wnthne

“And do you suggest any other useful plugin to make a wordpress website more secure that can be used without conflict?”

This plugin is one that I use. As far as I know, it does not conflict with other plugins.

‘https://blairwilliams.com/2013/09/09/a-new-tool-to-stop-brute-force-attacks-on-wordpress/’

Would it not be a good idea to automatically block the IP address so the hacker does not just try other methods? If so, what code do I put into .htaccess?

Thanks for your response, I appreciate it. I got it working; it turns out the page was listed in the drop down menu after all, but under a different name.
Thanks again.

Thanks everyone for your responses – I appreciate it! The solution I ended with, I got from Josh Lobe, the Ulitimate TinyMCE developer. I pasted it into the main.php plugin file near the top and it seems to work 99% of the time. Of course, every time there is a new update in the plugin, I have to paste it in again.

/**
* Add to extended_valid_elements for TinyMCE
*
* @param $init assoc. array of TinyMCE options
* @return $init the changed assoc. array
*/
function my_change_mce_options( $init ) {
    // Command separated string of extended elements
    $ext = 'pre[id|name|class|style]';

    // Add to extended_valid_elements if it alreay exists
    if ( isset( $init['extended_valid_elements'] ) ) {
        $init['extended_valid_elements'] .= ',' . $ext;
    } else {
        $init['extended_valid_elements'] = $ext;
    }

    // Super important: return $init!
    return $init;
}

add_filter('tiny_mce_before_init', 'my_change_mce_options');

Thanks for the tip WPyogi. Here is the code excerpt: https://pastebin.com/kEdkTjTX

I ran the ThreatScan plugin which exposed the injections.

I submitted a post about something similar two weeks ago:
www.ads-software.com/support/topic/sql-database-infected-or-just-bloated

Found possible problems in Option _transient_feed_895a6fef0cc57461ead214388fd67e81 (script tag )
Just to take an example, “Yoast” appears 35 times alone in this 14KB excerpt (total size is 218KB). I once had Yoast’s SEO plugin installed, deleted long ago.

Who else but Yoast himself would inject and bloat the database with “Yoast”? This could seem to suggest foul play. Does anyone have another explanation?

[excessive code deleted]

I have the same problem. Almost anyone can easily find your user/login name and attempt logins with it. The whole point is to have a secret login name and a secret password. Is there a fix for this?

I did have the previous version installed, but it was deactivated when I installed the latest version. Perhaps an older file somehow got carried over to the new version – or a conflict with another plugin? I do not have time to investigate this myself, but I am sure you will find the answer. It may also be a fluke that won’t repeat with other users?

I installed version 1.5 two times using the WP built-in install feature and got the same result each time (immediately after installation). Both times I had to go in the back end and delete the plugin files. I have other safety measures, so this is not something urgent for me. I just want to help the plugin by reporting the problem. Cheers.

Hi Julio,
I installed the newest version, 1.5 and the problem was immediate.

Thanks for your suggestions. I will check out the plugins. I suspect I may need to also hire a tech person.

Hi Elio, Thanks again!

Hi Elio, thanks for your response. I managed to get it working. Great!

Ok. Looks like a false alarm. Apparently, Ghostery is doing the tracking. However, it does seem odd to have www.salon.com in their header code. If anyone has any info on that please let us know.

Thanks.