I have added the following to .htaccess (using my own IP instead of the???
<FilesMatch ".*"> Require ip ??.?.?.??? /FilesMatch>
I hoped it would be one way of stopping admin access to the Wordpress site. (I am aware that IP spoofing is possible but having had two attacks where the login has been altered, I've got to try something.)
I'm using the Sucuri plugin which tells me about failed attempts and I've upgraded all the relevant passwords.
Now when I try to run Page Speed Insights I get "ERRORED_DOCUMENT_REQUEST. Lighthouse was unable to reliably load the page you requested."
Please keep it simple (I'm not a programmer) but is there a way of whitelisting the Lighthouse IP?
Related
I am currently having issues with setting up an HTTPS domain redirect. I have a DNS URL redirect entry that points a few sub-domains to same-server URLs. For example:
docs.kipper-lang.org -> kipper-lang.org/docs/
play.kipper-lang.org -> kipper-lang.org/playground
The issue I am currently experiencing is that when using the subdomains, it mostly works, but it can only use HTTP. If I attempt to use HTTPS (like for example https://docs.kipper-lang.org) the redirect won't work and will get stuck apparently waiting for the HTTPS certificate (I think, but I don't know for sure, since it loads forever and gets a time-out).
So my DNS provider does its job for the most part as I want, but I am not sure how to add the HTTPS encryption to these redirects. Is there maybe even some DNS configuration or even middle-man service for redirects I can use, where these HTTPS encryptions are built-In? Since receiving a "Warning: Insecure connection" every time someone uses the sub-domains is a massive problem for me.
Note though that considering I am hosting on a GitHub Pages server, I am unable to do these redirects on the server side myself, as I can't use any code in this case.
I would greatly appreciate any ideas for fixing this or what I could use to achieve this another way.
Thanks in advance!
We are using DIVI on a shared hosting site. When using the DIVI Visual Editor, apparently some Ajax calls are being detected by the hoster as an threat, and the IP is then block for 10 minutes or so. The only remedy on the hoster side, they say, is to whitelist the IP; however, none of our WordPress contributors have a static IP, so this will change frequently.
Assuming the analysis of the issue is correct, might there be a mechanism to 'fix' the blank referrer before the request leaves the client?
You could try adding an access control header to htaccess, if you haven't already.
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
Additionally, you could sign up for a VPN service that has a static IP, and have your contributors log in to the VPN prior to logging in to WP. From a security standpoint, this might be a better way to go in the long run if you have people accessing your site from many (possibly unsafe) places.
My client has a Wordpress site with an SSL certificate. Riht now I'm trying to figure out any solution.
The site address is https://illustro.pl
When entered on the front page you'll get the un secure connection warning.
I've tried to find what causes this with any luck, solutions that have not worked
replace http with https
change all http to https with Mixed Content/Insecure Content SSL
In the process I've also changed all the URLs to HTTPS in the database on sites where the was the need to.
I'iv inspected the site with multiple developers tools all of them show the problem at line one.
At this point any suggestion would be appreciated.
Try the below code placing at wp-config.php
define('FORCE_SSL_LOGIN', true);
There could be multible reasons:
Main reason is currently that your webserver is not sending the full certificate chain (intermediate certificate is missing). That's the current reason why the browser tells you "unknown issuer".
The next reason could be or will be that your certificate doesn't have subject alternative names. Browsers will stop checking for common name in future.
For some unknown reason, all PDFs on the site http://safetyaustraliagroup.com.au/, when clicked, result in a redirect loop and then ultimate failure:
e.g. http://safetyaustraliagroup.com.au/wp-content/uploads/2017/01/Robert-Keft-Profile-2017.pdf
Result from Pingdom: Pingdom Full Page Test Result
HOWEVER: If I bypass Cloudflare and add the IP address to my hosts file for the domain - it works as expected.
Cloudflare are not very helpful and say it's my problem but I can't understand what is causing this? Especially when my testing indicates that it is only happening when connecting via Cloudflare.
I'm new to wordpress, so please bear with me.
We're hosting a wordpress 4.1 installation internally in our Windows Server, within our network; our WP url is http://ourserver:2020/wordpress/wp-login.php We're behind a firewall and I don't have access to it.
Initially, it wouldn't connect at all from the start, so I added the following and it works:
define('WP_PROXY_HOST', 'proxy.ourcompany.com');
define('WP_PROXY_PORT', '8080');
define ('WP_ACCESSIBLE_HOSTS', 'api.wordpress.org, downloads.wordpress.org, planet.wordpress.org, akismet.com');
But after I download and install a theme, I get the same error 3 times, but in different lines of update.php:
WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in C:\xampp\htdocs\wordpress\wp-includes\update.php on line 119
So I'm thinking that here particularly, WP requires a secure HTTPS connection to WP's server. That has to be the only explanation because it already connected to WP to download the theme.
I also added the following, but nothing:
define('FORCE_SSL_LOGIN', false);
define('FORCE_SSL_ADMIN', false);
define('FORCE_SSL', false);
define('WP_HTTP_BLOCK_EXTERNAL', false);
So two questions:
Is it possible that the error has to with the WP installation requiring a secure connection?
How can I connect securely from an IP to the wordpress server? From what I've read, I can't install an SSL certificate if I don't have a domain name.
Thanks.
The error is not with WordPress wanting to connect back to itself securely. It is trying to make a call to https://wordpress.org. The Defines you added are actually making it worse.
define('FORCE_SSL_LOGIN', false);
define('FORCE_SSL_ADMIN', false);
define('FORCE_SSL', false);
define('WP_HTTP_BLOCK_EXTERNAL', false);
I would remove them.
As ot the problem, I seem to remember Andrew Nacin talking about the fact that they were migrating all calls back to wordpress.org to https calls. While it is possible that it is your setup, my guess is that it is your firewall. For some reason it is blocking access to https://wordpress.org. This can easily be verified by checking the firewall logs. If that is the case, you will need to figure out how to allow your site to dial out in order to use the theme and/or plugin installer. Also, you won't be able to use the automatic updater.
All of these tasks can be done manually, so it's not the end of the world if you can't unblock it. But it will be an inconvenience.
HTH,
=C=