jeeni

The major points of entry tend to be from plugins. Outdated versions of Slider Revolution (revslider), Gravity Forms as well as any plugin or theme that had an outdated version of Tim Thumb (image resizer) all have known security loopholes. (I think those are the top 3 security loopholes I’ve seen for WordPress.) Also, there’s an xmlrpc.php vulnerability.

The best thing you can do after you get your site back together is to install and set up Sucuri (I see you already have) as well as Wordfence, and to update all user passwords and keep your software updated going forward.

If you’re using a WordPress default theme, or a free or premium theme, be sure to also keep the theme updated. If the theme author stops supporting the theme, find another one that is supported and will be updated.

It’s also a good move to remove all unused plugins and themes. That way you don’t have to continually keep those extra things updated if they’re not in use.

Hope this is helpful! Best wishes to you ??

Tri_Media – in the front end, on the “Settings” page, you can add higher numbers to the “Search Radius Options”. For instance, I’ve added “1000” to my client’s results to show all stores within 1000 miles. You can change the default to the higher number by adding brackets to the number that you prefer is shown. For example:
10,25,50,100,200,500,[1000],2500

Not sure if that’s helpful for you, but I thought I’d share my experience in case it is helpful for you as well.

Excellent! Glad to hear. I’m all set because I did fix it by manually downloading it (from a link here on WP) and uploading it to each site. Figured I’d post to ensure others know about it so it could get fixed if you all weren’t aware of the issue. Glad to hear it was a quick fix! You all are the best ??

Very nice!

Am I understanding correctly that WPTouch Pro 3 Developer now only allows 25 domains?

Thank you for that link, Alex – that’s good news for YouTube embeds.

Thank you, Bexgroebner!

I have no idea how that field got changed on my client’s site, but it did and was doubling his domain name & making the media image url broken. I appreciate that you came back to share your solution!

Wanted to peek my head in and say another “Thank you!” to you, MariGarza!

I put the code you shared in my functions.php page so I wouldn’t overwrite it if/when the plugin was updated and it works perfectly.

Thanks again so much for sharing your knowledge and this help!

Goendul – disable ALL of your other plugins to see if it gets rid of the problem. If it does, it’s a plugin conflict.

Slowly turn your most-needed plugins back on until it breaks. For me, it was the Shortcodes Ultimate plugin that broke it, so I don’t use that plugin on sites that use WP eCommerce.

(If disabling all your other plugins doesn’t get rid of it, it may be your theme. Switch to Twenty Eleven or Twenty Ten to see if it gets rid of the problem.)

Good luck!

I’m sorry to hear that.

Because my sites and my client’s sites were hacked by a trojan through Timthumb, I’ve been manually deleting the timthumb.php file in your excellent plugin:

https://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/

(Specifically check out the text below the heading “Full post:” about halfway down the story.)

—

I thought removing all external sites would fix the problem but that did not. The hacker(s) were manually linking to the timthumb.php file and uploading php files to a cache folder. Then they accessed that file and opened my server up for exploit, loading encrypted base 64 code somewhat randomly throughout.

It’s a bit of a pain in the neck to remember to delete the file – especially easy to forget when upgrading. One night I installed your plugin on a fresh site and forgot to delete timthumb.php. The next day, was getting a screen similar to this when navigating to the basically empty/twentyeleven site install:

https://www.websitedefender.com/wp-content/uploads/2012/04/malware-google-image.jpg

So, I will continue to be diligent about deleting timthumb.php.

Although I cannot say for certain, it looks like your theme is using Data URI to embed images. I’d say it’s probably not a virus/hack. Here is some information you may find helpful, Serge:

https://css-tricks.com/data-uris/

Best wishes!

Also – while I’m mentioning that – because the input elements of the First Name and Last Name are on the same line as the label elements, there is no space between the label, the colon and the form field when the form is rendered, making it like this:

First Name:|____________|
Last name:|____________|
Email Address: |____________|

(Notice no space after the colons for the first 2 and a space after the last one.)

I know it’s a minor detail, but it’s especially noticeable when they’re on the same line.

I’m sure you have bigger fish to fry than tweaking that minor detail, but if you’re concerned about consistency, this would be something to find and fix.

Thanks again so much Mailchimp! You know I love you! ??

I love that you’re active in the upkeep of your widget, Mailchimp! Your company rocks!

In future versions of your plugin, would your team consider removing the hardcoded forced new-line styling of the <br /> from this file ns_widget_mailchimp.class.php and replace it with a surrounding div around the label and input areas? Example: <div class="whateverclass"> label, input </div> so people may style the form more easily?

Thanks for the consideration!

Thanks for your response, Jay – yea, I wish I could use your plugin, but instead, I’ll just set a reminder to backup my whole hosting directory every week – less fuss to just have 1 big backup than lots of little ones (aside from having to remember to do it! That’s what I liked very much about your plugin!)

I’ll check out Daniel’s site before I make that decision for my long-term plans, but as time is currently short, I’ll just do a manual one tonight before I go to sleep ??

I’ve also had an issue with Snapshot Backup causing havoc on the server my sites are on. It wasn’t that it was backing up every 2 minutes. (I had it set to backup every week or every 2 weeks for some sites, based on update usage. The “every 2 minutes” backup on one site took the server down the first time.)

The problem was – although I was storing the files via FTP to a directory above the directories I was backing up, it seemed to be compounding the size of the archive with each backup. (I’m guessing because it stores the file within the wp-content/uploads directory?) I noticed this compounding size increase even with sites I had let go dormant for months, so I know it’s not that my clients were being prolific or uploading ridiculously sized images.

In any case, my host (BlueHost) shut all 35 of my sites down due to this memory hog issue. Instead of having a file sum total of 3GB, my public_html directory was 20GB! So, I will not be using or recommending this plugin at this point. I’m back to WordPress Backup, which only backs up the Plugins/Uploads and current Theme folder.

I really wanted this to be my backup plugin of choice… and it was, until it took my sites down… twice within the past 6 months.