Jon

No, sorry.

Great. Can you recommend an extension plugin?

Can Woocommerce also send attachments via email to customers? e.g. a Word doc that they can then complete and return?

sorry, I meant to post this is the theme support pages – think I missed.

Thanks. That worked. Well, I stopped minifying all javascript. It worked after that. Many thanks.

I have just installed a fresh copy of WordPress on a server that already runs WordPress very well, and I am getting this problem.

It is happening when I search for a plugin.

No other plugins have been installed yet. The site is really, really, new.

To confirm, I can search for plugins on other sites with no problems.

Seems to be a problem with the WordPress install. Might have to scrap it and start again ….

marking as resolved

Cheers, thought as much.

Will look at the shortcode options.

My thoughts too.

Some have talked about server response times and using proper net rules etc. but I don’t understand if any of that applies today.

Anybody? I have the same question.

Following on from Jan’s post, if wp-login and /wp-admin only allow access from whitelisted IPs, Brute Force is not possible is it?

My concern is really about these cross script things (which I do not understand anywhere near as much as I understand the idea of only allowing people from a specific IP number / network).

FTP is also locked down by my web host (again, IP whitelist or time based access).

Thanks.

OK, so the answer is, “nobody knows”.

Barnez, so long as the author profile pages exist people can find the login name. It is a bit of a security flaw in WordPress really.

Looks like you are using WordPress SEO with the user names off. I really think that is the only way to stop people finding user names from the website. Tools/bots will still be able to do it though.

Ok, so let’s assume in this case that the server is secure and there are no plugins at all.

Could this really be hacked? If so, how? And is there a way to prevent it?

If there are many examples of ways it can be done, what are the most frequently used one? Has anybody ever written about this somewhere?

Maybe it is a case of block bots? Lots of these hacks come from tools that sniff out details quickly.

Any tips / suggestions welcomed.

With WordPress SEO plugin you can totally remove the author archives (purpose is to reduce duplicate content) but it also redirects any author page to the homepage which will prevent a hacker finding out the username with the above method.

I just ran a /?author=n through https://redirectdetective.com/ and the author page is not shown at all.