Luciano Santana
Forum Replies Created
-
Forum: Plugins
In reply to: [Connect Polylang for Elementor] Flag Switcher – Fail to load@frankovic try using https://www.ads-software.com/plugins/wp-rollback/.
Make sure you backup everything, just in case. ??- This reply was modified 4 years, 7 months ago by Luciano Santana.
Forum: Plugins
In reply to: [Polylang] Html instead of country flagSolution for now is to downgrade to version 2.7.4 .
Here’s some better explanation : https://www.ads-software.com/support/topic/flag-switcher-fail-to-load/#post-13273663Sharing my experience in case it’s helpful for someone.
I’ve solved it by forcing the FileSystem method to be direct. I just had to add the following to my wp-config :
define('FS_METHOD', 'direct');Probably WP was setting FS method to be FTP because I have some special configuration with file permission on my server (for instance: plugins folder is not writeable, though uploads folder is).
Now it works just fine.
Forum: Plugins
In reply to: [Export media with selected content] ERR_INVALID_RESPONSE@hendryxx2 can you check you php’s
max_execution_timesetting ? I’d say it is possibly a limitation on the server.@zotezo as I said , by reading your logs I can see Wordfence is working as expected. Please, don’t hijack this post with an unrelated issue. If you need some specific support open a thread of your own.
Short answer is : yes you are being attacked but Wordfence is doing it’s job in your case.
- This reply was modified 5 years, 6 months ago by Luciano Santana.
@zotezo from the log you’ve shared it seems Wordfence is catching and preventing the attack. While the issue reported in this post is something that falls under Wordfence radar. I would recommend you to either search in the forum for a post that describes your exact issue or to open new post with better description of the issue you are experiencing.
Hi Scott !
As I’ve mentioned on the first message:
The only solution that worked was to block the access to xmplrpc.php completely (via .htaccess).
The attack kept going on for days and the attacker was just receiving a 403 after the solution was applied.
I wouldn’t roll back that change until I’d have a confirmation this issue is solved via Wordfence. For this specific website, since it’s in production, stability is very important and we don’t really use any of the WordPress’ XML RPC service at the moment.
Finally, regarding your comment:
I would recommend upping the amount of time the attempts are counted over, maybe 30 minutes or an hour rather than 10 minutes.
I’m not sure that would help. The attempts were occurring multiple times in a single minute. So a 10 minutes window should be more than enough to flag those IPs as attackers.
Hi Scott,
Thanks for replying. Here are the settings
for Brute Force and for Rate limitingBy the way. The attack is still ongoing although the attacker is getting a 403 as response.
Hi Dave !
Thank you for the reply. No. It’s not there. We’ve identified the IPs by looking into Apache access logs
Forum: Plugins
In reply to: Woocommerce how to select default shipping methodGlad to hear.
??Forum: Plugins
In reply to: Woocommerce how to select default shipping methodThe correct method is via Woocommerce settings. What are the shipping methods you have in your Woocommerce settings and what is the default one on the settings? What is the one you see in the front-end ? Also if you check in your database for the option name = woocommerce_default_shipping_method, what is stored ?
Forum: Plugins
In reply to: Woocommerce how to select default shipping methodThank you. Actually the problem is solved, I just wanted to share the solution.
??Did some debugging and have some clue.
Static function “simulate_image_make_intermediate_size” on WpAdditionalImageSizes.php calls “image_resize_dimensions” function from wp-includes/media.php .Note the following lines:
// if the resulting image would be the same size or larger we don't want to resize it if ( $new_w >= $orig_w && $new_h >= $orig_h ) return false;In my case, the comparission is true so the returned value is false.
Since there isn’t anything bad happening. The way I found to stop those anoying warning message was to add conditional on line 923 in WpAdditionalImageSizes.php .
The code before:
$metadata_sizes_not_in_current_all_sizes = array_diff( array_keys($metadata['sizes']), $sizes_to_check_plus_additional ); //sizes_to_checkThe code after:
if($metadata['sizes']) $metadata_sizes_not_in_current_all_sizes = array_diff( array_keys($metadata['sizes']), $sizes_to_check_plus_additional ); //sizes_to_checkForum: Fixing WordPress
In reply to: Remove "insert into post" optionWill give it a try.
By the way, nice plugin will check it too.
??