b-cat

Thanks! I followed your steps above and they were very helpful.

If we were adding htaccess usernames and passwords to the wp-admin directory, then all your steps above would be needed.

It turns out that in our case, this appears to be a much simpler problem to solve. We are just pw-protecting a specific subdirectory on our domain (e.g., “domain.com/restricted-folder-name/”), which is not the wp-admin folder and not inside that folder, so it does not appear we actually need to add anything to BPS custom code at all. (Or do we?)

All we have done now is add an .htaccess file to the folder we want to pw-restrict, and then identify in that file the location where it should read the .htpasswd file, which is located outside the publicly accessible site root. No edits to BPS seem to have been needed after all in this case.

I am also interested in turning off translation files updates, especially on a local development XAMPP installation of WP, where updates seem to timeout frequently on the translation files.

Anyone have any ideas on how to turn this off?

Update: Jetpack says that the “Protect” function does indeed require XML-RPC access to work properly. So, unfortunately, I will probably not be using Jetpack Protect.

Many thanks to the developers of BruteProtect for what they created, and for keeping it available through 2015! It’s been a great service. I hope a good alternative will emerge before 2016!

: (

Here’s an update / follow-up…

WP Super Cache (WPSC) does not yet seem to be able to read and respect IQBC’s “Do Not Cache” headers, but I have discovered that WPSC has it’s own “Do Not Cache Secret Key,” which is a unique random key code assigned to each installation of that plugin.

Is there a way that I can add that secret key code to IQBC’s configuration files so the secret key will be provided in the headers and maybe then WPSC will respect the “do not cache” instruction?

Any suggestions?

Thanks for this info. Very helpgul.

However, this still feels overly complicated to me. So, in the country blocking plugin one must specify which countries to block, and then in WPSC one must specify which countries will NOT be blocked so that WPSC can create a separate cache just for those countries.

As soon as I make any changes to the country blocking plugin, I must also simultaneously go over to WPSC and make the corresponding reverse changes to WPSC.

If I’m only blocking one or two countries in the country blocking plugin, I must then specify (by hand typing, no less) in WPSC the remaining HUNDREDS of other countries that I want to cache separately.

Wouldn’t the simplest solution be for WPSC to read and follow the “Do Not Cache” headers generated by other plugins. IQBC generates a “Do Not Cache” header (according to that plugin’s author), but it seems to have no effect within WPSC.

I see that WPSC includes on the Advanced tab a “DO NOT CACHE PAGE secret key”. What is the purpose of this? Can I place this key somewhere in another plugin’s config files to ensure that WPSC will not cache the other plugin’s generated html?

One other thought…

I noticed that in the WPSC Settings page > Advanced tab there is a notification that reads:
“DO NOT CACHE PAGE secret key: *******”

Is there a way that I can add this key to one of IQBC’s operating files so that IQBC will automatically submit that key with any “blocked” pages that it generates so that WPSC won’t cache them?

That would appear to be the point of the secret key, but I’m not clear on how to use it.

Any suggestions?

Hey, thanks for the reply and for the efforts to fix this issue!

However, I’ve given the new plugin (CC4WPSC) a try, and while it may be a good solution for others, I don’t think it will be ideal in my case.

To use CC4WPSC in tandem with IQBC, I will need to block all the countries I want to block in IQBC (and fyi, I’m blocking virtually every country in the world except the U.S.), and manually type in all the countries I’m blocking in your “do not cache” field in the CC4WPSC settings page.

That’s just too much manual effort, since I’m also likely to change the countries that are blocked periodically. Also, the CC4WPSC forces WPSC to use “legacy caching,” which is slower than using mod_rewrite, etc., which my service provider virtually requires (plus it’s just good practice when it’s do-able).

The ideal solution would be for WPSC to simply somehow see the “do not cache” instruction that IQBC (and probably other plugins) place in the headers, and then those pages would not be cached.

But…this is a great effort and I applaud it. It may be a perfect solution for other WP users. Thanks!

Hmm…now it is working properly! Maybe it took some time for the deleted tables to populate on the site server. I have been able to manually delete the alerts now.

Thanks!

[ Update ]

I queried the IQ Block Country (IQBC) plugin support forum regarding this plugin conflict, and the IQBC plugin author responded that IQBC already does send out the “DO NOT CACHE” header instruction, which should be respected by caching plugins like WP Super Cache.

Does WPSC not scan for other plugins’ requests that pages not be cached? This seems like a very important feature to include in WPSC. Maybe it is already there, but I don’t see the options in the WPSC settings.

Any advice?

Fyi, you can read the IQBC plugin response to this issue here:
https://www.ads-software.com/support/topic/how-to-set-do-not-cache-option

That’s good to hear! Thanks for that info.

I will convey this info to the WP Super Cache support forum and see if they can enable the plugin to respect IQBC’s “do not cache” instruction.

Thanks.

I followed WPWhiteSecurity’s instructions above exactly, and this has not fixed this problem for me. The Audit Log Viewer is still showing hundreds of alerts after I have manually limited alerts to 10 alerts.

I am using WP Security Audit Log Version 1.4.0, and WordPress version 4.1.1.

Any suggestions? Do I need to delete the plugin and reinstall it?

Thanks! Looks like a good solution.

I’ll see if I can work that into the CSS or php files somehow. Different themes drop the logo into the pages different ways, and it sometimes hard to sort out which file dropped the image filename into the html page that is rendered.

That snippet is cute, but it doesn’t answer Ypanesa’s question. The snippet inserts some animated text in the location where the site’s LOGO should go. This means you can’t use your own logo…you have to use Customizr’s animation of some other font that is not a logo.

So, the question remains: How do we place our own SVG logo file in the logo location? For some reason, Customizr will only accept png, jpg, and gif formats, even after you create the exception in WordPress allowing WordPress to accept SVG files.

Also, why is there no option to just paste an image file’s address for an image file that is already loaded in the site’s WordPress media library? The WordPress media library is quite useful, but Customizr seems to want us to re-load all images through it own panel (and this creates redundant copies of all those images in the media libray, while it’s at it).

Best practice is to use the media library, but Customizr doesn’t enable that.

Wow, Pascal, thanks for doing that!

However…I’m not highly skilled and I’m not exactly sure how to implement this.

(1)
I assume I need to place the StackOverflow code in my theme’s style.css file…yes? (Do I need to modify anything in the SO code, or do I just paste it as is?)

(2)
After doing #1 above, do I need to insert a custom CSS ID in each instance of the PB oEmbed player? What custom CSS ID do I put there?

Sorry for the newbie questions, but simple step by step answers will help me a lot (and this might also help other people who are trying to implement this, too).

Many thanks, Pascal!

Ah…okay. That explains a lot. Thanks very much.