iframe

Thank you.
The problem is consistent and won’t go away after switching to the default theme and disabling all plugins.
As soon as I activate this single plugin, the admin panel won’t load. WP Debug reads some message, I will provide it on your forum.

However, this problem seems related to my specific environment. That’s CentOS 7.
Out-of-the-box WordPress fresh install on Ubuntu 16.04 (PHP 7.0.22) with a single Toolset Types works fine.

See you on your forum ??

Thank you.

There’s too much information. We need to concentrate on the right error ?? (pun intended).

Notice the time when you click and your new page reads 404 and see the log record with that time.
You may duplicate creating the new page to duplicate the log’s error so it would be easier to get them noticed.

Technically, you have the total control over your Linux box.
Just see Apache error log, it gives you an idea what’s wrong.

Yes, that’s correct.

Just make sure to click “Month and name” under Setting – Permalinks.

Hey,
I believe there’s no valid .htaccess file in your public_html folder.

Check it out
https://www.ads-software.com/support/topic/httpwwwwp1aorgjqueryjs-is-this-a-real-library-or-malware

they are only doing it few hours a day

@jay, in such desperate situations like this, I would try to play with DNS.

If I were you, I would set a mirror site and change the name servers as soon you notice another attack.

Ir won’t take too much time to propagate it in US. I have seen it comes in 10 minutes or so. That means if you are US-based and dealing with US customers, you will be fine.
For the rest of the world name server changes usually take 24 to 48 hours to fully start working. In other words, those foreign bots would continue taking down your “secondary” site for a day or two.

You may switch it back at any time when they come to you on the mirror site.

Sounds goofy? Isn’t this world goofy enough already? ??

Hey,

What specific files are under attack?

You could HACK core Or you could change it by changing the display name in the users profile.

Your statement is wrong.

Out of the box WP creates user_login, user_nicename, display_name.
All three are the same.

Changing the display name in the users profile. as you put it, changes display_name.

Automated user enumeration reads user_nicename, not display_name.

Thank you barnez.

Using your approach, there will be less sites hacked.
Please keep in mind there are still plenty of WordPress users who never check raw logs to notice they are under attack til it’s too late.

That’s “millions of gullible people” I was referring to. They have no idea the default WordPress install needs to get secured just as you said.

By the way, double check whether or not the security plugin of your choice protects your blog against brute forcing with the use of xmlrpc.php
Some of them lacks that feature, so your peace of mind could be just a bubble.

Thank you.

We are millions of gullible people being brainwashed on a daily basis.
Security experts who manage dedicated server or a VPS, run OSSEC to secure WordPress.
All we need is a reputable hacker to step in to confirm there are enough tools to perform an automated user enumeration and having valid user accounts will be very useful when it comes to brute forcing passwords on shared web hosting services.

Thanks a lot, mepmepmep.

Before contacting you I was playing with the code a day or two, trying to find the right alternative to if ( is_front_page() clause, then I gave up.

You are a genius.

Thanks again.

Hey mepmepmep

I wonder if you monitor your previous threads.

When you have a chance, please take a look to share your wisdom

https://www.ads-software.com/support/topic/slider-on-every-page-2?replies=6″

Thank you.

@mepmepmep

Could you please share your steps?

Thank you.

Never mind, 3.5.1 fixed the problem.

Thank you.