Forum Replies Created

Viewing 10 replies - 1 through 10 (of 10 total)
  • Thread Starter phoenix26

    (@phoenix26)

    Thanks @jarnovos very useful indeed!

    Is there a case for raising a bug with WP to fix wp-login.php so it works in a different way or is it reasonable how it’s currently working with regards to the Referrer Policy setting?

    I appreciate this may be way down the line in terms of priority and the way it works currently maybe acceptable. I’m happy to ask if we can use the “strict-origin-when-cross-origin” , but I wanted to cover all bases as I imagine this will catch a lot of WP admins/users out…

    Thanks again ??

    Thread Starter phoenix26

    (@phoenix26)

    Hi, Thanks @threadi – I checked with our hosting support and “Referrer-Policy: no-referrer” is set at the server level, which I think is the strictest and is set to keep things as secure as possible (if you disagree be great to hear why and if there’s a better setting we could request).

    I wasn’t sure why the WordPress password protect page is using noreferrer – should it really be using some kind of redirect instead?

    I found another password protected page plugin called “content-protector” which I tested and it gets around this problem (it must use an alternative to noreferrer). However, I am loathed to use yet another plugin to get around a problem and hope we can find a way to make the core WordPress and config work.

    Thread Starter phoenix26

    (@phoenix26)

    THanks threadi. We use So Solid security basic plugin. (SolidWP) Do you know which setting I need to amend? Thanks

    Thread Starter phoenix26

    (@phoenix26)

    Thanks James – I tried this. I deactivated all plugins and switched the theme to twenty-twenty-four. I updated core WP (6.6.2), all themes and plugins. I cleared browser cache and still see the issue with the password protected pages. Is this a WordPress bug? Do other people see this?

    Just to recap – whether I enter a correct or incorrect password I get a blank white page. The URL changes to: https://ourURL.co.uk/domain/wp-login.php?action=postpass I don’t see any errors in the logs or in the browser console.

    If I enter the correct password and revisit the page I don’t get prompted for the password again as the page is cached. I can install a different plugin like this: https://www.ads-software.com/plugins/content-protector/ which gets around the problem, but don’t like the fact core WP functionality isn’t working.

    Thread Starter phoenix26

    (@phoenix26)

    I appreciate if anyone else has any additional thoughts on testing tools / whether to use CLI? I will look at the suggested plugin, but hoped it was easier to test without the need for additional plugins. Thanks.

    Thread Starter phoenix26

    (@phoenix26)

    Thanks for your responses so far. We do have staging environments, which is great but increases the need for a more agile way to test after upgrades.

    Does anyone out there use CLI for this or other particular testing tools?

    Thanks.

    Thread Starter phoenix26

    (@phoenix26)

    Thanks @threadi

    This allows me to manually set the status of a site to “activated or deactivated” and subsequently check it.

    I spotted that when a site is deactivated in this way the message shown on the console is stored in wp-includes/load.php and/or wp-includes/ms-load.php. But I suppose if I were to change the message I’d have to update it again after a WP upgrade.

    Is there a way to set the activated status via the wp-admin console? If not maybe I can request this in the other thread for new feature suggestions… It would be useful to prevent access to sites temporarily.

    There’s another scenario where sometimes I want to keep a site’s content accessible, but prevent all users from adding/amending content. Is there a way to achieve this? *The above maintenance-mode makes the site totally unavailable for browsing and logging in. Thanks.

    Thread Starter phoenix26

    (@phoenix26)

    Brilliant – thanks bcworkz. That really helps my understanding of PHP and Bash working together.

    I also found this cmd that will do it via the WP CLI: wp core is-installed –network

    Thanks again.

    Thread Starter phoenix26

    (@phoenix26)

    I have a simple bash script that sits on a redhat server and needs to check if particular WordPress (6.5.4) folders on the same server are multi-sites or not. We have mutliple WordPress sites – some are single sites, some multi-sites. I spotted this in the docs:

    https://developer.www.ads-software.com/reference/functions/is_multisite/

    I’ve added my basic code below, but my script doesn’t like the syntax. I’m new to bash and PHP and wondered if I can achieve this via extending WP-CLI access or if I need my Bash script to call into a PHP function? Any tips/examples of the best way to achieve this are most appreciated.

    vim multisitecheck.sh

    require_once(“wp-load.php”);

    if ( is_multisite() )
    then
    echo multisite present
    fi
    echo check complete

    • This reply was modified 4 months, 3 weeks ago by phoenix26.
    Thread Starter phoenix26

    (@phoenix26)

    Thanks bcworkz

    Yes, the Bash script runs on the same Linux server as the WP Installation. I can use other WP functions from the WP-CLI – such as wp core update – but there seems to be something missing when I try and access is_multisite(). I appreciate any further thoughts. Is it because this function is in PHP and I need something in the Bash Script to interpret this? Thanks.

Viewing 10 replies - 1 through 10 (of 10 total)