vision-hive

Awesome, many thanks!

I ended up using this function:

// Remove tools & activity log metabox from dashboard for <= editors
function TRIM_ADMIN_MENU() {
    global $current_user;
    if(!current_user_can('administrator')) {
        remove_menu_page( 'tools.php' ); // No tools for <= editors
        @remove_menu_page( 'activity_log_page' ); // Activity log
    }
}
add_action('admin_init', 'TRIM_ADMIN_MENU');

The version that was on www.ads-software.com yesterday.

Also, it works when I unzip manually to the plugins folder, but not when I upload the zip file or try to install from the plugin admin screen.

Thanks!

I can install it manually and it works. This is only an issue with install via zip upload or directly from a search in the plugins page

WP version is 4.9.9. No, upgrading to 5 is not an option.

The WC db is the latest version 3.5.3.

Thanks for the filter but the file check is important, we’ll wait for a fix.

No worries thanks for the quick response! I can build it but good to know that there isn’t something out there first. Much appreciated!

This just happened again, this time while I was working on it. I added a block of html with some embedded javascript, it asked me to whitelist, I whitelisted, now whenever I try to edit the section it gives me a blank page with a timestamp.

The only way to fix this is to pull up the inspect tool, find the ajax request that is resulting in a block, inspect the response source code, copy it, save it as html, upload it somewhere to the same domain, and submit it… obviously this is insane. There are two things wrong here – this is the Wordfence bug where you come in – 1. There should never be a html whitelist page sent as the response to an ajax request because it will not be parsed/useful, and unless the user is a developer who can figure that out, they will from that point in time be blocked without recourse. 2. There shouldn’t even be a block – I already whitelisted.

Screenshots: https://imgur.com/a/I0qXidA

It would be nice if it were an option/dismissable but this way is also just fine, thanks for the rapid reply! ??

Ugh none of these solutions are useful – why is the author ever shown in product pages? this should be off by default. Further, adding styles to hide the author does not exclude them from search engine indexes.

There are several reasons not to use multisite – specifically these are completely separate sites for different clients, the code base needs to be identical to the production versions, the databases need to be separate because they are deployed across various physical servers and identical so that they can be exported/imported to/from production or staging without requiring additional modification. Managing a multisite locally while having single installs on staging and production quickly gets far more unmanageable than the existing development environment with all its duplication.

The actual issue here is that the function dirname( __FILE__ ) on line 21 of wp-load.php will return the target directory of a symbolic link but not the link’s directory, which is a decades-old bug in PHP (or a failure at least, there should be a way to get the location of the link but the gods who make PHP decreed that This Shall Not Happen for whatever reason). For now, I’m using .htaccess on all the local directories to prepend a custom script that defines ABSPATH before WordPress can do so – which works (still testing but so far I’m able to navigate the admin dashboard using this common core)

Oh also isn’t it possible to just queue the whitelist option so that it can be sent with the next non-ajax request, perhaps using the WordPress notification api?

Hi Dave, Thanks for the reply – unfortunately I can’t know exactly what was happening because it was a client at a different location who was editing the page when the block went into effect. They say that a popup was shown to whitelist, which they clicked – and then it stopped working. I have screenshots of the various pages/errors/inspector output but I can’t post images here – how can I get them to you (if you want them)?

??

Specifically, please replace the %s character with <a href="%1$s">%1$s</a> on line 11 of ./lib/email_newIssues.php:

<p><?php printf(__('See the details of these scan results on your site at: <a href="%1$s">%1$s</a>', 'wordfence'), wfUtils::wpAdminURL('admin.php?page=WordfenceScan')); ?></p>

I cannot make these changes because it will trigger an integrity alert for WF and will be overwritten whenever automatic updates are applied.

You may also want to check other locations where you generate urls for email message body content.

• This reply was modified 6 years, 3 months ago by vision-hive.

Solution: In GeoIP Detect settings, you need to make sure “Add a country-specific CSS class to the <body>-Tag.” is checked.