gabrewat

As a workaround, you can still edit Elementor pages when domain mapped by temporarily disabling the “Primary” status of the domain (set in the Network Admin – Settings/Domains menu area). After editing, re-enable to make domain redirects function properly on the frontend.

I would recommend a setting in Elementor (or smart code) for this situation that most likely will affect all WP multisite installs using Elementor.

+1 (rodgonz)

Same here with multisite install using MU Domain Mapping plugin. Looking forward to a fix soon.

dcutri, my last message to iThemes support was to help them with the problem I reported – I have yet to find the solution and still is a problem for me even after multiple plugin updates.

Using var_dump on $_POST (before the call to wp_verify_nonce) I got the following:

array(3) { [“wp_nonce”]=> string(10) “6ca1810cba” [“_wp_http_referer”]=> string(60) “/wp-admin/network/admin.php?page=toplevel_page_itsec_backups” [“itsec_backup”]=> string(15) “one_time_backup” }

Hope this helps.

I’ve tried to disable all other plugins in my multisite install and changed the theme temporarily to the default TwentyFourteen theme but still get the “Security error!” message.

I’ve tracked the error to line 752 in modules/free/backup/class-itsec-backup-admin.php in the function save_network_options. Apparently, the ! wp_verify_nonce( $_POST[‘_wpnonce’], ‘security_page_toplevel_page_itsec_settings-options’ ) fails and the message is displayed and the backup is immediately cancelled.

While this may correct the problem in the config file and allow NGINX server to restart without error, I’m not certain that is the permanent fix that the developer intends for the valid_referers parameters.

I did change the PHP source to not output the additional space character and at least when the config file is rewritten, NGINX can restart gracefully without error.

I’m running Centos Unix server, not Windows.

Same as Dpointgym here.

I had similar problems until I isolated the problem to the Login Security Solution plugin. At this time I have not found any workaround so I must temporarily disable it before publishing post in order for Facebook and Twitter pages to get properly updated.

Same problem as Flippy723.

After a little investigating and testing, was able to make Infinite Scrolling work by disabling one of Better WP Security’s Tweaks. Look under Tweaks tab to bottom (Other Tweaks) and disable “Prevent long URL strings” setting.

Infinite Scrolling generates a 500-600 character URL string which exceeds BWS max URL string length (255) when this “tweak” is enabled.

I’ve made changes to inc/secure.php of the BWS plugin source to allow for Infinite Scroll longer URL string:

//ban extra-long urls if turned on
                                if ( $bwpsoptions['st_longurl'] == 1 && ! is_admin() ) {

                                        if ( strlen( $_SERVER['REQUEST_URI'] ) > 255 ||

                                                strpos( $_SERVER['REQUEST_URI'], "eval(" ) ||
                                                strpos( $_SERVER['REQUEST_URI'], "CONCAT" ) ||
                                                strpos( $_SERVER['REQUEST_URI'], "UNION+SELECT" ) ||
                                                strpos( $_SERVER['REQUEST_URI'], "base64" ) ) {

if ( strpos( $_SERVER['REQUEST_URI'], "action=infinite_scroll" ) == 0 ) {

                                                @header( 'HTTP/1.1 414 Request-URI Too Long' );
                                                @header( 'Status: 414 Request-URI Too Long' );
                                                @header( 'Cache-Control: no-cache, must-revalidate' );
                                                @header( 'Expires: Thu, 22 Jun 1978 00:28:00 GMT' );
                                                @header( 'Connection: Close' );
                                                @exit;
}

                                        }

                                }

Perhaps the BWS plugin should allow for exceptions to be added to allow longer URL strings for offending plugins.

Same problem as Keezie with Jetpack’s Infinite Scroll enabled.

I disabled BWS with a global mu-plugin I created just for the sites that use Infinite Scroll in the theme and scrolling worked again.

The only problem is that because BWS was now disabled for those sites, they didn’t get login protection and therefore started getting lots on automated login attempts.

I hope this can be fixed as I really like Infinite Scrolling feature of Jetpack.

A new list of fonts (600 as of 5-Dec-2012) can be found here (pastebin.com). Follow the same instructions by jeeni above to apply the changes to the plugin.

If you use Domain Mapping for multi-site install, check the Settings/Domain Mapping admin pane and disable (uncheck) the “Redirect administration pages to site’s original domain (remote login disabled if this redirect is disabled)” option. Seems this causes problems with AJAX redirects (302 errors) because AJAX calls only work on the same domain/sub-domain.