RouseA

Twentig adds numerous features used in our website, such as the ability to selectively change text colours. It’s unfortunate that won’t work with the features added by Options for Twenty Twenty-one. Is there any workaround?

Thanks, Oliver.

Firstly I’m interested to know how you were able to view the FTP for our site without the passwords.

Secondly, I don’t remeber why I added the CSS but I deleted it and it made no difference.

However, you gave me the clue of trying to find if any other plug-in was the cause and I identified to error id sue to the tewntig plug-in. When I disabled it the header color can be set.

I’m investigating to see what features of twentig are affecting the website

Since no-one has responded to my post I assume no-one else has experienced the same problem. Fortunately I use BackWPup so I have been able to restore previous versions of the website. I have done this repeatedly, and after each it works correctly until I update Twenty Twenty One, which proves conclusively that the problem is not due to any plug-in updates.

Nicolas
Any further thoughts since I gave you log-in details for our website? If you have finished your tests can I delete you as an administraotor?

• This reply was modified 4 years, 4 months ago by RouseA.

PS I have tried all the troubelshooting steps:
* All the software is the latest
* I can find nothing appropriate on the forum
* I have cleared the browser cache. I have also tried both Firefox and Chrome
* I disabled all other plug-ins
* I tried using the 2020 theme instead of Customizr
* The only javascript I can find is described above

There is some additionsl CSS code to modify fonts. Is this likely to be the problem:

.wp-caption .wp-caption-text {
font-size: 18px;
text-align: center;
padding-top: 8px;
margin: 10px;
}
h3 {
    color: red;
    font-style: italic;
}
h2 {
    color: red;
    font-style: italic;
}
body {
    color: black;
}
.tablepress .odd td, .tablepress .even td {
	background:none;
}
.tablepress-id-PayPalButton tbody td {
	font-family: Tahoma;
	font-size: 22px;
	color: purple;
}
#tribe-events h1 {
color: red;
text-transform: uppercase;
}
#tribe-events body {
color: blue;
font-size: 18px;
}

PS: Using Windows 10, WordPress 5.5.3, Nimble Builder v2.1.22 + Customizr theme v4.3.6

I really appreciate your help.

I have found that either of your suggestions (root .htaccess and Private/.htaccess) block documents from direct access. However, they also prevent the documents from being accessed from hyperlinks within the website (403 Forbidden).

This suggests that REQUEST_FILENAME and SCRIPT_FILENAME are failing to recognise the source of the enquiry. Incidentally, I haven’t used both at the same time – I used it as a means of quickly switching to test each by commenting out the other.

Is it possible to enable a log which may help identify any errors?

I have configured within my Private directory a number of sub-directories (e.g. accounts, minutes etc). For test purposes I have used a .XLS file in the root Private directory, but it would be useful if the .htaccess file could cover all sub-directories to save having to duplicate it in each sub-directory.

Also it would be good if the .htaccess file could cover all types of file that may be private (e.g. .XLSX, .DOCX, .PDF etc)

I can’t believe that I am the only person with this requirement. Anyone who uses a Members Only password to protect private information stands the risk of it being accessed directly. The problem was brought to my attention by a bank security system that scans the internet for personal information and warned a member that his details were accessible, sending him the link to access the document directly.

• This reply was modified 5 years, 7 months ago by RouseA.

Thanks for your suggestions.

I tried replacing the root .htaccess with your suggestion, but I was then unable to open any sub-pages (presumably because it was blocking access to the index and/or directory). I added the WordPress .htaccess so I was able to open sub-pages, thus my root .htaccess became

<IfModule mod_rewrite.c>
RewriteEngine On

# BEGIN WordPress
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

# BEGIN file lock-downs
# RewriteCond %{SCRIPT_FILENAME} /wp-content/uploads/Private/.+\.xls [NC]
RewriteCond %{REQUEST_FILENAME} /wp-content/uploads/Private/.+\.xls [NC]  
RewriteCond %{HTTP_COOKIE} !wordpress_logged_in_  
RewriteRule ^ - [F]
# END file lock-downs

</ifModule>

However, I was then unable open private files from within the website (or directly).

Thomas is obviously aware of the syntax of .htaccess files, so I hope he can suggest a further improvement. I would like to learn the syntax and would appreciate guidance on where to find instructions.

I should start by saying that I am by no means expert in these matters, but I am keen to learn!

As I understand things, the PHP version and Apache are dictated by the company used to host the website. My host uses PHP7.3, but I can’t identify anything about Apache. Any suggestions how I can find more details?

My main .htaccess file was created by WordPress, and the contents are as follows:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# Wordfence WAF
# END Wordfence WAF

I have tried expanding this, which proves that it is active (I was able to block all web access until I restored the contents via FTP).

However, your response to the second part of my query suggests that I am following the wrong route in assuming privacy should be provided via .htaccess. Can you give any guidance on how I could achieve the desired objective using PHP?

• This reply was modified 5 years, 7 months ago by RouseA.
• This reply was modified 5 years, 7 months ago by RouseA.
• This reply was modified 5 years, 7 months ago by RouseA.

Thanks for the help.

Firstly, there is no blog on our site, so I don’t use posts. All entries are pages.

How do I change the URL? In Settings>>General the WordPress Address (URL): box shows https://wokinghamlions.org.uk/, but it is greyed out so I can’t change it

FileZilla finds numerouse files containing json in their name (e.g. app.json, json-api.php. json..js). Which should I modify?

I must be missing something. If I select Downloads from the left-hand menu I can’t see an option to upload media. Next to the heading Downloads there is a button to Add New, but the only option from there is to Add Media, which accessed media that has already been uploaded.

What am I doing wrong?