wnthne

	// Ancestral post object.
				(
					'post_type' === $parent_item->type
					&& ! empty( $queried_object->post_type )
					&& is_post_type_hierarchical( $queried_object->post_type )
					&& in_array( (int) $parent_item->object_id, $queried_object->ancestors, true )
					&& $parent_item->object != $queried_object->ID
				) ||

				// Ancestral term.

The above code is from

wp-includes/nav-menu-template.php

The code is from line 552 (// Ancestral post object.) through line 561 (// Ancestral term.) I get server alerts perhaps every 3 hours. I can’t see how it is remotely feasible to test in this fashion. Is there another way to find out what the problem is?

I hadn’t thought of looking there. I see the menu now.
Thanks Jeff!

The plugin worked for me previously, but after i de-activated and re-activated the plugin it no longer shows up in the Tools menu. I tried deleting and then re-installing it, but there is no change. I just read an article by Jeff Chandler https://wptavern.com/how-to-take-control-of-the-wordpress-heartbeat-api and I am concerned because I am using HostGator. How do I get access to the menu?

Otherwise, please explain where I can manually edit the php file and set it to the maximum 60 seconds.

Thanks to all for all the good input. This works for me. It strips RK= and whatever follows.

# Removes hacking attempts from url, such as: /RK=0/RS=AYp9kgWwyL1Te5LIMYeMtv4cBVQ-
RewriteRule ^(.*)RK= /$1 [L,NC,R=301]

I chose add-on-site.org with add-on domain in c-panel and it created Home/public_html/add-on-site.org, not redirected.
When I go to subdomain in c-panel it shows
the root domain as add-on-site.mainsite.com and document root as public_html/add-on-site.org with no redirection.

The WordPress network dashboard shows two sites, one is / and the other is /add-on-site/.

I can see that when adding a site to WordPress, it automatically comes in as a subfolder and I want an add-on domain.
I admit I am confused. How can I resolve this?
Thanks.

Ok. I tried with www in front and got a better result; now I am getting “Access denied”. So I am guessing there is a security code snippet in .htaccess that is preventing access. I will have to investigate that. Thanks.

Why do I keep getting this error when trying to view the sitemap generated by the plugin?

Error loading stylesheet: A network error occurred loading an XSLT stylesheet:
https://mysite.com/wp-content/plugins/google-sitemap-generator/sitemap.xsl

Google webmaster tools reports that my site has no sitemap, even though I submitted it through the Google XML Sitemaps plugin. Please explain.
I had to revert to the sitemap.xml.gz file and submit it manually to Google through webmaster tools. I am now waiting to see if the site gets listed again.

Thanks for the responses. Nice to know it is not the plugin causing problems! Webmaster tools reported a robots.txt error, which should now be fixed, but so far no difference in Google listing. Webmaster tools also reported a script “above the fold” which was slowing response time. The script was identified as “google_analytics_auto.js”, so I removed google analytics – go figure. I had someone peek at the site and they said there was, “Advanced pattern blocking in effect.” So I am looking for a backend tech pro who is an expert in .htaccess. I know this is off topic, but please just point me in the right direction. Thanks.

Another question is why does the hackers IP show a Chinese server when the IP is in Kansas? Does this explain why blocking IPs in china didn’t keep the hacker out?

100.199.78.125.broad.pt.fj.dynamic.163data.com.cn

See:
https://ip-api.com/100.199.78.125
So how can I tell what is real and what is fake? And how can WordFence tell the difference?
Thanks.

I forgot to mention, there have been several “version 0.0” hits before the site went down.

I put the following code in .htaccess and I hope that will prevent any more of the CSS attacks described above (provided I get the site working again).

# Removes wordfence security vunerability
RewriteRule ^(.*)unlockEmail /$1 [L,NC,R=301]

It gets worse. It seems I have been hacked due to a known WordFence vulnerability. ??
https://www.websecuritywatch.com/wordpress-wordfence-security-xss-and-iaa-vulnerabilities/

https://healingpetloss.com/?_wfsf=unlockEmail
Http Code: 200
date/time: 6/7/14 10:20 AM
100.199.78.125.broad.pt.fj.dynamic.163data.com.cn
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31
Protocol: HTTP/1.1
bytes: 242
method: GET

The irony is I just signed up yesterday to be a premium customer and I specifically blocked all hits from China. How is it possible that the country blocking is not working? And why is the Cross-Site Scripting Vulnerability (apparently) not fixed?
Now, my website is inaccessible and I cannot log in to WordPress. I am waiting for my hosting provider to fix it. I have cpanel access, but I do not know how to verify the problem and fix it myself.

Additionally, leading up to this attack was a series of attacks over a 48 hour period, see below:

An unknown location at IP 0.0.0.0 visited https://site
20 minutes ago   IP: 0.0.0.0 [block]
Browser: Yahoo! Slurp version 3.0
Mozilla/5.0 (compatible; Yahoo! Slurp; https://help.yahoo.com/help/us/ysearch/slurp)

An unknown location at IP 0.0.0.0 left https://sitepet/ and visited https://site
23 minutes ago   IP: 0.0.0.0 [block]
Browser: Chrome version 30.0 running on Win7
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.13014 YaBrowser/13.12.1599.13014 Safari/537.36

An unknown location at IP 0.0.0.0 lefthttps://site and visited  https://site
23 minutes ago   IP: 0.0.0.0 [block]
Browser: Chrome version 30.0 running on Win7
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.13014 YaBrowser/13.12.1599.13014 Safari/537.36

BTW, there have been dozens of these attacks with IP 0.0.0.0.
Please advise. Thanks in advance.

I am no longer getting this error message, which makes me wonder if it was likely a problem on wordfence’s side that has been resolved. I have no explanation.

I am getting the same error.
Wordfence Live Activity: Call to Wordfence API to resolve IPs failed: We received an error response when trying to contact the Wordfence scanning servers. The HTTP status code was [0] and the curl error number was [7] and the error from CURL was: couldn't connect to host

The code posted. Does it go in wp-config.php, and is it important where in the file it occurs? Also how do I block the hits below?

An unknown location at IP 0.0.0.0 visited
4 hours 45 mins ago   IP: 0.0.0.0
Browser: Baiduspider version 2.0
Mozilla/5.0 (compatible; Baiduspider/2.0; +https://www.baidu.com/search/spider.html)

An unknown location at IP 0.0.0.0 visited
4 hours 45 mins ago   IP: 0.0.0.0
Browser: Opera version 12.15 running on Win7
Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.15