ted_smith

OK, so this is fairly troubling for me now. I was doing some SEO research today via Google Analytics. One of my “top linked” pages is my GDPR Privacy Policy page. I thought “that’s strange…why is that top linked?”.

I clicked on it to see it is something to do with my internal site structure, because, where it says “Your pages linking to this page 1,725”, EVERY picture of Robo Gallery is listed – all 1,725 of them!!!

And when I click the “open this page” link, it takes me to the thumbnail, from which, I can click the full sized image even in incognito non-logged in mode!

So, whilst it is perhaps unlikely that a casual searcher may stumble across it, it seems that every image I upload as part of PASSWORD PROTECTED RoboGalleries is still accessible and indexable and is part of Googles index!! I did a copy and paste of some of the URLs which take the form of https://www.whateverwebsitedomainyoulike.co.uk/0001234567/ and they appear top of Google, and if I click on them, I get the thumbnail, and if I click on that, I get the full image, from a password protected gallery.

That basically means I can’t use it for private client galleries, and I’m now going to have to remove all of it and do something else with it, unless someone can help me here before I get sued for GDPR breaches!? Either I am doing something wrong or RoboGallery password protection is very very limited in its abilities. I have prepared a screenshot to show you but it seems I am unable to upload it here.

The only other method I can see is to use a Robots.txt rule or a NOINDEX rule in my galleries, but then none of my non-password protected pictures will get keyword indexed (alt tags etc). Surely there must be a way to tell RoboGallery “if password is set, block all content to images, else, allow all access”?

• This reply was modified 2 years ago by ted_smith.

Hi

I saw new version came out about a week ago but the release notes dont seem to make reference to this. Is it not something that can be changed or is it taking longer than thought?

Oh OK – many thanks. I had assumed I had done something wrong but if I have discovered a bug that can be fixed, all good. I can provide some URL examples if you need it but I didn’t want anyone other than the plugin authors to see them. Which is why I haven’t provided them yet.

I’m not sure what changed in the plugin, but suffice to say I fixed this by editing my wordpress wp-config.php file, and I have now hard coded “https” instead of “http” for the two domain name sections. And now all is well again.

So it was obviously something to do with the https redirection. Maybe a change in Apache, or maybe the “Fix Insecure COntent” plugin, which I also use.

Thanks

Thank you so much! As simple as they! Wish I had realised a long time ago. Thank you for the link. Very useful.

That is perfect, and it works excellently! Thanks so much for resolving.

That is exactly what I have been looking for. I’ve added the TFA plugin Two Factor Authentication (https://www.ads-software.com/plugins/two-factor-authentication/#installation), and I’ve enabled it for all users (Admin, subscriber etc). It works for my account when I access the login page. But I can’t work out how to add the settings for the users themselves during their registration because the registration page is a BuddyPress one with extended profiles etc.

The plugin says to add the [twofactor_user_settings] shortcode to ‘a page’, but the page I need to add it to is the BuddyPress registration page, and their user profiles are all controlled by BuddyPress. So if I add that shortcode, it does not show.

Do you know where to put the BP member profile code you pasted above? What file does it go in? Thanks

• This reply was modified 5 years, 8 months ago by ted_smith.
• This reply was modified 5 years, 8 months ago by ted_smith.

Thanks for getting back to me.

I tried deactivating Wordfence, as I realise that has quite aggressive protection mechanisms. Retried the database update but same issue as before.

I searched for cache related plugins and I don’t appear to have any installed as far as I can see. Its no problem though. I was thinking of simplifying my donation system anyway. Thanks for your time.

Once I was back in, I noticed the following in the plugin : Generating two-factor codes depends upon your web-server and your TFA app/device agreeing upon the time. The current UTC time according to the server when this page loaded: 2017-07-27 11:18:17, and in the time-zone you have configured in your WordPress settings: 2017-07-27 12:18:17

So I changed the time back to UTC-0 as I assumed that must be the problem, with the one hour daylight saving. I then reverted wp-config.php back to how it was and reuploaded etc etc but it still won’t login despite generating several new codes.

So for now I have just disabled the plugin…my nerves can’t take it! Thanks for the plugin anyway – it is obviously very good for a lot of people, but just for me and my site I seem to have problems.

Oh THANK YOU!! You have saved my bacon!! Yes, that worked, when I moved the entry to the top of the config file, immediately after the opening php brackets, it worked.

Your guide does say “Add it next to where any other line beginning with “define” is”. So I just put it in the middle somewhere after some of the others. Maybe make it clear it needs to go at the top.

OK, so, now I need to look at where I went wrong the first time. Thanks again for your rapid help.

• This reply was modified 7 years, 4 months ago by ted_smith.
• This reply was modified 7 years, 4 months ago by ted_smith.

OK, many thanks for that.

I have my server set quite tight on permissions, so auto-updates cannot take place via the Dashbioard.

I opted for the usual FTP solution, and that seems to have worked OK (thank you) in as much as the pictures seem to be visible when I navigate to my web pages that hold my galleries.

But, via the NextGen Gallery admin dashboard, no thumbnails or pictures are listed for any of the galleries. It sees the names of the galleries OK via Gallery –> Manage Galleries but if I then click on any of those galleries such as one that holds 124 photos it just says “no entries found”?

What might have gone wrong there?

For a system that’s used as much as WP is, I’m always surprised at how long, if ever, replies to posts come.

Anyway, suffice to say I worked this out and for the benefit of anyone else who Googles as I did for “live wordpress site FROM the Internet TO Localhost”, the simple database tweak you need to do to your RESTORED database on your LOCALHOST (having of course copied your files to your Apache web root and having configured your MySQL system on localhost) is :

UPDATE wp_posts SET guid = replace( guid, ‘https://www.yourwebsite.com’, ‘https://localhost’ ) ;
UPDATE wp_posts SET post_content = replace( post_content, ‘https://www.yourwebsite.com’, ‘https://localhost’ ) ;
UPDATE wp_postmeta SET meta_value = replace( meta_value, ‘https://www.yourwebsite.com’, ‘https://localhost’ ) ;

After that, all is well. I can now take my live site offline, safe in the knowledge I have it running internally.

PS, before anyone suggests “Duplicate” (https://premium.wpmudev.org/blog/guide-to-migrating-localhost-wordpress-to-live-site/), I realise that’s an option, now, but having spent all day copying the files and database down and configuring everything, and got the homepage etc running on localhost, I suspect I just need to change one hard coded value somewhere in one of the php files or something.

Turned out it is BPS Security (BulletProof Security plugin).

BPS Security –> Login Security –> Enable password reset. I had set it to not allow it! SOLVED

I haven’t, but I dare not do so. I have disabled it before and then re-enabled it and all the settings I had applied (sliders, footers etc) were all reset to default values so I had to spend ages setting it back up again.

Note also I have updated it to Awake 3.4 and the problem persists ??