Forum Replies Created
-
AuthorPosts
-
What site are you needing help with?
Did you try the Complete Scan again?
The tokens are automatically generated every time the page loads but they do expire if you leave your browser on that page for too long. As the message says: Please try re-submitting the form.
If you refresh the page and try the scan again and still get the Token error then there might be something wrong with your database.
Click the “Taking too long” button to see the results, maybe there is an error message?
You should also check your browser’s Error Console for JavaScript Errors.
Also, check the error_log files on your server to see what errors are recorded there when you try and fix the threats.
I see the directory index every time I load your site. I can’t tell if it was done maliciously or it your server is just not configured correctly, but it’s definitely not working. I don’t see any obvious signs of malware but it’s hard to tell when your site is not loading right anyway.
I would suggest that you talk to Gridhost about getting your server configured correctly or move to a better hosting provider if they are not going to help you.
Yes I am familiar with the vulnerability in that plugin and it has been pulled from the WP Plugin Repository. I am working on a way to auto-fix this new threat because it cannot me done by a simple SQL Statement without corrupting your other settings.
Anyway, thanks for the response. I’m glad that you got it working.
I don’t see these scripts you are referring to. Can you tell me how to recreate this redirect that you are getting, or send me the code that you have found which my plugin has not identified as malicious so that I can add it to my definition updates.
April 13, 2019 at 10:22 am in reply to: Brut Force Protection – Your Server could not start a Session! #2258Yes, If your server cannot start a persistent session the Brute-Force Login Protection will not work for you (and other things that require and active session may not work either).
There are many reasons that your server is not able to start a session. You need to ask you hosting provider to look into it and let you know why sessions are not working. Also ask them if mod_rewrite is installed and make sure that you can use rewrite rules in your .htaccess file.
You can simply re-register your key using the same prefilled registration form on the Anti-malware Settings page of your wp-admin, just make sure to change the email address before you submit the form and it will update the registration records on my side.
Yes, I play nice with other security plugins
There is no reason to deactivate this plugin when not in use, and I don’t recommend it.
You just need to register this new key to your email account on file. Use the registration form on the Anti-Malware Settings page in your wp-admin.
As on any WordPress site you can change your Profile information here:
Yes, My plugin is completely compatible with PHP 7.2 and this deprecated directive WARNING about “mbstring.func_overload” is irrelevant for a number of reasons.
First, the code in that plugins/gotmls/safe-load/wp-settings.php file is copied exactly from the WordPress core files as an emergency backup feature. So it is not only rarely ever used but it is also present in the WP Core files.
Second, the code in question is only testing to see if this deprecated directive “mbstring.func_overload” is being used, not actually even trying to use it. So it would not cause and error but rather it would detect if the directive was set, which it should not be.
Third, even if a deprecated directive were to be used in some other code on your site it should not cause any errors on a production server because DEPRECATED warnings should be suppressed in your php.ini file anyway.
I have to add that this plugin you used to check for compatibility issue can’t be very good if it does not pick up on or address these three very important points.
Please let me know if you have any further questions.
It will take time to get you site off of those blacklists. Many of those scan results on virustotal (like BitDefender) are not updated frequently, and Google is also sometimes very slow to re-index site that have been flagged for malware.
You will need to lookup each of those sites for a way to request a review and actively work to get your site off of those blacklist as fast as possible but it may still take some time.
Start be checking your site in your Google Webmster Tools account (now called Search Console). Check that security status and make sure that there is a current sitemap uploaded.
Just enable the Automatic Updates and click the Save button and it will install the Core Files definitions for you.
I think you still don’t understand me. So the simplest solution is to listen and trust what I said before:
“You should only change this setting from the default -1 if there is some specific reason that you don’t want the scan to hunt too deeply into all the sub-directories in your scan path.”In other word, trust the default setting of -1 and don’t change it!
If you want to understand this setting more then I will reiterate the same point that I already made which already answered all of these question:
Question: do I use Plus or Minus numbers?
Answer (already given): “-1 is infinite depth”, but… Setting this to any POSITIVE number would restrict the scan from digging down into any sub-directory below that number. Again, don’t do this, just leave it on -1, but I say this again to help you understand the meaning of this setting.Important: DEPTH has nothing to do with the number of domains that you have!!!
20 domain DOES NOT EQUAL 20 sub-directory of depth!!!To understand directory hierarchy and the particular depth of every sub-directory on your server you need to think about the filesystem it terms of folder and sub-folder, not in any way related to what DOMAINS your have on that server.
-
AuthorPosts
