blocking it all thankfully however when I go to click “block IP” i get a message saying ….

“The IP address 127.0.0.1 is in a range of IP addresses that Wordfence does not block. The IP range may be internal or belong to a service safe to allow access for.”….

This has only been happening the past 2 weeks. The IP address is hitting on all manner of urls that do not exist, for example “(mysite).co.uk/………wp-includes/sodium_compat/src/Core32/Poly1305/radio.php” which do not exist.

Is this some sort of false positive or is someone or something using this to try and jack into the iste?

Any help appreciated

Thanks

Hacking: Unauthorized Admin Login

achanne — Mon, 11 Mar 2024 09:16:47 +0000

Hi All,

I have a site in which, after activating an activity log plugin, I have discovered unauthorized admin account logins despite changing password multiple times, using long randomly generated passwords. I have already blocked xmlrpc.php using a plugin. When I checked visit logs in C-Panel, matching the suspicious login IP address and time to that recorded in the dasboard’s activity log (plugin), it looks like login was via example.com/wp-json/wp/v2/users (where example.com is our own url) which I think has something to do with REST API. It looks like the hacker was able to somehow login WITHOUT a password.

I understand I can easily disable the /wp-json/wp/v2/users but we NEED REST API because xmlrpc.php has been disabled (which helped reduce brute force attack) and we have plugins (such as Mail SMTP) that require connections to third party sites such as Google (where secret keys are used). How can I secure the site and still be able to use REST API?

Excellent to shield your wordpress site

melbanuelos — Mon, 15 Jan 2024 19:03:23 +0000

Wordfence has been my solution to a serious issue we encountered with one of our websites. We built the site on WordPress, have an online store, and use WooCommerce. When we were linking the pixels, we unfortunately experienced being hacked. We realized this because our META ads were being redirected to unknown sites, completely unrelated to ours, in a sort of phishing scheme. That’s when we understood that the problem originated from our site, which had been hacked and infected with malicious code causing this redirection. We purchased the ‘Wordfence Care’ package, as our site was fully infected and we needed a thorough review by experts. Dave, who was our consultant, was extremely kind from the start and always attentive to all our emails. We methodically reviewed every potential vulnerability, and finally, the site was completely clean. We will stick with Wordfence to fortify our site, as hacks are becoming more and more common, and it’s very risky when dealing with e-commerce. Thank you!

Disable User Login – Vulnerability found in 1.3.7.

angrywarrior — Wed, 10 Jan 2024 09:22:45 +0000

We are getting reports from our security system that your plugin has a security issue:
#WordPress Disable User Login plugin <= 1.3.7 – Cross Site Request Forgery (CSRF) vulnerability
-Vulnerability type: Cross Site Request Forgery (CSRF)
-No Update Available

So when will this be fixed? I can see your plugin was updated last time 5 months ago. Is there a planned fix for this security issue?

Thanks in advance.
Kind regards
AngryWarrior

Resolving Vulnerabilities

JulieMarie — Thu, 09 Nov 2023 02:06:14 +0000

This plugin is awesome except that it made my site vulnerable to attack: https://patchstack.com/database/vulnerability/jquery-collapse-o-matic/wordpress-collapse-o-matic-plugin-1-8-3-cross-site-scripting-xss-vulnerability?_a_id=431

Causes vulnerabilities and hacking?

JulieMarie — Thu, 09 Nov 2023 01:59:42 +0000

Has there been any progress toward resolving vulnerabilities induced by your plugin? https://patchstack.com/database/vulnerability/wp-auto-affiliate-links/wordpress-auto-affiliate-links-plugin-6-4-2-3-csrf-lead-to-stored-xss-vulnerability?_a_id=431?