abuzon

I apparently missed a few vital messages on here between when I started that Reply and when I hit Submit! LOL

First, Mark, @mmaunder, I want to say thank you for doing what you do. I’m sure that your job is incredibly stressful to say the least. I’m sure you had a really sh1+ morning, to say the least and I would probably be a little “rough” as well.

While I know no one asked for my 2 cents, I’m gonna give it. I was 1 of many people in an un-caffeinated, foggy panic this morning and Jason @viablethought hopped in and surely prevented LOTS of people from ruining their whole day by doing something stupid like deleting their half their core files, incorrectly assuming they had been hacked and “there were no other options to click…” We’re talkin’ people who don’t even know what FTP is, let alone how to log in and use it to fix such a screw-up.

All these mom n’ pop shops, the family-owned, the 1-5 employee businesses – they rely on the goodness of people like Jason @viablethought to give them guidance when they’re experiencing tech nightmares. While the “fix” he gave was apparently just a coincidence, it certainly didn’t do any harm to anyone. To put him down in any way, or really, to do anything other than thank him for hopping in to quell the panic and prevent folks from doing something that’ll take them all day to fix (or cost them a week’s worth of profits to pay to have fixed), while there was total radio silence from Wordfence re: the matter.

I just really, really highly doubt that his suggestion to go update Firewall rules would “significantly increase our support load as we have to correct the misunderstanding you’ve created”. That just seems really far fetched, not to mention just kinda crappy.

Allow me to retry this for you.

Dear Jason @viablethought,

Thank you so much for trying to help people out while we were working on the fix and writing a response or announcement acknowledging the problem. Sorry we weren’t able to get a note up sooner. While your suggested fix was a good shot, it was actually just a coincidence. Here’s what actually happened: techy stuff, rate limiting repo…

We appreciate your suggestions and we are listening to the feedback that you and others have provided.

Thanks again for hopping in and preventing people from hitting the “Self Destruct” button on their websites!

– What Wordfence (specifically Mark) should have said

@generosus and @viablethought thank you so much and yes, I 2nd/3rd everything said.

So, I have to laugh at myself for panicking… The reason I panicked? The word “bastard”.
The first file I looked at (and the only one of 2,312) was /wp-includes/wp-diff.php, which states: “WordPress Diff bastard child of old MediaWiki Diff Formatter.”

Immediately, I thought “nope, there’s no way that’s a core file!” and hurriedly reverted to yesterday’s backup! ::forehead smack:: Doh!

+1

Also Siteground

Did a restore to pre 6.7 and now anything /wp-admin/* redirects to /wp-admin/upgrade.php?_wp_http_referer=%2Fwp-admin%2Fplugins.php which says:

“No Update Required
Your WordPress database is already up to date!”

“Continue” button redirects to homepage, front end, cannot access anything /wp-admin/.

I just encountered this for the first time too, and I’ve seen well over a hundred WP installs. The site is on Hostgator, which is now Bluehost I think. @moonrat where is your site hosted?

@russellbalnig right, that’s what we’re talking about. There is no 8.5.0 there to download. Download button just downloads 8.4.0. Sidebar stats say “Current Version” 8.4.0

Ditto! I’ve never seen Wordfence expose a vulnerability and say “here’s the plugin’s patch” but there’s nothing there… And 8.5.0 rather than 8.4.1 seemed odd too.

Cleared every cache everywhere, wondering if it was my ISP’s cache or something, but the site shows no available update either.

Should we revert to 8.3.1? Or just ensure Firewall rules are Updated – do the “Manual Refresh”?

Will post to Wordfence too. @mmaunder @wfryan @wfmattr

Yes, I saw and replied to your email. My reply stated that providing a WP admin login, cPanel access and FTP credentials was not necessary and could not possibly be beneficial. Not to mention, a majorly unnecessary security risk. The default support response should never be to request someone send login credentials for every critical access point via email; as an obvious security risk, that should be a worst-case-scenario-ONLY request – certainly not a Step 1 request. And you team has got to find a more secure way of passing that info IF they absolutely NEED that info. Just tell them to use OneTimeSecret or something.

Anyhow, regarding my ticket and my situation….

I noticed after posting here and submitting my ticket that the main WPL plugin page on WP.org actually stated:
Tested up to: 6.4.2
<span style=”text-decoration: underline;”>PHP Version: 8</span>. – however, now it says “7.4 or higher” so I tried again I was able to update the plugin today, so you have obviously resolved the problem.

I’m suprised how poorly this was handled though. When I saw that PHP 8 requirement, after the plugin had JUST recently been updated for PHP 8 compatibility, I assumed your team would know immediately what was wrong and would correct the mistake on their PHP version requirement and announce the patch.

