nilltech
Forum Replies Created
-
Hi,
Thank you for your time. My host finally admitted the shared server was having a DDoS attack, so they were throttling my secure connections, causing a headache of intermittent issues. Bye-bye hostgator!
Good day!
Just wanted to follow-up and report my findings.
After 3 weeks of intermittent issues, review by 3 tier 4 admins, my webhost finally acknowledge my shared server was under DDoS attack, and they were using a hardware appliance to manage the threat which was blocking my secure connections in-turn throwing an array of errors.
Moved to a new host and all problems have been absent for 5 days.
In summary, no issues found between Really Simple SSL and WordPress 5.7 HTTPS Detect & Migrate feature. Just needed to fire HostGator!
Thanks to all for your time & support!!
- This reply was modified 3 years, 10 months ago by nilltech.
Hi Rogier – Thanks for the response.
Yes, have been working with host to assure everything is up to date.
As of now, I am checking my htaccess file. Back in March, my host forced a PHP update which broke my site. I contacted support and they edited my htaccess so it would use the lower version – now I am running PHP 7.4.
Going to start with a basic htaccess refresh and see how the site performs. Will update you soon with bad luck, and a couple days if good luck.
Thanks again for your time/support!
UPDATE: Issue Not Resolved After Plugin Removal
Today, my issue came back. I am convinced the SSL issues originated from the WordPress core update addition of the HTTPS detect and migrate feature. Again, my woocommerce cart and checkout pages are timing out, getting errors establishing outbound connections via https. Seems to be affecting Stripe API on checkout.
domain = lightmysafe.com
UPDATE:
“Question – Months back, did WordPress ever check our account password against a compromised password list, and force us to change our password?
Was this done across both platforms, www.ads-software.com and wordpress.com, or just www.ads-software.com?”
Upon further research, I see it is Wordfence that offers the feature to identify leaked passwords, and will force a reset when logging into wp-admin.
My apologies for laying that feature on WordPress core.
But the issue still remains, Jetpack providing a 2nd security policy, allowing lower level access to gain full admin privileges via wp-admin, other than what has been defined in the Users>Administrators.
My understanding of SSO, is to add convenience and increase security, not add convenience by lowering security.
I sense pushback instead of trying to see the big picture. Don’t just assume we are talking about a weak password, we are talking about how Jetpack gives full admin access to wp-admin, with known compromised accounts as a backdoor…intentional or not.
And I really don’t believe SSO was enabled, as Jetpack was not configured, but somehow alerting us when the server went down. Honestly, it was that feature that had me give Jetpack a try…but it worked without being configured/clicking the setup button. (I have emails from Jetpack [90029146/intermittent] that you can see were clearly sent in December, before we clicked setup a couple days ago. Just compare my emails from Jetpack to your user registration log, and analyze the data for a clearer picture.)
Weak password, I agree…it was an account from years ago that I didnt even realize I had. But you provided back door access, using that weak password.
Security should be consistent. But the way it was implemented, using different password restrictions/complexity depending on how you login (site username/password vs WordPress username/password)….that is a security risk.
Question – Months back, did WordPress ever check our account password against a compromised password list, and force us to change our password?
Was this done across both platforms, www.ads-software.com and wordpress.com, or just www.ads-software.com?
Why would you only do to one, and then give back door access to a websites wp-admin using compromised account password?
That is what I am labeling a security risk.
Great idea, just forgot match your password policies across platforms before creating the backdoor. Single Sign On should have a Single Password policy.
Simple fix, check WordPress.com accounts against the compromised password database that you guys used on our wp-admin accounts, and require the password be reset following the security policy you have defined for self-hosted websites.
Good day friend,
I had been battling this issue since my host auto-updated my site to WordPress 5.7, over 2 weeks!I only experienced issues on my cart and checkout pages. Upgraded a different site manually to WP 5.7, then noticed the headline of Improved HTTPS Detection and Migration upon my upgrade.
Then it clicked, WooCommerce requires https so maybe there is a conflict with WP latest enhancement and a SSL plugin. Quickly disabled and my issue was resolved, as I no longer had internet connection timeouts when I would use the inspect tool via Chrome browser> console.
In summary, I was able to resolve my issue by removing the plugin.
In full disclosure, both sites were also running the Redirection plugin, so is possible those two weren’t playing together well, but never had any with them conflicting over the past 2 years (and it is still running on both sites currently).
Thank you so much for the Really Simple SSL plugin, and all the time you have put into the development and support for community. It was truly a well written plugin and saved my bacon many times.
*Video on the latest WordPress HTTPS Detection & Migration
- This reply was modified 3 years, 10 months ago by nilltech.
Hi, after the recent update to WordPress 5.7, my woocommerce cart and checkout pages are timing out, getting errors establishing outbound connections via https. Also getting the following error on the WordPress Plugin page, on 2 different sites, hosted on the same shared server, both have Really Simple SSL and WordPress 5.7.
Warning: An unexpected error occurred. Something may be wrong with www.ads-software.com or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to www.ads-software.com. Please contact your server administrator.) in /home/mydirectory/public_html/mydomain.com/wp-includes/update.php on line 614