Problem
I have current version: IQ Block Country Version 1.1.43
So I had blocked all countries except my home country, but then I moved.
I wanted to be able to login to my word press site without having to resort to options such as:
VPN to change IP to other country
proxy server
teamviewer/remote to other contry
I wanted a way to disable IQ country, change the geo setting, and then login again normally.
I renamed the plugin, in the plugin directory and was able to login to my backend (instead of being redirected). However, when I renamed the plugin again I was kicked off the site again.
Question: I was looking in the database but could not found where the country settings are stored. Where would a wordpress plugin store this data?
Current Workaround
I went to the file: iq-block-country/libs/blockcountry-checks.php via FTP.
and I found where the function doing the block checking exists.
Then set $blocked to false, before returning.
//MINOR HACK
$blocked = FALSE;
return $blocked;
Following I was able to edit the list of countries, and then commented out the $blocked = FALSE;
I would like though to be able to do it through PHPAdmin if I travel and this happens again.
You can remove the option blockcountry_blockbackend from your wp_options table next time. And then login again and set your backend blocking options again.
Related
I'm trying to test paddle subscriptions on localhost. When I use the product id and vendor id from an example git repo everything works.
When I use my own vendor id and product id (plan id) I get a 400 error:
{"errors":[{"status":400,"code":"validation","details":"The checkout id must be a valid checkout id.","source":{"pointer":"\/checkout_id"}}]}
I have created a subscription on the portal which gives me a'Plan Id'. Is the plan id the wrong id to be using here?
Paddle.Checkout.open({ product: 752932 });
I had the exact same setup and symptoms. I assume you're using the Paddle sandbox since you're testing on localhost. What helped me is that I had to add
Paddle.Environment.set('sandbox')
right above the
Paddle.Setup({ vendor: xxxx })
This did it for me, but annoyingly enough wasn't well documented at all so it took a bunch of digging.
Hope this helps you too!
Generally, this type error occurs when checkout request goes from localhost. I faced the same problem. When I test it on my hosting server, it works fine. The weghook_url should be approved by the paddle. You can set up the web hook here paddle web hook setup.
I have a login form created in Wordpress using Contact form 7. I'm tryig to pass parameters from this form to an external server. But it is not happening.
I am a designer, and not much of a programmer. I understand code(sometimes) but can not write it from the scratch.
I have designed a website for a client. This client has a "Flying Returns" like logistic membership system in which members get lots of perks in shipping etc. This system is on their own server. They want the users to log in to that system from this website.
So I have created a login form using Contact Form 7. I have set skip_mail: on; I have tried a few plugins login, but either they dont log into different servers or are expensive, or does not yield correct URL and hence does not log into the system. Therefore I have finally decided to make it happen using code.
Their programmer has given me following JS code that will take the parameters from this form and pass on to their system. IF the parameters are correct, then the user is logged into the system and taken to the member's dashboard page on their server (not my website/server), else it returns an error message, {"error":"Login Data Incorrect.."}
I have tried to put this code with in the contact form. Here is the code (i've hidden the actual IP address, sorry):
<script>
document.addEventListener( 'wpcf7submit', function( event ) {
alert( "Fire!" );
document.location.href="http://49.XXX.XXX.202:XXXX/glslink/servlet/GPLogin?password="+$('#password').val()+"&emailid="+$('#emailid').val();
}, false );
</script>
If I remove the document.location line, it shows the alert. But the above, in its entirety does nothing. If I use the URL, replace variables with actual values and paste it browser, it logs me into the system without a hitch.
I have tried quite a few different codes which I could find as possible solution on internet, this site including, but to no avail.
Please help me out. I want the email and password to be passed to this external server, if they are correct then the user should log in and see their dashboard there. Else if it gives the above mentioned error message, then I should be able to reset the form and give an error message to the user.
Since last week I keep getting alerts about failed login attempts on my wordpress site.
The first couple of days the attacker used wrong username and subsequently was locked out after 3 attempts. I use the sucuri free and wp-security plugins. The later one has a login lockdown function.
My surprise came when after a couple of days the attacker found and used my username. I immediately changed it to a new username thinking that I would be safe. I also used most of the hardening options on both plugins. I specifically checked that the string
?author=n, does not provide any results on my website.
Regardless, today I got 3 more alerts that someone tried to login with this new username, which means I am locked out of my own site for 24 hours.
This leaves me wondering:
a) how is it possible for someone to find my username?
b) is there any other plugin like cerber security that prevents these exploits?
c) is there any rule I can add to htaccess? (although I believe that sucuri and wp-security have added several rules)
many thanks!
listing users
A user can list your usernames using :
yoursite.com?author=1
Where the ID is a user_id.
