Vishy Moghan

Hello everyone. So after a great deal of searching and going through all kinds of configurations, and discussin the issue with you here and with the maker of my theme Total, this evening I finally found the culprit. It is entirely my own fault for allowing automatic updates. One plugin, which I have as a premium for a very long time and has so far been completely innocuous was at fault: WP Content Copy Protection & No Right Click (premium). I have written to them now and notified them of the issue. I see that one or two others have had the same problem. Well perhaps they also have this plugin :D. Anyway the point is that update had taken place and I missed it. So my bad. Sorry.

VM

` wp-core

version: 6.7.1
site_language: en_GB
user_language: en_GB
timezone: Europe/Athens
permalink: /%postname%/
https_status: true
multisite: false
user_registration: 0
blog_public: 1
default_comment_status: closed
environment_type: production
user_count: 2
dotorg_communication: true wp-paths-sizes

wordpress_path: /home/anemosadmin/vishymoghan.com
wordpress_size: 105.25 MB (110361236 bytes)
uploads_path: /home/anemosadmin/vishymoghan.com/wp-content/uploads
uploads_size: 3.06 GB (3285193127 bytes)
themes_path: /home/anemosadmin/vishymoghan.com/wp-content/themes
themes_size: 20.11 MB (21089004 bytes)
plugins_path: /home/anemosadmin/vishymoghan.com/wp-content/plugins
plugins_size: 183.23 MB (192131735 bytes)
fonts_path: /home/anemosadmin/vishymoghan.com/wp-content/uploads/fonts
fonts_size: directory not found
database_size: 31.55 MB (33081978 bytes)
total_size: 3.39 GB (3641857080 bytes) wp-dropins (1)

advanced-cache.php: true wp-active-theme

name: Total (Total)
version: 6.0
author: WPExplorer
author_website: https://www.wpexplorer.com/
parent_theme: none
theme_features: core-block-patterns, block-templates, custom-header, editor-style, automatic-feed-links, post-thumbnails, title-tag, customize-selective-refresh-widgets, align-wide, responsive-embeds, post-formats, html5, menus, widgets
theme_path: /home/anemosadmin/vishymoghan.com/wp-content/themes/Total
auto_update: Enabled wp-themes-inactive (1)

Twenty Twenty-Five: version: 1.0, author: the WordPress team, Auto-updates disabled wp-plugins-active (25)

Admin and Site Enhancements (ASE): version: 7.5.3, author: wpase.com, Auto-updates disabled
Advanced Database Cleaner: version: 3.1.5, author: Younes JFR., Auto-updates disabled
Advanced WordPress Backgrounds: version: 1.12.4, author: Advanced WordPress Backgrounds Team, Auto-updates disabled
Akismet Anti-spam: Spam Protection: version: 5.3.5, author: Automattic - Anti-spam Team, Auto-updates disabled
Code Snippets: version: 3.6.5.1, author: Code Snippets Pro, Auto-updates disabled
Enable Media Replace: version: 4.1.5, author: ShortPixel, Auto-updates disabled
FileBird Pro: version: 6.4.2, author: Ninja Team, Auto-updates disabled
Formidable Forms: version: 6.16.2, author: Strategy11 Form Builder Team, Auto-updates disabled
GA Google Analytics: version: 20241102, author: Jeff Starr, Auto-updates disabled
GDPR Cookie Compliance: version: 4.15.5, author: Moove Agency, Auto-updates disabled
Menu Icons: version: 0.13.16, author: ThemeIsle, Auto-updates disabled
Open Graph and Twitter Card Tags: version: 3.3.3, author: WPExperts, Auto-updates disabled
Post Type Switcher: version: 3.3.1, author: Triple J Software, Inc., Auto-updates disabled
Really Simple Security: version: 9.1.2, author: Really Simple Security, Auto-updates disabled
SliderPro: version: 4.8.12, author: bqworks, Auto-updates disabled
Slider Revolution: version: 6.7.23, author: ThemePunch, Auto-updates disabled
Templatera: version: 2.2.0, author: WPBakery, Auto-updates disabled
The SEO Framework: version: 5.0.6, author: The SEO Framework Team, Auto-updates disabled
ThumbPress: version: 5.8.5, author: ThumbPress, Auto-updates disabled
Total Theme Core: version: 2.0, author: WPExplorer, Auto-updates disabled
UpdraftPlus - Backup/Restore: version: 1.24.11, author: TeamUpdraft, DavidAnderson, Auto-updates disabled
Wordfence Security: version: 8.0.1, author: Wordfence, Auto-updates disabled
WP-Optimize - Clean, Compress, Cache: version: 3.7.1, author: TeamUpdraft, DavidAnderson, Auto-updates disabled
WPBakery Page Builder: version: 8.0, author: Michael M - WPBakery.com, Auto-updates disabled
WP Content Copy Protection & No Right Click (premium): version: 15.3, author: wp-buy, Auto-updates disabled code-snippets (2)

