I use wordpress for my website. I have a api system in my current theme for follow-unfollow system. When I try to follow or unfollow, my api request blocking.
My Url;
https://my_website.com/wp-content/themes/my_theme/api.php?
I got 403 error.
How can I solve it?
I am using Aksimet Anti Spam, iThemes Security, Wp Scan and Loginizier.
Try to make a page api and make the api.php a template. Try to access it from there, I'm not sure if any of your plugins refuse access to the wp-content/themes or what but my api is a template on a page :)
Related
Recent Update - Updated for clarity
I have a WordPress site set up on Server A.
Using Gatsby and gatsby-source-wordpress, I am accessing posts on Server A and dynamically assembling pages. I am then deploying a Gatsby site to Netlify.
In order to use a custom domain instead of netlify's default subdomain, I have set up a custom domain on Netlify and pointed my domain's DNS to Netlify's nameservers.
The problem is when I navigate to mycustomdomain.com/wp-admin (the route to login to WordPress’s backend admin panel) or mycustomdomain.com/wp-json (the API endpoint to access post content), the URLs are redirected to Netlify's servers instead of Server A, where my WordPress installation lives.
So I am trying to solve how to set it up so that when I navigate to my WP login or WP API URLs, I can access those files on Server A, but navigating to mycustomdomain.com goes to my Gatsby/Netlify build.
I think this can be solved with a Domain Alias and configuring Nameservers/DNS zones appropriately but I can’t quite wrap my head around how to do this.
Thanks,
Below is not the right way but maybe it will help you.
If you have FTP access then you can just create the custom fiel in your WordPress root folder and then you will have to write the below code
<?php
include "wp-load.php";
wp_set_auth_cookie($your_user_id); // generally 1 for the main admin user
?>
Run your newly created file like below http://example.com/custom_file.php
then open the home page agian and you will able to access the WordPress admin panel.
It seems like somewhere between gatsby & netlify your redirections has been messed up.
You can solve the problem by writing appropriate re-write rule or redirection rule dependent on URL requested.
Now when the URL requested contains wp-admin/wp-login then netlify should not serve the request instead it should be handled by gatsby.
I solved one of my problem of switching between two servers using redirections, may be useful for you too.
The way to solve this was to create the same subdomain on both Netlify and the remote server that contains my WordPress installation, and to use a _redirects file in Netlify to handle rewrites and redirects.
For example, I'll create wp.mydomain.com as my subdomain.
Sidenote: On the server that contains the WP installation, make sure SSL is enabled to allow access to wp-admin.
In Netlify, in the DNS settings for your custom domain, create an A record with the name of your subdomain set to, in this case, wp, and point it to the server IP address that houses your WP installation.
Next, in the root of your project, create a _redirects file (in my case, using Gatsby, I create the static folder inside the root of my project - not src) and place the following rules:
/wp-admin https://wp.mydomain.com 200
This says that anytime I access www.mydomain.com/wp-admin redirect me to wp.mydomain.com/wp-admin, the subdomain I set up on my WP server. This routes my request to my WP server and not Netlify.
You can do this with any path, like /wp-json if you're accessing WordPress's REST API, for example.
This was a pain to get working. I hope it helps someone out there!
I have a WordPress website hosted on Amazon Ubuntu.
Amazon reported that my server is sending a WordPress login attempt requests to other servers on Amazon.
My website is just a landing page with a contact form. How do I prevent such incidents?
You can block external http requests check adding
define( 'WP_HTTP_BLOCK_EXTERNAL', true );
in wp-config.php
Since you have already found a bad curl call in your source, I strongly suggest you check the integrity of your Wordpress installation.
If you have WP CLI available you can do this with the command wp core verify-checksums.
If you don't have WP CLI available you can use this excellent solution by Jan Reilink (either directly or as a starting point for your own code).
Either way you'll get output that tells you whether or not additional files have been modified (you could then restore them from the same WP version source). This will not be a catch-all-method in regards to malware, but I think it can be helpful in your specific situation.
