jeffersonpowers

Hi — I just tried the new release of the plugin, but I’m still not able to delete the autoload option I mentioned in my original post. Is this something that will be fixed soon? I have to clean this option from around 20 websites across multiple hosting accounts, so using the plugin would be a lot easier than going into phpMyAdmin for each one.

Fantastic. I will keep an eye out for that update.

Thanks. One last question, which I realize may be outside of your purview and if so then that’s fine. I’m using a plugin called Advanced Database Cleaner to delete all of these old wp_options entries, but for some reason it won’t delete or change the fernleafsystems\wordpress\plugin\shield\controller\controller entry. Can you think of any reason why that might be?

I can delete it by going directly into phpMyAdmin, but I need to do this for around 20 websites so a plugin-based solution would be preferable.

Thanks again for all your help with this.

Hi, thanks for getting back to me. I apologize for overstating the number of Shield-related options, it actually appears to be around 28 that reference ?icwp-wpsf-?or?icwp_wpsf_?, and another 40 or so that reference shield_mod_config_, which according to this support topic is also to do with Shield.

I’ve found one entry in the wp_options table called fernleafsystems\wordpress\plugin\shield\controller\controller which appears to be related to Shield, is that correct? Also, there are entries that refer to aptoweb_ and apto-dbs-ready-status — I’m not able to find any information on these, but what little I have found was in relation to Shield — are these wp_options entries to do with Shield as well?

Thanks for your help on this.

Thanks for your reply. Wordfence is reporting it as a new issue that affects the most recent version of GA Google Analytics:

The GA Google Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several tracking fields in versions up to, and including, 20240308 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

But you’re right, the references in their notification refer to the 2021 issue so its possible that this is a false positive. In any case, you may want to look into it and see what you can do to get this resolved with the Wordfence people, as other users who also use Wordfence might also be concerned.

Hi, thanks for replying. I just deleted the entire website, then reinstalled a fresh WordPress install, then restored the site using an UpDraft Plus backup (Updraft Plus doesn’t back up WP core files, only wp-content and the database). I used a backup from January, well before this all started, so I’m fairly hopeful that any malicious files that were there are gone now. But in looking at the cleaning steps I have in fact done all of that too (since it was a backup from a few months ago I had to update the theme and all the plugins anyway). I will mention the virus scan to the hosting company.

When you say “we’ve had this happen before,” was what happened to you identical (or at least very close) to what I described? My main concern is how they’re getting into the WordPress back end in the first place.

I’m afraid I don’t remember the file name, but I will make a note of it if it happens again. Wordfence definitely identified and flagged it once I took it off the exclusion list and ran a scan.

Thanks again for your insights!

• This reply was modified 8 months, 1 week ago by jeffersonpowers.

Unfortunately I deleted the file, so I don’t have a copy to send.

The hosting company found it, I wonder what they are scanning for that Wordfence is not.

Does Wordfence scan and warn for extra files in places where they shouldn’t be, even if they don’t come up as malware? For example, in this case, the file was in a directory in wp-includes where no file of that name should have been.

Thanks for the reply, although a lot of the material covered in both blogs is a little over my head.

Speaking to those who have used both plugins, is there anything in particular that one does, that the other does not do?

Fantastic, thank you!

Can you please post here when this is resolved? Yesterday’s update (2.1.13) doesn’t appear to have addressed this issue (unless there is something I’m missing).

Thank you!

Another solution to this problem would be to have Pinnacle’s built-in lightbox include navigation between the images in a gallery block, instead of just opening each image individually. That navigation is the only thing that selecting “Link Triggers: Lightbox” adds, other than the second, overlapping lightbox image.

Thank you for your offer. I was able to move the arrows back to their previous position below the carousel with some CSS.

In the process of doing that I noticed that the margins on the navigation arrows are a little off — you have the margin-right css property set to 10px and the margin-left set to 5px on both arrows, which causes them not to line up symmetrically — the right arrow is shifted 5 pixels to the left of where it should be. Probably not something a lot of people will notice, but it does make the arrows look uneven.

I also noticed that you are using !important on a few of your CSS declarations (so I had to use !important to override them). As I understand it, this should be avoided unless absolutely necessary.

I’ve just done some extensive testing, and it appears that it is Kadence’s Pinnacle theme that is enabling the lightbox, and it does not appear to have a way to disable it in the theme options.

In any case, I don’t want to disable it on other posts and pages, I just want it to not generate two overlapping lightboxes when I use the “link triggers: lightbox” setting for the Advanced Gallery block. Note that with that setting turned off, it just lightboxes each image in the gallery separately, without navigation between them, which isn’t optimal.

Hopefully this will be an easy fix, since it’s your own theme conflicting with your plugin ??

Side note: Pinnacle seems to automatically generate a lightbox for .jpg and .png images when the link is set to “media file,” but it doesn’t do this for webp files. This isn’t relevant to the problem I’m trying to solve, but I thought your developers might want to know.

Fantastic! That did the trick.

This is why Kadence is my go-to theme developer, and Pinnacle is my go-to theme. Excellent work as always!

• This reply was modified 3 years, 2 months ago by jeffersonpowers.

I’ve narrowed this down to an issue with the autoplay setting. I have autoplay turned off for my carousel, but after I click past the first event, the autoplay starts up anyway. The autoplay had been set to “1” which I didn’t think mattered since I had it turned off. I don’t really want the carousel items to move on their own, only when someone clicks the navigation buttons.

So it appears that turning autoplay off doesn’t actually turn it off completely. The carousel starts moving on its own once you click the right arrow once. Is that correct?