You can prevent it by detecting the author page, and redirect it with this for example (put in your theme function.php):
// Disable access to author page
function remove_author_pages_page() {
global $wp_query;
if ( is_author() ) {
$wp_query->set_404();
status_header(404);
wp_redirect(get_option('home'));
}
}
add_action( 'template_redirect', 'remove_author_pages_page' );
Find username from wp-admin
A attacker can find username by tring to login on wp-admin
If a attacker enter a good username, even with a wrong password, wordpress error message changes so attacker knows that the username exist
You can add this code to your function.php to prevent wp-admin wrong login error messages giving any pieces of information.
code:
function no_wordpress_errors() {
return '<strong>Error</strong>: check your logins';
}
add_filter( 'login_errors', 'no_wordpress_errors' );
prevent wp-admin bruteforce
This is a solution I really like:
It use the wp-fail2ban plugin
Your server needs the fail2ban package installed and configured
This package allows you to ban (from iptables) IP that fails to many time to connect SSH, or brute-force a port
the wp-fail2ban plugin gives you a custom fail2ban jail to add to your fail2ban jails (wp plugin have a complete documentation about it)
with both installed, fail2ban will ban IP that fails too much on WP-admin (on the IPtable level, so PHP is not even reached. Attacker, in the end, won't use much server resources as the server will block his IP. He cannot even reach PHP)
Some other plugin (like Wordfence) also provides some security, but as it reaches PHP attacker use much more resources. But it needs less technical knowledge to implement.
I have a WordPress site called: www.myfirstwp.com.
I want to transfer it's database to new domain which is www.mynewwp.com.
I did it by exporting the DB from www.myfirstwp.com and imported it to www.mynewwp.com
But in this new site ( www.mynewwp.com ) database have all old one database URL.
So, How can I change entire url of old one (www.myfirstwp.com) database in new one ( www.mynewwp.com ) database? Is there any way to do this?
Thank You.
Update Question :
I have an issue in WordPress. When I try to importing XML file with Attachments it's showing me following error message :
Error Message :
Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator and inform them of the time the error occurred, and the actions you performed just before this error. More information about this error may be available in the server error log. Apache Server at mysite.com Port 80
what should I do to solve this type of error message as I am a new user in WordPress.
Thank You.
NOTE: before you tinker with your database be sure to grab a backup first. You do not want to mess up a production database.
The simple way is to open the database on your new domain, open {$prefix}_options and change the home and siteurl rows to reflect the new domain.
This approach works and allows you to operate the site at minimum. The other problems include:
Embedded media links which use the old domain
Other post meta fields and option fields that may contain the old domain.
What I do when this happens is to use raw SQL inside phpMyAdmin (or similar) to search and replace. The following queries take care of post meta and options (95% of the time):
UPDATE wp_options SET option_value = REPLACE(option_value, 'olddomain.com', 'newdomain.com');
UPDATE wp_postmeta SET meta_value = REPLACE(meta_value, 'olddomain.com', 'newdomain.com');
The following tables and columns usually have contained domain references in WP:
wp_options.option_value
wp_postmeta.meta_value
wp_posts.post_content
wp_posts.guid
But there might be more places where the domain has been inserted.
I want to get some data from Facebook, so I wanted to create application to get token for 60 days like I did few months ago. Then everything worked well, I just followed steps from the tutorial like this:
http://thinktostart.com/analyzing-facebook-with-r/
So It was enough to create "empty" application, write in R with proper id and secret
fb_oauth <- fbOAuth(app_id="123456789", app_secret="1A2B3C4D",extended_permissions = TRUE)
fill website page as http://localhost:1410/ and autenthication was complete and I was able to make get some data from facebook. It seems that it is not so easy anymore.
When I try to follow exactly the same steps it seems that now I have to fill in my application (with some description, photos...) and "send" it to submission.
Do you have similar problem or I just miss something? I just want to use information from facebook for my own use, not for business or something. Is there any (other) way to get a token for R which allows me to get some information from Facebook without filling application. I don't think that filling it with some fake data will pass facebook verification.
I just want to use information from facebook for my own use
Then you don’t need to submit it for review.
See https://developers.facebook.com/docs/apps/faq#roles – it explains that you can ask any user that has a “role” in the app (meaning admin, developer or tester) for any permission without prior review.
For one, this is of course implemented this way, so that people can actually test the functionality they are developing properly. And it is also an “official loophole” for apps such as yours, that are for “private use” only, and not meant to be used by the general public in the first place.
(And this has nothing whatsoever with the Rfacebook package – it is the same for all apps, no matter what framework/SDK they might be using.)
UPDATE
As #CBroe said earlier, you do not need an approved app, you just need to add the users of the app as admin in the app's role menu in Facebook Developers.
Follow these steps and you will get your permanent FB token:
Create new application at https://developers.facebook.com/apps/ with basic setup
Fill in the app name in lower case and without the words Facebook or FB for display name and namespace, category set to Business
In "Settings/Basic" I added a new "Website" platform with the URL of http://localhost:1410/ and localhost as the "App Domain"
In the "Settings/Advanced" tab I added http://localhost:1410/ as the Valid OAuth redirect URIs
Then, run this code:
library(httr)
app <- oauth_app('facebook', appid, appsecret)
Sys.setenv("HTTR_SERVER_PORT" = "1410/")
tkn <- oauth2.0_token(
oauth_endpoints('facebook'), app, scope = c('ads_management', 'read_insights'),
type = 'application/x-www-form-urlencoded', cache = FALSE)
save(tkn, file = "~/Documents/RFiles/fb_token") # save the token for future use
Make sure you put 'read_insights' in scope, otherwise you are not telling Facebook what kind of permissions you want the app to take.
Finally you can use the token:
library(Rfacebook)
load("~/Documents/RFiles/fb_token")