lernerconsulting

Oops, forgot to put those commands inside code tags…

Those have to be normal double quote and normal single quote (apostrophe) characters, not the fancy word processing quotes.

Use || (two vertical bar characters, usually shift-backslash on your keyboard) between each IP address, and you can specify as many addresses as you need.

You specify your actual IP address(es). If your home IP was 98.87.76.65 and your phone IP was 123.45.67.89 and your work IP was 78.89.23.45, the line would be:

SetEnvIfExpr "-R '98.87.76.65 || -R '123.45.67.89' || '78.89.23.45' " !HTTP_badUserAgent

So the whole thing would be

SetEnvIfNoCase User-Agent (PHPCrawl) HTTP_badUserAgent=$1
# Allow WP Scraper plugin By Allyson Rico, Robert Macchi uses PHPCrawl user agent, for only your specific IP addresses
SetEnvIfExpr "-R '98.87.76.65 || -R '123.45.67.89' || '78.89.23.45' " !HTTP_badUserAgent
RewriteRule .* – [L]

And of course, copy and paste so you don’t have errors from word wrapping. (The lines start with SetEnvIfNoCase , SetEnvIfExpr and RewriteRule.) The line starting with “# Allow” is a comment.

• This reply was modified 8 years, 3 months ago by lernerconsulting.

Also this
NOTICE: wp-content/plugins/woo-price-calculator/woo-price-calculator.php:162 – Undefined index: add-to-cart

Debug Bar shows this call trace:

require(‘wp-blog-header.php’), require_once(‘wp-includes/template-loader.php’), include(‘/themes/Divi/page.php’), get_header, locate_template, load_template, require_once(‘/themes/Divi/header.php’), wp_head, do_action(‘wp_head’), call_user_func_array, wp_print_head_scripts, do_action(‘wp_print_scripts’), call_user_func_array, WC_Frontend_Scripts::localize_printed_scripts, WC_Frontend_Scripts::localize_script, WC_Frontend_Scripts::get_script_data, apply_filters(‘woocommerce_add_to_cart_redirect’), call_user_func_array, Woo_Price_Calculator->filter_woocommerce_add_to_cart_redirect

@melkham: You got the wrong code… and that resize is from a plugin or your theme, and likely uses it, to know what size images should be delivered.

What you want to remove, what this plugin removes, is the version info added after your .css and .js files

If this plugin actually isn’t working for you (it does Not modify your function.php file, that is not how to test it is working), delete the plugin and carefully edit your function.php file with this:

function _remove_script_version( $src ){
$parts = explode( ‘?ver’, $src );
return $parts[0];
}
add_filter( ‘script_loader_src’, ‘_remove_script_version’, 15, 1 );
add_filter( ‘style_loader_src’, ‘_remove_script_version’, 15, 1 );

Sucuri free malware scan tool can’t be a complete scan, and says so. There are many types of attacks that their firewall could block that the quick scan won’t notice.

Perhaps if you send me a private message through here, with your URL I can see something; I’m good at troubleshooting WordPress site issues. Or lets talk. Or, sign up with Sucuri for their firewall and cleanup.

I like when hosts are actively looking for security issues. Most hosts are Negligent, hosts should not “leave security to their customers”, security is too complex and too important. If your host’s attitude to security is “we don’t support third-party software”, Leave Them. GoDaddy Managed WordPress hosting is not the best on some things, but they are at least Trying to keep your site safe.

Having a plugin disabled is inconvenient. But not nearly as inconvenient, and not nearly as hard to fix, as when your site gets hacked because that plugin wasn’t disabled.

(Keep your eyes open for updates, in case GoDaddy found a vulnerability and the author fixed it.)

Notice the Ninja Forms change log, they are finding and fixing potential security problems. Sign of a good, professional programmer.

Has anyone found out what (if anything) GoDaddy observed, that could be a performance or security issue?

If there was anything, is it fixed or being tested?

I like when hosts are actively looking for security issues. Most hosts are Negligent, hosts should not “leave security to their customers”, security is too complex and too important. If your host’s attitude to security is “we don’t support third-party software”, Leave Them.

Having a plugin disabled is inconvenient. But not nearly as inconvenient, not nearly as hard to fix, as when your site gets hacked because that plugin wasn’t disabled.

(Note: GoDaddy Managed WordPress Hosting will do this checking, I haven’t heard yet that the security and plugin vulnerability checking for Managed WordPress hosting has been migrated to apply to their “ancient cranky” hosting.)

Is the file being stored on your XAMPP area?
Saves results in /wp-content/uploads/wp-migrate-db
(You might have to un-check the “save to your computer” option)

@mellco, I understand that someone who knows phpMyAdmin could make those records. Plugins shouldn’t be written so their use requires people make changes in phpMyAdmin.

