IAmMarchHare

Let me also echo a thanks for getting back to us. I figured it was probably a false positive, but I wanted to wait for confirmation before changing the permissions back.

@callie1983: Please don’t hijack threads. Last time I was locked out because of WF, I simply ftp’ed in and changed the directory name. Most WP plugins work that way. Remove or rename them, and that renders them unable to work.

My $0.02: Do not ever under any circumstances get involved with any “security” or “malware” company that calls you out of the blue. It is the oldest trick in the book. Furthermore, google “sitelock reviews” and make up your own mind about the company itself.

I’d have to wonder how they could have pulled clamscan logs off of your site, BTW. It sounds like either your site is horribly open or someone is lying. If you are indeed running clamscan, check your own logs. If you cannot find any scan logs, then open up an ssh session and manually run it to see what gets spit out.

Lastly, get another opinion. You can get a free security scan at https://sitecheck.sucuri.net if you are suspicious. If it reports clean and WF reports clean, then write off the call as yet another marketing scam.

Well, I am going to reluctantly mark this as resolved, since it is not a theme issue, but I would have hoped for an answer on how to revert it. Giving it another name only takes care of the title issue, but the tagline will still be missing.

There are some changes that WP makes at times that baffle me. If they were going to make such a change, it should have been made an option somewhere.

OK, after playing with this, I’m considering this solved. Having said that, it appears that caching for me makes matters worse, espectially the high level Falcon caching. The lower level worked, for a while, but even it eventually spikes and goes wonky. I think I’m just going to move up to the next level on the VPS and increase the virtual memory in addition to the RAM increase.

OK, that does help in that adding Limit to the AllowOverride directive worked. I’m not without some sense of confusion, though.

From what I understand, “Order Deny,Allow” is the default, so is it necessary? More to the point, I see no other deny or allow statements, so could this have been fixed simply by commenting that line out?

My second concern is that, since this is deprecated, could this cause issues down the road?

At any rate, I’m going to run it like this for a day or so unless I run into issues. If it seems to be working and keeping the load down, then I’ll make it permanent.

One possibility, if your host is running Apache 2.4, some of the directives in .htaccess have changed since Apache 2.2.

I did not know that. Does that mean the directives you add to .htaccess won’t work in 2.4? I am running 2.4.7.

Indeed, the error log shows several lines I’m not familiar with like:

[Sun Nov 01 19:42:30.963839 2015] [core:alert] [pid 21275] [client 71.218.76.82:46654] /var/www/.htaccess: order not allowed here, referer: https://www.churchofgodperspective.org/wp-content/plugins/wordfence/css/main.css?ver=37d2c930d8517afa8039eac193c2f226
[Sun Nov 01 19:42:34.092275 2015] [core:alert] [pid 21060] [client 71.218.76.82:46656] /var/www/.htaccess: order not allowed here, referer: https://www.churchofgodperspective.org/wp-admin/admin.php?page=WordfenceSitePerf

No, I am not using CloudFlare or anything like that.

My .htaccess file is custom but not overly convoluted:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
# See https://www.javascriptkit.com/howto/htaccess14.shtml
# The following causes 500 errors
#Options +FollowSymlinks
# Block by referrer, from https://www.htaccess-guide.com/deny-visitors-by-referrer/
# Modified using https://www.htaccesstools.com/block-hitbots/
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?lanud-adisutjipto.mil.id.*$ [NC,OR]
#RewriteCond %{HTTP_REFERER} ^([^.]+.)*?google.com/search\?q\=2\+guys\+1\+horse$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?fr-voyage.com.*$ [NC]
#RewriteCond %{HTTP_USER_AGENT} ^x00_-gawa\.sa\.pilipinas\.2015 [NC]
RewriteRule .* - [F,L]

RewriteBase /

# Rewrite subdomains to directories
RewriteCond %{HTTP_HOST} ^wiki\.cogperspective\.org [OR]
RewriteCond %{HTTP_HOST} ^wiki\.churchofgodperspective\.org
RewriteRule ^(.*)$ https://www.churchofgodperspective.org/wiki/$1 [R=301,L]

RewriteCond %{HTTP_HOST} ^blog\.cogperspective\.org [OR]
RewriteCond %{HTTP_HOST} ^blog\.churchofgodperspective\.org
RewriteRule ^(.*)$ https://www.churchofgodperspective.org/blog/$1 [R=301,L]

# Force "www"
RewriteCond %{HTTP_HOST} ^cogperspective\.org [OR]
RewriteCond %{HTTP_HOST} ^churchofgodperspective\.org
RewriteRule ^(.*)$ https://www.churchofgodperspective.org/$1 [R=301,L]

# Mediawiki additions
# Short url for wiki pages
RewriteRule ^/?wiki(/.*)?$ %{DOCUMENT_ROOT}/w/index.php [L]
# Redirect / to Main Page
RewriteRule ^/*$ %{DOCUMENT_ROOT}/w/index.php [L]

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Yeah, that is sort of what I’d thought, but I wanted to cover all of the bases. I’m running out of time to do much right now, but I’m seriously considering building my own droplet from the ground up rather than relying upon one of the pre-built one.s

You’re missing the point. This was a clean install.

/var/www/apache2/error.log doesn’t seem to contain a whole lot except a lot of shutdowns and restarts until this morning when I was working on the .htaccess file that caused some errors for a brief time. I even turned on WP debug, which has a few deprecated and notice lines.

In the midst of it all, I changed the main URL, and the old one redirects to the new one. These errors seem like they are hammering on the old URL even though to go to the login page they should be automatically redirected. I’m beginning to think these errors are quite different than the ones I saw before, which turned out to probably be a corrupt user database.

I just want to mention that there have been about three (maybe four) updates since I last posted. It does seem to post the featured image (not one posted at beginning of article but marked as featured for that article) at times, but it doesn’t seem consistent. Night before last, I posted an article and it showed the logo on G+, but this evening it showed the featured image. Whatever you’re doing, it is getting closer.

@WF Support: It is difficult to say. The update and the scan took place at roughly the same time. My educated guess is that there was a race condition resulting in bogus alerts.

This sounds like a good thing for another reason. This morning, I got email alerts from WordFence about WordFence itself. When viewing the differences:

Author: Wordfence Version: 5.2.7

vs

Author: Wordfence Version: 5.2.8

*all three showed the logo instead of the image*

Well, I’ve posted three posts today, trying to recreate the conditions under which an image other than the logo shows on G+, and I cannot seem to do it. I’ve tried linking to an image on Wikimedia Commons, upload with a subtitle using the h2 tag, upload without an h2 subtitle preceding it, and all three did not show the logo. I have verified that all 3 are publicly shared, so that variable seems to be out.

I don’t know what more info to give about this right now.