To my surprise, over a day later, I wasn’t contacted with a “OH wow! Our bad! We’re putting out a patch ASAP”. Rather, I was asked to send full backend access to a huge non-profit’s website and server – not through any kind of protected, encrypted process, just via regular old email. Lucky for my client, it was me who had filed the ticket. Had it been one of their office staff, they likely would have naively done exactly what WPL’s Support had requested and replied to the email with every username and password and URL they could find, putting the security of the entire organization at risk.

I haven’t heard from anyone saying it was fixed and the version number is still the same, 4.13.13, so of course the Changelog makes no mention of the problem or the fix. It says Last Updated: 1 day ago though and 4.13.13 was released many days, if not a week, earlier. So, thank you for getting that fixed.

I hope you will also look in to fixing your Support dept’s lack of security with customers’ login credentials and ensure they only request access as a last resort.

Thank you @sc0ttkclark! Fastest plugin fixer-upper in the world!

Hey all! See new Pods 2.9.18, just released!!

• This reply was modified 1 year, 5 months ago by abuzon.

I’m using Chrome and Windows 10, all current versions of everything. You can tell immediately that the content from PDFs won’t copy because the cursor is the size of half the page. So when you do copy/paste from a PDF it’s just random letters and some foreign symbols.

EDIT: RESOLVED! Just tried HTML again from the web-hosted version, with Notepad open and clicked into, then went back and Copied to Clipboard again, then Paste into Notepad and that worked!!!!! WOW!! YAY!!

Just tried again to do HTML from the web-hosted version. I did Copy and it said “Copied! Ready to paste!” but wherever I go, and whether I CTRL+V or right-click, it just pastes the last thing I had copied an hour ago. To try to Save it as an HTML file, it just saves the HTML of the exterior container.

The PDFs are 27 MB and 84 MB, so I can’t even email them to you. I have Creative Suite, so even when I try to Edit the smaller PDF (I think that’s from the WP plugin) you can tell the text is all chopped up into strange overlaid blocks.

I appreciate any help you can provide! It 158 blog posts… I just can’t go into each one and copy/paste, though I’d probably be done by now LOL

• This reply was modified 1 year, 5 months ago by abuzon. Reason: Resolved!

Hi Alex @ziher4 ,

I have another request. I would love to see the option to use the more widely recognized symbol (in America anyway) of the A A A with the A increasing in size.

Also, thanks again for adding the Include Exclude classes! I had great success with the Exclude. The Include class though, it would jump from 20px to 51.8px to 134.5px and Reset will only take it back down to 47.1px, still “!important” until page refresh. Not a big deal though. I can send you more details when I have more time if you would like though.

@ziher4 Thank you SO MUCH for doing this! Sorry for the delay in the thanking. I was not expecting my suggestion even be read let alone acted on, let alone so soon! WOW! THANK YOU!

Hi Jeroen,

How would I even know? I never saw any warnings about WooCommerce SEO being out of date or about the license being expired. Licenses were all purchased by the client, so I have no idea what they have/haven’t renewed unless the site tells me. I certainly wouldn’t have expected a reputable SEO plugin’s addon to break a 2-year old site…

What is the current version, or how would I even find that?

All I can find is “However, we want to assure you that all features and functionality of the plugin will work regardless of the subscription status with the exception of the?morphology functionality?(word forms).?” Which is most certainly, obviously, not true.

@jrpmedia and @dwaynecasey what I always do in Search Console is go to Inspect the URL and see what pages are referring. GSC won’t detect things that aren’t in the Sitemap unless something links to it.

For some reason my client’s homepage, contact page and 2 blog articles are referring/linking to?/wp-admin/admin-ajax.php (per GSC)

What I was wondering more than anything is WHY are pages linking to it and what made Google suddenly pick it up?

It appears on my site that it’s Beaver Builder and PowerPack for BB.

I have “script>var wpAjaxUrl=” and then “flBuilderUrl=’…wp-content/plugins/bb-plugin/”
and then PowerPack: “script>var bb_powerpack = {ajaxurl: ‘…/wp-admin/admin-ajax.php’,search_term: ”,callback: function”

It seems like GSC just goes in fits of detecting strange things. I manage about 30 sites in GSC and I’ll see trends of random crap like this, but it always alarms me nonetheless.

Yes, it is THE “Shop” page.

From SC:

New Page indexing issues detected for https://www.p*****ekitchen.com/
Feb 18, 2023
Page indexing

Search Console has identified that your site is affected by 1 Page indexing issue(s). The following issues were found on your site.

Top Issues
Duplicate, Google chose different canonical than user
We recommend that you fix these issues when possible to enable the best experience and coverage in Google Search.

https://snipboard.io/nqTXtr.jpg

https://snipboard.io/4hnETa.jpg