@everyone: If you don’t know phpMyAdmin, don’t go in trying to change things, you’ll likely make changes you didn’t mean to make and really mess things up.

@davidneal: If what is needed is database records added to the proper tables, than You should be using the standard WordPress functions for determining what tables those should be. Your plugin isn’t multi-site compatible, if you aren’t asking WordPress what tables you should use.

@davidneal: This issue is not “Resolved” and so the topic should be un-marked resolved.

I have WordPress 4.4.2 Multi-Site in sub-domain mode, with Simple Share Buttons Adder 6.1.5, and I get nothing under “Networks” so I can not “drop icons below”.

The Simple Share Buttons configuration screen gives these errors:

Warning: array_keys() expects parameter 1 to be array, null given in /home/ACCOUNT/public_html/wp-content/plugins/simple-share-buttons-adder/inc/ssba_admin_panel.php on line 1005

Warning: array_diff(): Argument #1 is not an array in /home/ACCOUNT/public_html/wp-content/plugins/simple-share-buttons-adder/inc/ssba_admin_panel.php on line 1005

Warning: Invalid argument supplied for foreach() in /home/ACCOUNT/public_html/wp-content/plugins/simple-share-buttons-adder/inc/ssba_admin_panel.php on line 1011

Warning: Invalid argument supplied for foreach() in /home/ACCOUNT/public_html/wp-content/plugins/simple-share-buttons-adder/inc/ssba_admin_panel.php on line 328

Notice: Undefined index: twitter_newsharecounts in /home/ACCOUNT/public_html/wp-content/plugins/simple-share-buttons-adder/inc/ssba_admin_panel.php on line 622

Simple Share Buttons Adder 6.1.4 on WordPress 4.4.1 Multi-Site in subdomain mode

On a sub-site, “Networks, Drop icons below”, no icons.
Posts show “Please Share…”, no icons.

These errors on screen in debug mode:

Warning: array_keys() expects parameter 1 to be array, null given in /home/ACCOUNT/public_html/wp-content/plugins/simple-share-buttons-adder/inc/ssba_admin_panel.php on line 990

Warning: array_diff(): Argument #1 is not an array in /home/ACCOUNT/public_html/wp-content/plugins/simple-share-buttons-adder/inc/ssba_admin_panel.php on line 990

Warning: Invalid argument supplied for foreach() in /home/ACCOUNT/public_html/wp-content/plugins/simple-share-buttons-adder/inc/ssba_admin_panel.php on line 996

Warning: Invalid argument supplied for foreach() in /home/ACCOUNT/public_html/wp-content/plugins/simple-share-buttons-adder/inc/ssba_admin_panel.php on line 328

I’ve used iThemes security for years, on multi-site. Used on client sites, on different hosts.

There are occasional problems with older hosts that do non-standard setups, need to tweak what options are turned on; the worse your host, the more troubleshooting you need to do to find out what settings work. (Of course better to get off those crappy hosting companies!)

I haven’t found problems with iThemes Security, nor have other technical experts in the local WordPress community. Pick other security plugins if you like their “style” better, WordFence is the only other one I know that is comparable; but no need to switch based on how it works with multi-site.

If you don’t have a specific problem when you run it, use it. (And post a question with specific problems, the authors or users can probably answer it.)

I never used the Logs until checking this topic (I have .htaccess and error page logging, more detailed, with iThemes Security as 2nd line of defense).

I use subdomain installation of WP Multisite.
So issue might be with subdirectory installation.

I agree get_admin_url() description sets /wp-admin/ not /wp-admin/network/ but I don’t know what filters might be changing that downstream…

On my installation:
https://maindomain.com/wp-admin/network/admin.php?page=toplevel_page_itsec_logs
has links like this:
Host or User Lockout – Details – https://maindomain.com/wp-admin/network/itsec-log-all-row-3
404 Error – Details – https://maindomain.com/wp-admin/network/itsec-log-all-row-4

Check for the “Subscribe to WordPress Announcements (a few messages a year)” returning “already subscribed” and blocking the edits for the profile.

I unchecked the subscribe, and edits went through (but do not know if that unsubscribed me, I would like to receive the announcements).

I am not attempting to change the email address. It is filled in by the site, and I leave it unchanged.

(and the email address is correct, and re-typing the email address doesn’t fix the problem)

Check for the Edit screen using the Add User function… It shouldn’t be validating the email address against the existing email address and failing it.

Change password via https://www.ads-software.com/support/profile/lernerconsult/edit
“Email Address already in use”

Reset password, successful.
Was able to change my name fields.
Then tried changing other fields, getting “Email Address already in use” again.

Works now, on both main site and sub-sites.
Should be marked as “resolved”