isaacl

Thanks a lot, will just remove that one then (already tested it, and it works after only removing it from the QUERY_STRING line, as long as that’s fine.

I had seen other posts where you had mentioned that it is one of the things that can be more dangerous, but as long as this shouldn’t affect too much.

Thanks a lot for all your help and hard work on the plugin, and for keeping us safe!

Thanks for the reply.

The actual page is in a separate directory, and just being loaded by an internal page – any ideas for what to do in that case?

Thanks a lot!

Older versions are here: https://www.ads-software.com/plugins/wordpress-popup/developers/
Assuming you’re looking for this version: https://downloads.www.ads-software.com/plugin/wordpress-popup.4.7.1.1.zip

Still seeing version 4.8.0.0 here…

Thanks a lot, looking forward!

Thanks.

Had to disable the plugin manually for now (moved the folder out of the plugins folder), hoping the updated/fixed version will be out soon so I can re-enable it.

Sure, thanks!

Already did, thanks.
Have to convince myself I need the Pro version, but will get it eventually, thanks.

Awesome, think I’m going to go the lazy way for now and just leave those lines commented out and allow all head requests for now.
Thanks for the info and awesome plugin.
One of these days I should be getting myself the Pro version…
Any sales coming up? ??

Thanks.
Guess I would somehow have to figure out the bot names, or use the IP address method, though at this point, I’m not sure I’m scared of just allowing all HEAD requests (unless there’s a big risk involved there)…

@aitpro – Going to take a look at that, thanks a lot!

For some reason, that has worked for me for years – so long that I don’t even remember setting it up (though I obviously had this issues once before, and had to unblock something, though I must have figured out then what was blocking it), but it seems like everything else isn’t loaded directly.

I am not really a programmer though, I work in IT, and know enough about programming to be dangerous, but I wouldn’t know how WordPress plugins works, how they load content, etc.

The above method works for me – the blanket deny, and then allowing specific files through, but if it becomes an issue, then I can always remove it.

I seem to have the same type of htaccess file in the wp-includes folder, and then I have 2 step authentication and a bunch of other security settings set up in WP for logging in, though doing a http auth on that folder probably makes sense as well…

And I probably found that somewhere online a long time ago, about adding that in to the wp-content folder, and as long as nothing that’s not supposed to be blocked is blocked, I may as well keep it there, and now I can just unblock the individual files that I need to let through.

See above.
TL;DR – I’m an idiot.

And in response to my question, I already had some code there to allow specific PHP files through, so I added this:

<Files ~ “^(chat|loader)\.php$”>
Order Allow,Deny
Allow from all
</Files>

Assuming that should solve it.

Thanks to you both for all your help, and I’m really sorry about that, not sure why I didn’t bother checking there earlier…

And I am in idiot.

I had this in the wp-content .htaccess file:

<Files *.php>
deny from all
</Files>

So… Not sure how that got there, though it probably makes sense.
Any recommendations on what to put there, especially to allow this file through?

Thanks!