christopherross

Sure can Scott! I was planning to release that update later this month as part of a larger push, but I’ll push it up as a small fix for you today.

Look for 1.2.9 later today and it should work.

there’s a new release today, and it should solve that issue

Found it. Actually David found it, but he was kind enough to show me the exploit. For obvious reasons I’d rather not share here. Chris

Thanks Pippin, it’s a weird one.

There’s no forward facing use of the name that I can find either in a full site search or a full offline download. No author page, no links, posts, or pages associated with the account.

The problem is that either they got the name from the site, or they successful guessed the first name/initial letter combination of a developer without knowing who the developer was from the site.

Clearly there’s got to be something but it’s a mystery to me.

@emsi Anything’s possible =, but the two sites being attacked are mid range properties with moderate traffic, not our high (or low) traffic sites. It appears isolated to these two sites, and they don’t have passwords (just the usernames) which would tend to rule out a sniffer.

@pippin That was my first thought, and highly likely except the sites used different usernames. In the first case they knew to attack christopherr (as an example) and the second they knew to christopher (also an example).

I guess my concern is that somewhere there’s a list of usernames being made available through a back channel, but that seems ridiculously unlikely.

Hi Esmi, I’m certain they’ve not compromised the site as we have reasonable precautions in place. My concern is that they managed to guess the username in the first place.

We have two sites that the IP address has attempted to infiltrate in the last week, in both cases they “guessed” only one username per site (the account was different for each site), and it was an active administrators account.

I’ve scrapped the site with all files that are linked from the homepage, or any subsequent page and can’t find an occurrence of any usernames in the HTML. I’ve also looked at all the feeds from https://codex.www.ads-software.com/WordPress_Feeds and there’s nothing suspect in them.

It’s a mystery ??

@minoltian, first off let me say thank you for taking the time to test multiple scenarios before leaving your feedback. It’s valuable to me for beta testing and figure out why hotlinking is no longer working.

The problem might be as simple as where the redirect code is being written, or it could be specific to your server, your website, or your unique combination of software. On the other, it could be something affecting everybody. You’re welcome to fix the problem rather than just reporting it. That’s the beauty of the WordPress community, and the plugin community especially within the plugin community.

If there’s a problem, do us all a favour and fix it, or fork it but don’t just gripe about it.

Broken Link checker is a great tool but it’s memory hungry.

From WPEngine ( https://support.wpengine.com/disallowed-plugins/ ) :

Broken Link Checker Alternatives

If you used the Broken Link Checker plugin and wish we hadn’t banned it, we recommend that you use one of the following tools to check your site for broken links:

It’s not a plugin, and won’t make the server unhappy: https://www.brokenlinkcheck.com/. An even better solution to using a website to scan for broken links would be an application that you install on your computer:

Broken Link Check — Online, limited to 3000 pages.
Xenu Link Sleuth — Windows only.
Integrity — Macintosh only.

I use https://managewp.com/ to handle backups for my own site. It’s a simple, cost effective way to do backups.

@mperry8304, I’m not sure why you’re having a difficulty but the plugin’s Widget settings work perfectly with the default theme. Chris

Sorry no, what you’re asking for would be more of an iFrame.

Chris

Hi Andy, when you rewrite a CPT slug you need to flush the rewrite rules for them to take affect.

Either add flush_rewrite_rules(); just under register_post_type( ‘publication’, $args ); and run it once (you only need it to run once) or manually flush them by switching your permalinks to something else and back to their correct settings.

Sorry no, you’d have have to create a new shortcode for that.

The basic idea is here https://thisismyurl.com/2440/create-a-random-redirect-in-wordpress/ but you’d have to create a shortcode following this tutorial https://www.wpbeginner.com/wp-tutorials/how-to-add-a-shortcode-in-wordpress/

Chris

If you want to use a second plugin, you can use https://thisismyurl.com/plugins/easy-recent-posts/ along with https://thisismyurl.com/plugins/easy-random-posts/ to do what you’re looking for.

Otherwise, you’d need to write a special function to do it.

https://www.ads-software.com/plugins/duplicate-post/