snippet-3: name: Widget Blocks remover, scope: global, modified: 2023-01-30 12:36:46
snippet-4: name: Auto-WPBakery, scope: global, modified: 2024-10-30 10:35:56 wp-media

image_editor: WP_Image_Editor_Imagick
imagick_module_version: 1809
imagemagick_version: ImageMagick 7.1.1-39 Q16-HDRI x86_64 22428 https://imagemagick.org
imagick_version: 3.7.0
file_uploads: 1
post_max_size: 300M
upload_max_filesize: 300M
max_effective_size: 300 MB
max_file_uploads: 20
imagick_limits:
imagick::RESOURCETYPE_AREA: 1 TB
imagick::RESOURCETYPE_DISK: 9.2233720368548E+18
imagick::RESOURCETYPE_FILE: 196608
imagick::RESOURCETYPE_MAP: 753 GB
imagick::RESOURCETYPE_MEMORY: 376 GB
imagick::RESOURCETYPE_THREAD: 1
imagick::RESOURCETYPE_TIME: 0
imagemagick_file_formats: 3FR, 3G2, 3GP, A, AAI, AI, APNG, ART, ARW, ASHLAR, AVI, AVIF, AVS, B, BAYER, BAYERA, BGR, BGRA, BGRO, BIE, BMP, BMP2, BMP3, BRF, C, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CR3, CRW, CUBE, CUR, CUT, DATA, DCM, DCR, DCRAW, DCX, DDS, DFONT, DNG, DOT, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, EXR, FARBFELD, FAX, FF, FFF, FILE, FITS, FL32, FLV, FRACTAL, FTP, FTS, FTXT, G, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, GROUP4, GV, HALD, HDR, HEIC, HEIF, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, J2C, J2K, JBG, JBIG, JNG, JNX, JP2, JPC, JPE, JPEG, JPG, JPM, JPS, JPT, JSON, K, K25, KDC, LABEL, M, M2V, M4V, MAC, MAP, MASK, MAT, MATTE, MDC, MEF, MIFF, MKV, MNG, MONO, MOS, MOV, MP4, MPC, MPEG, MPG, MPO, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, O, ORA, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PHM, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, POCKETMOD, PPM, PS, PS2, PS3, PSB, PSD, PTIF, PWP, QOI, R, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGB565, RGBA, RGBO, RGF, RLA, RLE, RMF, RSVG, RW2, RWL, SCR, SCREENSHOT, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, SRW, STEGANO, STI, STRIMG, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TM2, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIFF, VIPS, VST, WBMP, WEBM, WEBP, WMF, WMV, WMZ, WPG, X, X3F, XBM, XC, XCF, XPM, XPS, XV, XWD, Y, YAML, YCBCR, YCBCRA, YUV
gd_version: 2.3.3
gd_formats: GIF, JPEG, PNG, WebP, BMP, AVIF, XPM
ghostscript_version: 9.27 wp-server

server_architecture: Linux 4.18.0-513.18.1.lve.2.el8.x86_64 x86_64
httpd_software: LiteSpeed
php_version: 8.1.30 64bit
php_sapi: litespeed
max_input_variables: 1000
time_limit: 300
memory_limit: 300M
max_input_time: 300
upload_max_filesize: 300M
php_post_max_size: 300M
curl_version: 8.9.1 OpenSSL/1.1.1w
suhosin: false
imagick_availability: true
pretty_permalinks: true
htaccess_extra_rules: true
current: 2024-11-21T16:46:55+00:00
utc-time: Thursday, 21-Nov-24 16:46:55 UTC
server-time: 2024-11-21T18:46:53+02:00 wp-database

extension: mysqli
server_version: 10.6.19-MariaDB-cll-lve-log
client_version: mysqlnd 8.1.30
max_allowed_packet: 1073741824
max_connections: 500 wp-constants

