larsenja

I would like to echo @silentsooty request RE the ability to trigger a publish event.

It would also be great if this could update post GUID upon republishing.

These two are critical and I would gladly fund the cost to add these for the public “free” plugin… assuming the cost is reasonable.

Please reach out to me…

I’m following this challenge with interest as I am a WPMUDEV client and am having this issue. Wicked Plugins reported this for me as they isolated the technical reasons with Smart Crawl Pro. I have also reported the issue directly to WPMUDEV support in speaking with Jorge Diaz who said the ticket will be responded to here with updates.

Is there a way to whitelist mail-tester so it can access them? Or is there a way to tell mailtester not to test for these since it so negatively impacts the score?

Awesome suggestion. Sure enough strict Mime rules were enabled. By turning them off, the editor loaded.

Is this a super-dangerous thing to enable from a security perspective?

Perfect. Thank you.

Will we have to re-update that file each time the plugin is updated?

Typo on the domain – but already fixed. There was a backup copy of WordPress on the same server. We believe the attacker leveraged this to break in and then change the index.php file of the core WP install. This has been deleted. If there are further issues will let you know.

Did not enable “login protection” because as I understand it, that adds another password layer that our clients would have to enter. They would revolt at that since we already require a second factor authentication.

Did have .htninja in place but not this rule. Have added it.

Thank you! Is there a recommended way to test and make sure the rule is working?

Actually it looks like correct IPs are being logged and that actions are being taken. We implemented mod_cloudflare at the server level which seems to have helped.

Hi – quick update – we added this rule and it took down our entire environment. Resulted in 500 error messages being served. The minute we removed the above rule from the .htninja file, all of our services were restored… so we need a different recommendation.

Thank you so much for the help. I’m assuming this plays well with the other rules for Cloudflare?

OK. Thank you. Out of curiosity, why are ahrefs and majestic specifically blocked as being suspicious?

Excellent, thank you for the assist. Is there any reason to uncheck the first set of options in the Firewall Polices for WordPress? I noticed it also contains an includes area for the admin and am wondering if it should be enabled as well?

Yeah – the hiding was awesome. Without it – multisite has a “dent” in my mind. Not enough to throw in the towel, but ugly to look at.

It’s a shame that WordPress had to bend to the will of naughty devs rather than maintain this very cool, if subtle, feature. But I’ll bet the decision was made, at least in part, based on the volume of support handled here at www.ads-software.com for issues related back to that hiding.

Again, thank you!

Marc, thank you for trying. That info is “old” as of the recent change in how WordPress is handling files. Given how things are working now, I would be hesitant to just muck about and make changes without really comprehending how they’ll impact the environment.

Ipstenu, thank you for at least helping me understand why the change was made. While I hear you about the “easiest” way to proceed, what I also hear is that method shouldn’t be used because it technically is no longer supported, because plugin programmers will be less aware of the issue because the method is no longer supported, and because the new approach puts less of a burden on the servers.

I’ll let it go. Thank you again for helping to understand the thinking.