kanenas

@gennady,

Are you 100% sure that is a Zero-day in the “Fancybox-for-WordPress” plugin?

Here is what WordFence alerted me with about one hour ago…

File contains suspected malware URL: /wp-content/cache/object/000000/1ad/4a6/1ad4a675471b40c7b78ff40296e03d97.php
Filename:	wp-content/cache/object/000000/1ad/4a6/1ad4a675471b40c7b78ff40296e03d97.php
Bad URL:	https://203koko.eu/hjnfh/ipframe2.php
File type:	Not a core, theme or plugin file.
Issue first detected:	14 secs ago.
Severity:	Critical
Status	New

The thing is that i am always up-to-date with WordPress core, plugins & themes.
I have NEVER used “Fancybox-for-WordPress” plugin! The theme that i use most is “Responsive” – https://www.ads-software.com/themes/responsive and lately “Newspaper” – https://themeforest.net/item/newspaper/5489609

Generally i use these plugins

• Akismet
• Broken Link Checker
• Contact Form 7
• Custom Permalinks
• Disqus Comment System
• Duplicator
• GetSocial
• Google Analytics by Yoast
• Google XML Sitemaps
• Redirection
• Revolution Slider
• tagDiv Social Counter
• Theme Authenticity Checker (TAC)
• W3 Total Cache
• Wordfence Security
• WordPress SEO
• WP-Optimize
• WPBakery Visual Composer

Also running this query
select * from optblg_options where option_name = 'mfbfw';
MySQL returned an empty result set (i.e. zero rows). (Query took 0.0003 sec)

Yet, I am on a shared hosted environment ??

Any thoughts?

I am using

php: v.5.4.36
WordPress: v.4.1
W3 Total Cache: v.0.9.4.1

and in my debug.log I have lots of these…
[23-Jan-2015 10:00:16 UTC] PHP Strict Standards: Static function Minify_Inline::minify() should not be abstract in /wp-content/plugins/w3-total-cache/lib/Minify/Minify/Inline.php on line 8

Here https://www.ads-software.com/support/topic/error_log-static-function-minify_inlineminify-should-not-be-abstract?replies=6 Willie Jackson says (3 months ago), that this will be fixed on the next release.
The latest realease is 2014-12-10.

Is there any feedback on this?

Thanks!

@debbie, I think this document can help you https://codex.www.ads-software.com/Brute_Force_Attacks.

• Password Protect wp-login.php
• Limit Access to wp-admin by IP
• ModSecurity (https://www.frameloss.org/2011/07/29/stopping-brute-force-logins-against-wordpress/)

Or you could use https://cloudproxy.sucuri.net/ (btw I am not affiliate of any kind with Sucuri).

In Wordfence wp-admin/admin.php?page=WordfenceSecOpt there is a very nice option…

“Immediately block the IP of users who try to sign in as these usernames“

Most of the brute force attacks are targeting “admin” as a username.
Best practice says “DO NOT use admin as a username”.

@jonathan, I guess you have fixed the problem because this https://www.billigste-internet.dk/wp-admin works just fine!

Patience…

@andydegroo it still exists even when “hiding” the error ??

+1 for the suggestion. I have tested with WordPress v.4.1 and it works without giving any notice.

@asylum119 thanks for the help… it worked just fine!

Same issue here for Greek…

wp-includes/version.php

34	*/
35	$required_mysql_version = '5.0';
36
37	$wp_local_package = 'el';

@einstem

I have been using Google XML Sitemaps https://www.ads-software.com/plugins/google-sitemap-generator/ for a long time.

Lately I said “what the heck”, why should I use two plugins instead of one… and I activated “XML Sitemaps – Yoast WordPress SEO”. After the activation I deactivated at the same time because in Google Webmasters Tools got 403 Forbidden.

Maybe it is my fault, but for the time i will stick with Google XML Sitemaps.

It’s really weird! Shouldn’t be here https://yoast.com/wordpress/plugins/google-analytics/ also?

I believe you should use this

add_management_page( 'Custom Permalinks', 'Custom Permalinks', 'manage_options', 'custom_permalinks', 'custom_permalinks_options_page' );

instead of this

add_management_page( 'Custom Permalinks', 'Custom Permalinks',5, 'custom_permalinks', 'custom_permalinks_options_page' );

BTW I am using the plugin with WordPress v.4.0 and it worked for me.

That’s exactly why I am asking and because the website is live!