WP_HOME: undefined
WP_SITEURL: undefined
WP_CONTENT_DIR: /home/anemosadmin/vishymoghan.com/wp-content
WP_PLUGIN_DIR: /home/anemosadmin/vishymoghan.com/wp-content/plugins
WP_MEMORY_LIMIT: 256M
WP_MAX_MEMORY_LIMIT: 300M
WP_DEBUG: true
WP_DEBUG_DISPLAY: false
WP_DEBUG_LOG: false
SCRIPT_DEBUG: false
WP_CACHE: true
CONCATENATE_SCRIPTS: undefined
COMPRESS_SCRIPTS: undefined
COMPRESS_CSS: undefined
WP_ENVIRONMENT_TYPE: undefined
WP_DEVELOPMENT_MODE: undefined
DB_CHARSET: utf8
DB_COLLATE: undefined wp-filesystem

wordpress: writable
wp-content: writable
uploads: writable
plugins: writable
themes: writable
fonts: not writable

Hello

So I just updated my site at https://vishymoghan.com to 6.7.1, yet the issue with the customiser is still in place and not cured. Whereas on my other site at https://anemos.com, which uses the same theme (Total) it is working perfectly normally. As illustrated in the screenshot below. Please read back on this thread before answering, since it seems I keep getting the same advice: vis: deactivate plugins, change theme etc. I want to make it clear I have done all of the above, and cleared server and browser caches, updated everything (diligently), checked in many browsers and, most importantly this has been a persistent issue over many days.

Thanks

Sure, it was posted by https://profiles.www.ads-software.com/desrosj on the page below

https://core.trac.www.ads-software.com/ticket/62335#comment:15

Hi @macmanx

er if you look at my original query you will see clearly stated, that I have done all the things you recommend to no avail. Honestly this problem occurred only on one of around six or more WP sites I manage, one of which uses the same theme as the problematic one.

Anyway, it seems that no one is either understanding or trying to tackle this issue. It happened after the 6.7 update, and I read elsewhere on this support site that you were rolling out version 6.7.1 as an interim cure, and then 6.7.2 as a kind of definitive correction.

• This reply was modified 6 days, 10 hours ago by Vishy Moghan.

Hi David, 

Thanks for the quick reply. I have implemented your suggestion and it seems to have been the right cure. I had many on Width set to ‘auto’ but most of those are not featured on the site any more. The newer additions for some reason I did not change to a value and left at zero. That is because originally they showed fine on Chrome, but since a couple of updates ago to the browser it no longer read the shows. Anyway thanks again. It all seems to be working really well again.

As I said before I think this is my favourite slideshow plugin ever, and I bought it a long time back and never regretted it. 

I will contact you again if I may, if anything goes awry again.

Vishy

My bad so where can I ask this question?

Thanks @anevins
I actually dumped the plugin now and I am back in the dashboard. Thanks for all the advice…

Hi @judgerookie
Yes I suppose so. So really the issue is with the plugin. I am still getting all the email notifications from it telling me there has been a lockout. Interestingly I did a traceroute on some of that range and they all refer back to Clouflare. But when I use Google to trace it comes back to IPs in India!!!! Anyway so another quick question, if I disable or delete the AIOWP plugin would that make the site suddenly vulnerable? should I put in another plugin like Wordfence or something, and if I delete the plugin would I have to go to the DB and drop the relevant Dbs?

@swansonphotos @jaycbrf
Thanks. So which of the Post Type plugins would you recommend?

Thanks Greg, so far after six months or so on this URL I’ve only had two like it so maybe it’s not a problem. Thanks again.

Thanks so basically nothing to worry about? Also perhaps I should have mentioned that my site is routed through CloudFlare for extra security. My last site became a serious target for hackers and caused me hours and hours of work, in the end I simply closed it, dumped the domain altogether. So you can understand seeing these two spike worried me a lot; wondering if this was going start being a problem again…

Hi masterninja01
Just check your .htaccess at the root of your WP install you’ll see the URL which has been changed.

If the URL by default for login page is https://yoursite.com/wp-admin for example you will see in top part of the .htaccess that it has been renamed. This is to mask the browser URL only, it doesn’t change your file names. So I think by default iThemes Security changes “wp-admin” to “wplogin”. That’s about it. If you gave it some other custom name you will see it in your .htaccess.

If you can’t see your .htaccess in your FTP cPanel then contact your provider to make it visible.

That was all I did, basically found the changed URL and so accessed my login page again.
I hope that helps.

Hi Benjamin
Thanks a lot, panic over, finally I accessed my config php and found the way iThemes security had changed the URL for my login page, phew!

But your suggestion is interesting. I will experiment with it.

Great to hear from you.

P.S. Where do I find my login page URL? Since the plugin has reformatted my DB tables I can not even view them any longer. This basically means that I can not find anyway of accessing the site Dashboards.

Please can anyone tell me where to look so I can find the new URL for my login pages???