Given that the code that's causing these requests is not part of the Wordpress core the answer to your question is some of the general best security practices for Wordpress:
Keep Wordpress and plugins updated
Use strong passwords for users
Add a captcha and brute force protection to your login page if possible
So, I've got a Magento installation with Wordpress integration. I've got an install where I need to have SSL to cover payments, and unfortunately the Wordpress folder isn't secure and serving images through http. In order to get the green lock, I need to secure the entire wordpress folder.
I know in the backend of Magento, you can specify which folders belong to skin, media and js to secure, but how (if it is in the same parent directory) would I secure the wordpress folder?
yes you can secure your wordpress setup with extra wordpress plugin
use this link this is very good plugin to use with wordpress to get SSL certficate to all pages as well as in admin area.
Also there is one another alternative solution to make some change in code to use this useful link
http://yoast.com/wordpress-ssl-setup/
Pls not that i am not associate with any of the above link.A purpose to share this link to solve your problem.
hope this will sure help you.
Try to add that in your httpd-ssl.conf (one of your Apache config files)
I've installed the jetpack plugin for my self-hosted wordpress site. The JSON API feature in jetpack allows me to use the rest API (http://developer.wordpress.com/docs/api/). However i don't understand how to use it.
https://public-api.wordpress.com/rest/v1/sites/$site/posts/
How do i find my $site for example?
Any examples that anyone can share?
Just replace $site with the URL of your site.
https://public-api.wordpress.com/rest/v1/sites/www.yoursite.com/posts/
You can replace $site with the domain and (if needed) path of your selfhosted Wordpress site that has jetpack installed.
Just try this example where $site was replaced with discover.wordpress.com
https://public-api.wordpress.com/rest/v1.1/sites/discover.wordpress.com/posts/
If you get the error: {"error":"unauthorized","message":"API calls to this blog have been disabled."} with your own site make sure that you enabled the json api in the general section of your jetpack plugin settings.
This doesn't directly answer your question but maybe others coming across this post, as I did, would want to know how to possible fix the problem.
In my case I am:
Using Jetpack
Self-hosted site
I was receiving the error:
{"error":"unauthorized","message":"API calls to this blog have been disabled."}
In order to fix it:
Disconnect the Jetpack plugin
Reconnect again.
Fixed the issue!
I am not an expert for mod_rewrite, so I need a big time help. Here is the scenario:
Domain Name: www.example.com
Points To: /www/public_html/
I have a wordpress installation at:
/www/public_html/subfolder/
Now I have two htaccess files, lets call them .h1 and .h2 . I have managed upto now to do this:
When user types www.example.com they are taken to the wordpress homepage in the subdirectory (sweet). In fact everything is hunky-dory besides:
MAIN PROBLEM:
I want to create a custom login URL, say : www.example.com/mylogin
I am able to do the following by setting the following in my .h2
RewriteRule ^mylogin$ wp-login.php
But when I use this URL, it taken me to the login screen but the url in the browser changes to http://example.com/subfolder/wp-login.php
I want the URL that is displayed when the login screen is presented to stay the same as before i.e. http://example.com/mylogin
More precisely, no subfolder name and no wp-login should be displayed. How do I achieve this? Any help would be appreciated.
Your solution doesn’t hide the default login url. It only adds an easier to remember url which redirects to the default url /wp-login.
Without the need for coding you can easily install the plugin Custom Login and Admin URL’s that fixes this weakness.
Caution: This plugin have been tested on a new installation of WordPress and it worked fine. However, most free plugins are unsupported which means they sometimes conflict with other plugins depending on what you have installed. If you have any issues, login to cPanel or FTP and delete the plugin or contact your web hosting provider.
Another Security plugin for WordPress which you may want to take a look at is named Better WP Security. This WordPress plugin offers security settings for WordPress login, registration and admin pages as well as many other anti hacking features to protect your site.