rockstaremperor
Forum Replies Created
-
Forum: Plugins
In reply to: [FastPixel Caching - WP Optimization made easy] Not CachingThanks for your advice. I deactivated all security plugins and it worked. Now, all pages are Cached. I will check later which plugin was blocking.
BTW, when testing my website on Google Pagespeed, the Desktop result says No Data (Core Web Vitals Assessment is Failed) – https://pagespeed.web.dev/analysis/https-www-workmoneyfun-com/b8wnsfl2jq?form_factor=desktop
However, when testing the cached link (from Fastpixel test website) of my website on Google Pagespeed, the Desktop result says “Core Web Vitals Assessment:?Passed” – https://pagespeed.web.dev/analysis/https-test-fastpixel-io-cached-www-workmoneyfun-com/aqmjcm5o8e?form_factor=desktopSince, the plugin is working now and all the pages have Cached status, why the Pagespeed result for direct website URL is not showing passed CWV but the cached version of my website on Fastpixel test page is showing passed CWV? Please suggest if I need to tweak any other settings to get the passed CWV.
Forum: Plugins
In reply to: [Forget Spam Comment] Sudden increase in spamYes, I am also experiencing sudden increase of spam comments. This plugin was working perfectly but since last few months, getting lots of spam comments. Updated to the latest version but still receiving spam comments.
Forum: Plugins
In reply to: [Jetpack - WP Security, Backup, Speed, & Growth] Customize page not workingEarlier, when I deactivated Jetpack, only then Customize page displayed. But it automatically worked now. Thanks!
Scanning displayed only 1 result for session_start string on Home only – https://imgur.com/a/cKKdUdI
I just did a thorough search in database and deleted all Wordfence leftovers and a few other old leftover entries from other plugins there and now the problem is solved, and I can edit the scripts.
Here is the list.
I disabled other security plugins and tried but still same error.
#2340300 CRITICAL 115 POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com #3866804 CRITICAL 115 POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com #3942896 CRITICAL 115 POST /wp-admin/admin-ajax.php - Cross-site scripting - [POST:customize_changeset_data = {"genesis-settings[footer_text]":{"value":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"...] - www.workmoneyfun.com
I was using Wordfence earlier and have completely uninstalled it few days back. Just now I uninstalled Ninja too and reinstalled Ninja. Then following the article above, I added administrator user in wp-config and got green NF in WordPress dashboard admin bar. After this, tried again to edit Footer script but again same error. And here is the log:
22/Nov/22 07:50:16 #2159749 CRITICAL 115 POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com 22/Nov/22 07:50:22 #6348150 CRITICAL 115 POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com
I am the admin and I have set default settings in Ninja. I just tried again to edit Footer but still got the same block error. Following is logged in Ninja:
22/Nov/22 01:41:57 #1648678 INFO - POST /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://www.workmoneyfun.com/wp-admin/customize.php?return=%2Fwp-admin%2Fplugins.php%3Fplugin_status%3Dall%26paged%3D1%26s] - www.workmoneyfun.com 22/Nov/22 01:42:20 #6935309 CRITICAL 115 POST /index.php - Cross-site scripting - [POST:customized = {"genesis-settings[footer_text]":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"https://www.workmoneyfu...] - www.workmoneyfun.com 22/Nov/22 01:42:33 #2696762 CRITICAL 115 POST /wp-admin/admin-ajax.php - Cross-site scripting - [POST:customize_changeset_data = {"genesis-settings[footer_text]":{"value":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"...] - www.workmoneyfun.com 22/Nov/22 01:42:45 #5295015 CRITICAL 115 POST /wp-admin/admin-ajax.php - Cross-site scripting - [POST:customize_changeset_data = {"genesis-settings[footer_text]":{"value":"<div class=\"creds\"><p>Copyright [footer_copyright] <a href=\"https://www.workmoneyfun.com\">Work Money Fun</a> %c2%b7 <a href=\"...] - www.workmoneyfun.com
Site’s htaccess has following codes for security:
# Protect wp-config.php <Files wp-config.php> Order Allow,Deny Deny from all </Files> </IfModule> <ifModule mod_headers.c> Header set Connection keep-alive </ifModule> <IfModule LiteSpeed> Options All -Indexes Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" Header append X-FRAME-OPTIONS "SAMEORIGIN" Header always set X-Content-Type-Options "nosniff" Header always set X-Xss-Protection "1; mode=block" Header set Content-Security-Policy "upgrade-insecure-requests" Header set Referrer-Policy "same-origin" Header always set Permissions-Policy "geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);" Header set X-Permitted-Cross-Domain-Policies "none" ForceSecureCookie httponly secure same_site_none ServerSignature Off ServerTokens Prod Header always unset "X-Powered-By" Header unset "X-Powered-By" </IfModule> # Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all </Files>
Ninja Firewall dashboard displays as:
Firewall Dashboard Firewall Enabled Mode NinjaFirewall is running in Full WAF mode. Edition WP Edition ~ Need more security? Explore our supercharged premium version: NinjaFirewall (WP+ Edition) Version 4.5.4 ~ Security rules: 2022-11-21.2 PHP SAPI LITESPEED ~ 8.1.12 Admin user username : You are whitelisted by the firewall. User session It seems that the user session set by NinjaFirewall was not found by the firewall script. Help & configuration Securing WordPress with NinjaFirewall (WP Edition)
- This reply was modified 1 year, 11 months ago by rockstaremperor.
I replaced with the above code and I haven’t had the auto disabling code snippet occurring for the last 12 hours. So I guess it worked. Thanks for the help.
Thanks, it solved the cache plugin configuration. However, when editing Header/Footer scripts, I am getting the same error above. Now how do I solve this one?
Is there any easy preset for non-technical person to just install Ninja and does not have to face any above or other errors? Before Ninja, I was using Wordfence and I never faced any such errors.
This is the PHP error I am getting
PHP Warning: Undefined array key "blogger" in /home/lsudlknf/public_html/wp-content/plugins/insert-headers-and-footers/includes/class-wpcode-snippet-execute.php(260) : eval()'d code on line 10
Each time I activate the code snippet, it automatically deactivates the code snippet itself.
When I am using this code snippet in Code Snippets plugin, it too generates the same PHP error but the code snippet functions fine. Only in this plugin, code snippet is disabled automatically.
- This reply was modified 1 year, 11 months ago by rockstaremperor.
Well, ip problem is solved now after configuring a setting in Litespeed server. But I cannot still add header/footer script nor modify cache plugin settings in WordPress dashboard. Each time, I am getting the above error.
Forum: Plugins
In reply to: [Code Snippets] PHP ErrorI did not understand. Where do I check?
Above is a Redirection code from Blogger to WordPress and the redirection is working fine without problem. Error is reported in Error Log only.- This reply was modified 1 year, 11 months ago by rockstaremperor.
Forum: Plugins
In reply to: [Code Snippets] PHP 8.1 – eval()’d code on line 7How?
Would it be possible to take a look at the PHP error log maybe that provides more info on the source of the error?
Where do I get this PHP error log?
Forum: Plugins
In reply to: [HTML Forms - Simple WordPress Forms Plugin] Form FieldsI just filled the From field as
From: [NAME] <[EMAIL]>Problem solved. Thanks!