sweetmelody

Oh really? But my WP sites got the change since 4.6. Anyway, thanks so much @marius!!! ??

Hi Johnski,

It’s working!!! Thanks a million!!!

Instead of just adding the ‘false’ behind, my host and I replaced this:

$phpmailer->setFrom( $from_email, $from_name );

to:

$phpmailer->setFrom( $from_email, $from_name );
$phpmailer->setFrom( $from_email, $from_name, false );

A naive copy and paste fault. ??

Btw, I’m seeing WP has changed/forced the email header to WordPress, instead of the previous default – site name, is this a bug or new WP default?

@marius I may have not apply the patch correctly, what’s the correct way? Kindly guide, thank you!

@marius Thanks, I have tried adding the patches, however the site just keeps loading for the password reset request, contact form submission etc. I wonder why, do you have any clue on this?

@ian Thanks, the solution works! But hopefully WP will get the new version set up asap, so the sites can work without any SMTP plugin assistance.

Thanks so much for the reply! ^ ^

Thanks and happy weekend!

I’m seeing 403 log entries for the xmlrpc.php but I haven’t added the bonus code yet, the current BPS version already has the protection by default?

1. Thank you very much for the kind education. ??
2. This really makes my day > “You cannot stop a hacker or spammer from trying to hack or spam your website unless you fly to wherever they are in the world and smash their server”, lol, thanks!
3. If I get something like this about the XML-RPC in the error log, does it mean it’s not yet protected and hence the bonus code is required?

HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /xmlrpc.php

4. If the protection code is required, is the following the correct code to be added in the custom code panel (to deny all excesses via xml-rpc)?

<FilesMatch "^(xmlrpc\.php)">
Order Deny
Deny from all
</FilesMatch>

Sorry, if you find my questions are dumb indeed, I’m still learning, many thanks for granting your precious time!

Should there be a ‘#’ symbol before these 2 lines or not?

RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteRule ^(.*)$ - [R=405,L]

Do I need to delete the previous code (as below) before adding the new code?

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteCond %{HTTP_USER_AGENT} !^(UptimeRobot) [NC]
RewriteRule ^(.*)$ - [R=405,L]

I’m still receiving the error logs about UptimeRobot frequently. Please find an error log file sample that I’ve just emailed to for further troubleshooting.

Many thanks!

Yes, I have completed the required steps:

1. Save the custom code.
2. Create secure.htaccess.
3. Activate root folder bulletproof mode.

Here’s a screenshot of the saved codes in the custom code panel.

Happy New Year 2016!

I’m still receiving the error logs about UptimeRobot these recent 2 weeks.

Host Name: engine7.uptimerobot.com

How should I make the adjustment? Thanks.

Thank you very much! Happy holidays!

As a precaution against breaking the site, I would like to confirm that I just need to paste the following code into the whitelist panel?


# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteCond %{HTTP_USER_AGENT} !^(UptimeRobot|bot2|bot3|bot4) [NC]
RewriteRule ^(.*)$ - [R=405,L]


Many thanks!