webmaster

>Did you enable the regex checkbox?

Ah! That did it! Thank you!

So, for those who get this far here’s the solution: I installed the Redirection plugin and at the originalsiteURL installation of WordPress redirected

/.*

to

newsiteURL

AND checked the RegEx checkbox.

Somehow it’s still not working. In the Redirection plugin at https://williamcwood.com/econed, I’m redirecting

/.*

to

https://sites.jmu.edu/econed

but going to https://williamcwood.com/econed still loads that native page at williamcwood.com/econed.

Screenshot at this location.

That looks like a good way to selectively refer visitors to certain pages on the new site — but is there an easier way to just “redirect everything”?

(Background: Both of these sites have been subject to various attacks in the past year, taking one or the other of them down . . . my goal is to keep them both “sort of” ready-to-go in case of future attacks. The “official” address is https://cob.jmu.edu/econed and it just redirects to whichever of the sites is active at the time . . . should I just give up, trust backups of the one site and clean out its folder so that a standard redirect there will work? If I renamed public_html to publicx_html on the backup site and just left everything there, would that work? Quick renaming to get it back?)

Rolled back to 2.4 and all is well for now, but I need to go figure out how to disable auto plugin updates.

Same story — everything stopped working in a formerly flawless setup. I re-entered my Google API key and Google Calendar ID, nothing shows (see
https://beavercreekchurchva.org/calendar/upcoming-events/), just “Oops! That page can’t be found.”

I did the troubleshooting down through Theme and Plugin Checks before running out of time: https://www.ads-software.com/support/topic/review-this-before-posting?replies=10 . Will come back later, but wow, it was working with everything just fine before this auto-upgrade. Is there a way to downgrade to 2.1.1 if I *didn’t* have a backup of all that? (Have databases backed up but not the rest.)

Now, to answer my own question: Yes, that procedure worked, and I have two hints for others who have the same question:

1. This all works better if you have the two sites (clunky production site and clean new test site) at parallel levels in your folder structure — such as https://mydomain.com/home and https://mydomain.com/test . Makes the renaming easier.

and

2. If you’re like me, then after you go live with the new site you will have to hand-code a few links, mostly in text widgets, because they still refer to material in the test site.

And a final data point. I edited the wp-config.php for the site that correctly displays on mobile, https://econ488.com, so that it would read the database of the site that would not correctly dislay on mobile.

The result? The site did not correctly display full posts on mobile. When I directed wp-config.php back to its original database, all was well again.

And my conclusion is that getting stable mobile display on Twenty Fourteen is beyond my WordPress abilities, so I think I’ll go with a different theme. (This is about me, not about Twenty Fourteen.)

But if somebody has a resource for me about how Twenty Fourteen does its mobile display, so that I wouldn’t just be blindly copying code, I would happily give it one more try. In every other way Twenty Fourteen is just right for my small community website (now visible on creaky old Weaver II Pro at https://bridgewaterva.com )

One more data point: A fresh install of WordPress 4.2.2, with Twenty Fourteen then selected, and a child theme including only the additional code

@media screen and (max-width: 400px) {
	.list-view .site-content .cat-links,
		.list-view .site-content .entry-content,
		.list-view .site-content .entry-summary,
		.list-view .site-content footer.entry-meta {
		display: inline;
	}
}

only displays the title of the default “Hello, World” post and not the content on my mobile phone.

I put the test up at https://teachersmillionaires.com/test

Ah, nice! Thank you! That is a very nice solution and it looks good on my laptop and on my phone.

(New test post showing results of the above is at

https://excessmas.com/2012/05/26/new-test-post/

)

I can definitely work with that. Thanks again.

I’ve been working with the styling of those buttons, and I’ve gotten this far:

https://excessmas.com/2011/05/25/test-post/

Good enough so far, but now the trick is to place those buttons so that they look reasonably good on small and big screens. On my phone, they’d look fine if they were just all set to 100% width, but on bigger screens that would not be so good.

I’m looking for a relatively simple solution — suggestions? (“Just use bootstrap,” I know, is one answer . . . but can someone point me to a good tutorial on that? At my current level of knowledge, “just use bootstrap” is only a little above “RT*M” in usefulness.) Also — I know that if I could just get all this into a persistent WordPress menu my problems would be over, as it would take over the small screen-big screen problem for me. But Twenty Fifteen won’t let my menu show by default on a small screen.

Thanks to all, from someone who knows enough to know how little he knows — but wants to do the right thing and not anger the CSS spirits. ??

Thanks — that’s very helpful. For my (limited, not sophisticated) purposes Jetpack CSS seems to be working well). It certainly takes care of the OP’s problem, which was also my problem before I found this thread. Thanks again!

Just one more question about this — for making a small handful of modifications like this, is it better to use a child theme or just use Jetpack CSS or maybe a plugin? (Any important differences in performance, etc.?)

I think the problem is that when a sticky post includes an image, that word “FEATURED” is always there. When you make the post un-sticky, the word goes away — but that’s not a solution, since he wants that post and image to be the first thing visitors always see.

Thanks, that’s helpful. So I guess when a password gets compromised, it’s not usually a brute-force attack.

I haven’t seen much more about this particular exploit, so I guess it’s not as widespread as that timthumb.php business. Basic measures seem to have the malicious code gone from my site, and when I get some time away from my day job I’ll do more. (Volunteer webmaster, little community site . . . you get the picture.)

funkytime said: “make sure you change your password, someone or a script cracked your password.”

and that seems sound, and yet I have to ask (naive security question) “how”? I was using a nine-character password with upper- and lower-case letters, at least one number, and at least one special symbol. I didn’t write it down anywhere. It should have taken thousands and thousands of attempts to crack it — shouldn’t that have alerted somebody to a security problem?

Or, to put it another way: Does alien injected code in index.php mean somebody surely has my password? Or is it more likely that some other vulnerability did it, like excessive permissions for a plugin?

I am curious about this, not trying to be cute or snippy. When I foul up my own passwords, I usually get locked out after a handful of unsuccessful logins — how is some hacker getting thousands and thousands of attempts?