liquidmind

The problem seems to have solved itself, at least for now.

Thanks! If someone can help me understand what exactly is going on with the logs below? Only a few of several are shown.

07/Feb/23 19:21:39  #6511475  INFO         -  43.130.144.143   GET /wp-includes/class-wp-block-editor-context.php - Access to a script modified/created less than 10 hour(s) ago
07/Feb/23 19:21:40  #7750325  HIGH         -  43.130.144.143   GET /wp-includes/class-wp-block-editor-context.php - Forbidden direct access to PHP script
07/Feb/23 19:21:41  #5257622  INFO         -  43.130.144.143   GET /wp-includes/class-wp-block-template.php - Access to a script modified/created less than 10 hour(s) ago
07/Feb/23 19:21:42  #5013140  HIGH         -  43.130.144.143   GET /wp-includes/class-wp-block-template.php - Forbidden direct access to PHP script
07/Feb/23 19:21:47  #7158299  INFO         -  43.130.144.143   GET /wp-includes/class-wp-dependencies.php - Access to a script modified/created less than 10 hour(s) ago
07/Feb/23 19:21:48  #5919285  HIGH         -  43.130.144.143   GET /wp-includes/class-wp-dependencies.php - Forbidden direct access to PHP script
07/Feb/23 19:21:51  #7767039  INFO         -  43.130.144.143   GET /wp-includes/class-wp-http.php - Access to a script modified/created less than 10 hour(s) ago
07/Feb/23 19:21:51  #2051672  HIGH         -  43.130.144.143   GET /wp-includes/class-wp-http.php - Forbidden direct access to PHP script
07/Feb/23 19:21:53  #1959518  INFO         -  43.130.144.143   GET /wp-includes/class-wp-scripts.php - Access to a script modified/created less than 10 hour(s) ago
07/Feb/23 19:21:53  #8188491  HIGH         -  43.130.144.143   GET /wp-includes/class-wp-scripts.php - Forbidden direct access to PHP script

Same IP address trying to access same PHP files, alternated with INFO and HIGH level threat, which means they were both blocked and allowed mere second (or less) apart? I got email alerts yesterday at each of these INFO level access, about 50 emails within a few minutes. Never happened before in the months I have been using NinjaFirewall, which got me worried if something finally broke through the unbreakable Ninja yesterday ??

Works great, thanks! One small issue is that it leaves a trailing comma, which looks like Docker,,Python. Any way to fix that?

EDIT: Just realized, this fix hides category #2 regardless of its name, does not work if Featured is 1st in order, or 3rd. Is there a way to hide it by name?

Thanks again.

• This reply was modified 2 years, 1 month ago by liquidmind.

I tried adding the element as HTML, but the code <pre class="wp-block-prismatic-blocks line-numbers" data-start="10">returns error “This block contains unexpected or invalid content.” Perhaps it has to do with the block editor removing extra attribs that you mentioned. I’ll wait for the future update.

Thanks again.

• This reply was modified 2 years, 2 months ago by liquidmind.

I guessed as much, and turned debug mode off right after posting this question. Now I’ll change my username, and go through the entire log to see what else they managed to do (found a bunch of “Forbidden direct access to PHP script”, “Blocked file upload attempt” and “WP backdoor” already). I have also turned file monitoring on and scanned everything with NinjaScanner, found nothing suspicious so far.

Thanks again.

Thanks for the link, looks like that particular (old) issue was fixed by adding the leading --- to the code. I already had that, did not help, so this seems a new issue. I just confirmed it on their official page, looks exactly as on my page, so the issue indeed is with Prism.js. I’ll try to raise it with them.

Thanks again.

UPDATE: Issue raised.

Doesn’t unchecking “Copy to Clipboard” disable it globally (including in code blocks)? I wanted to see if it could be done on as-needed basis, like in command line blocks. I am guessing there is no easy way to do this, at least yet.

Thanks.