doug wilson

If plugins are doing things you aren’t aware of, familiar with, in control of etc. I would suggest not using them. If you want to cache files you can use this outline for .htaccess. I included a deflate (compress) option here also.

# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

#
# HEADERS and CACHING
#
# 1 Hour = 3600
# 1 Day = 43200
# 1 Week = 604800
# 1 Month = 2592000
# 1 Year = 29030400
# any Expires Directives go here
# 1 YEAR
<FilesMatch “\.(ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|flv|mp3)$”>
Header set Cache-Control “max-age=29030400, public”
</FilesMatch>

# 1 MONTH
<FilesMatch “\.(jpg|jpeg|png|gif)$”>
Header set Cache-Control “max-age=2419200, public”
</FilesMatch>

# 1 WEEK
<FilesMatch “\.(txt|css|js|swf)$”>
Header set Cache-Control “max-age=604800, public”
</FilesMatch>

# NONE
<FilesMatch “\.(pl|html|htm|php|cgi|spl)$”>
Header set Cache-Control “max-age=20, must-revalidate”
</FilesMatch>

##Deny access to all CGI, Perl, Python and text files
<FilesMatch “\.(cgi|pl|py|txt|cfg|settings)”>
Deny from all
</FilesMatch>

This will give you total control of your site/blog and if you want to remove it – it’s gone – no side effects.

This is the way I set up my own site. You of course can change anything you like, play around with it. Always use something like rexswain’s http tool to make sure thing are working and you’re getting nice 200 codes.

remove and reload everything but files with database info (unless you know what was in them and can recreate them).

What I do:
Let mobile devices, all browsers and users take care of themselves. Cache things using htaccess and don’t use seo plugins.

Use filezilla but use it rarely and delete all personal info each time. Use the file editor on the server instead. Don’t share desktops or files. Eliminate as many dynamic forms as possible. I got rid of users. Anyone can comment if they can get past Captcha, Askimet and htaccess rules: 99.9% of spam ends up in spam list and I delete it without looking at it to closely.

“That does exist” – you lost me, what exists?
“can you access the wp-admin after logging on?” Yes

I took the login widget out and put the meta widget back in. Thought maybe wp-login.php might be set up wrong.

I did disable plugins when I started looking for problem, no effect.

What I have now is a 404 when I choose to empty(all) spam. Delete permanently one at a time works, but not select-all delete or empty spam.

I may have to replace easel php files (wp-login, edit-comments.php etc.). Which ones have database settings? Do you know? I’d rather leave them alone if possible.

I have easel because I wanted three columns. not using custom header. but I think it may have something to do with easel and latest wp/update.

3 col theme suggestions?

I usually strip things down to the bare bones. I use the seo plugin but only have don’t index tags as archives as a setting.

So far with the phpMyadmin>options>home>blank – things seem to be working.

The wp/install is the watching the world blog on my domain you’re welcome to go hit some buttons if you like, see if everything works. That would be helpful for me, thanks for responses. Doug

phpadmin home blank worked for login

just rechecked working blog and /options/home is blank: I’m gonna see what that does.

I just took the login widget out and put the meta widget in to see if that made a difference. I guess that wouldn’t effect the rest (spam edit/ check all)

“for the row “home” and “siteurl” change the link as”

Did you mean, change the link to?

I’ve tried phpAdmin settings both ways. wp codex says NO trailing slash (doesn’t it?) Do you have a trailing slash at the end of your urls?

I have other blogs that work fine – I’ve set this one the same (cleared cache).

Remember: The url for the 404 is domaindotcom/wpsite/wpsite/ (extra directory)

and wp/bar takes me right to admin, so I’m thinking settings in wp_login.php or something

Any other thoughts

those are set right, dgswilson.com/wpsite/

I don’t know “exactly” what broke (above post) but that file remains in directory after W3Cache-plugin is removed. Also W3Cache changes stay in wp-config:

(top)
/** Enable W3 Total Cache **/
define(‘WP_CACHE’, false); // Added by W3 Total Cache

(bottom)
/** Enable the WordPress Object Cache. */
define(ENABLE_CACHE, true);

While these files and settings are still present it can do some funny things to paths: login (404), empty spam (404) etc.

I had to spend a lot of time trying to figure this out.

Everything that happens on my site that I don’t understand is problematic. There’s a reason why everything happens and not knowing what the reasons are is a problem. But, I’ve always hated not knowing things. I’ll solve it, Thanks, Doug

I’m using a whitelist in main htaccess. I just added a more specific “msnbot2.0b” for msnbot but I’m more puzzled by the “/” issue. That page, when I click on the link, has a trailing slash. There should be no non-/ url’s to not find.

What is the rule that produces the error?

I have this in my wordpress-org blog footer

    <? //print on the screen how long this page to took to load

$seconds = microtime() – $microtimer;

echo ‘This page took ‘ . round($seconds,3) . ‘ seconds to load.’; ?>
</body>
</html>

Now I know how fast my server is delivering requests. I think my last server load time for my (most crowded) blog was 0.700 seconds. Now If I count of 3 seconds or so for everything to show up – check server load time and it’s 0. something – then I’ve got to look elsewhere.

Just allows us to eliminate potential sources

Did you ever get this figured out? I’m going through the same thing. I had/have a hacker messing with things. In an attempt to change admin passwords I am now given “You do not have sufficient permissions to access this page.” on one blog, but not another. Both blogs use the same database. I’m not good at messing with database stuff. There must be a well known reason for this. It can’t just be a rare and solitary incident.

This blog works https://www.dgswilson.com/wpsite/ (can log in) this one gives error https://www.dgswilson.com/wp/

I’m completely out of ideas…

As DeepJava says, clean up local machine first. (rootkits, keyloogers). One way that hackers get in to your data base is by making randon queries to your website and reading the information Apache provides in error messages. You can make an error page (html. Or I suppose a page on wordpress) In htaccess file place this lines:

`RewriteEngine on
<Files 403.shtml>
order allow,deny
allow from all
</Files>

ErrorDocument 400 /errorPage.html
ErrorDocument 401 /errorPage.html
ErrorDocument 403 /errorPage.html
ErrorDocument 404 /errorPage.html
ErrorDocument 500 /errorPage.html`

I’ve just put all the error codes so you don’t have to look them up. Test this by typing your url then anything like mydomain.com/anything and see what happens.

Forms are used to get the Apache server to deliver error codes. Remember you can upgrade, or reinstall, at anytime – just tell the automated response to – do it anyway.

https://www.dgswilson.com/wp/