Tag Archives: WordPress

Thousands of Hacked Home Routers are Attacking WordPress Sites

Thousands of Hacked Home Routers are Attacking WordPress Sites

Fascinating blog from WordFence, one of the best WordPress firewall out there. They uncovered attacks coming from various countries and regions. The target is home networks. There is a router vulnerability called “Misfortune Cookie” [really] that is being exploited. It appears many home routers are hacked with this vulnerability and they in turn launch attacks. The tricky part here is that the launched attacks are actually small per home router, so detection is difficult.

The really weird thing is that the IPS are coming from all over the place, but attacks from Algeria [!] are increasing dramatically.

Read the WordFence Blog here

Activate Plugins after Update

Memo to self: be sure to double check updated WordPress plugins immediately after doing the update!

It is like stating the obvious, but nonetheless very important to remember the above. I just updated the Captcha and WordFence plugins. I saw an error, but remembered to check the Plugins section to verify they are running. Once activated the plugins are fine. Some seem to need this, while others activate ‘automagically’.

Wordfence WordPress Security Plugin

WordPress is so ubiquitous these days on the web, but hopefully more developers will keep up with the security needs of their sites or at least delegate to someone to maintain after their site is built.

This ‘Wordfence’ security plugin is very impressive. It can do a site scan, block IPs or countries [China, anyone?], and give a live screen of current connections. It does much more as well, especially if the free version is upgraded to the paid version.

It has over 1 million installs as of September, 2015. There is a reason for that – even the free tools are very useful and can provide a fair amount of security. I recently installed this plugin on ‘Riguy’ and it is exactly what is needed for a security blanket.

wordfence

Theme directory “twentyfifteen” does not exist

WOW, that was scary! I just went into my WP-ADMIN to update some Plugins and the theme [I heard there was an update @ 4.2.2], and I ended up losing my site: we are talking full on, white page, so a screen shot would not really do justice to how scary that is. There was no error code or message in site. Is this a “White Screen of Death”? I had the 2014 WordPress theme installed, nothing more except a few plugins. I did notice before trying to update WP 2014 that 2015 was sitting there unused, and I checked the box. Big mistake [?]. I guess I really should have simply removed 2015 altogether until I was ready to move to it or not checked the box. But shouldn’t we be able to update both the 2014 AND 2015 theme, without taking the site down? Lesson learned!

I also ended up with this rather ugly message in the Themes WP-Admin area upon finishing the themes updates:

“theme directory “twentyfifteen” does not exist”

Yikes! Site down, and limited options! Did I mention I am NOT USING 2015. I guess by checking both boxes, the assumption by the application is I wanted to upgrade to 2015.

I panicked and started searching frantically over at my friend, the Google search engine. Unfortunately, none of the fixes applied to my situation and some did not work for me. The fix was surprisingly easy, but I admit I ‘rolled the dice’ on it, as I was not sure if I would lose my site for good, or at least until a full reinstall. [I DID have some backups of the content].

I was still able to get into my http:// sitename/wp-admin so at least I had that going for me. Gratitude! I went into the Appearance and themes area, which is where the ugly message was showing and I added the 2014 theme back. I reinstalled it. This all happened so fast, I had to do it twice – sorry but I am not sure why this was necessary, but the WP 2014 site indeed came back!

 





 

Riguy Blog

Although I am slowly but steadily using this Azure-based WordPress site …  My blog is located here ! It is Google’s BlogSpot service. Even though I am a Microsoft guy, I do try to keep my technical interests spread around a LITTLE bit.

Or more to the point >>> http://exploringwindowsos.blogspot.com/

That is really my ‘site’ these days, but I also put the latest feed entries to the right …

Free Azure Web Hosting

This is a Windows Azure hosted site. I am mainly exploring this free hosting service from Microsoft to verify the efficacy of its business use. Azure is one of the largest Cloud providers in the world. They have datacenters world-wide with massive DNS caching and data redundancy. I use and support it at work for virtualization and web site hosting.

It can be found at:

http://azure.microsoft.com/en-us/

 

 

 

WordPress 4.0 is Out!

In another world [Windows Azure], I am using WordPress. I really love WP – it is not only the top blog site software these days, it is the top CMS as well. Put the acronyms aside – WP powers millions of sites worldwide and is basically at the tops of all the charts.

The new + always improved WordPress (4.0) is out!
I always like the ‘under the hood stuff’, as opposed to ‘bells and whistles’ stuff ;>

Straight from WP:

Under The Hood

General

  • Performance and effectiveness improvements to wptexturize()
  • Ensure custom post types nested under top-level menu items get the proper classes
  • Added a src parameter to the embed shortcode
  • Fixes for handling nested shortcodes
  • Make default ‘template’ argument of the_taxonomies() and get_the_taxonomies() translatable
  • Remove a redundant condition for comment feeds from WP_Query::get_posts()
  • The Customizer now properly honors theme support defaults for background images
  • Installed Themes search now shows a proper “no results” message
  • Improved, more consistent styling for HTML5 input elements
  • Post previews now redirect to the permalink if the post has been published
  • Email and URL input types have been implemented where appropriate in the admin
  • Most uses of extract() have been removed from the core code
  • 3gp mime type support was added
  • wp_handle_upload|sideload() logic was consolidated
  • Remove dead and unused code from dashboard.php following changes in 3.8
  • The operator argument now case-insensitive in tax queries
  • Now possible to disable drag and drop functionality in wp_editor() instances
  • Trigger _doing_it_wrong() when a registered post type or taxonomy slug is too long (20 characters max)
  • Widgets management in the Customizer to leverage the new Panels API.

JavaScript

  • Heartbeat API “experimental” labels have now been removed
  • Improved inline documentation for Media Views
  • Forces an autosave on switch from Visual to Text editor

Bug Fixes

  • Fix a notice with media attached to non-existent post type
  • Fix expanding and collapsing the admin menu on small screen sizes
  • Fix a bug where multiple Add Media buttons shared an ID attribute
  • Fix get_the_ID() not checking for a proper post object
  • Fix current track highlighting in audio playlists
  • Fixed bug with audio player not properly floating around images in the editor
  • Fix a bug where bulk actions would be performed upon clicking the Filter button in some circumstances
  • Fix remove_all_filters() always returning true via has_filter() in some scenarios
  • Fix a notice in wp_reschedule_event
  • Fix paragraph tags not being converted in PressThis for the Text editor
  • Fix get_the_excerpt() not always checking $post->post_excerpt
  • Introduce caching for oEmbed responses
  • Fix an issue where attachment display settings didn’t work for galleries
  • Leverage iframe sandboxing for audio and video, allowing arbitrary scripts to be loaded
  • Ensure all plugins have an accurate oEmbed provider list by loading them “just in time”
  • Fixed several problems with formatting of curly quotes, square braces, non-breaking spaces, and related performance issues.

http://codex.wordpress.org/Version_4.0