Thank you @Tom J Nowell letting me think about this. I had to think about it the last day, and this is the safe way to do this. function lwb_jquery() { $message=””; // Multisite Support if( is_multisite()) { $uri = get_stylesheet_directory() . ‘/sites/’ . get_current_blog_id(). ‘/assets/js/lwb-script.js’; $file_path=”[AKTIVES THEME]/sites/” . get_current_blog_id() . ‘/assets/js/lwb-script.js’; if( !file_exists( $uri … Read more
CF7 for radio buttons only, ok?
WordPress.Security.NonceVerification.Recommended
No, this is a red herring that has nothing to do with the problem, likely from a misunderstanding of what WP user login sessions are tracking. The TLDR: It’s probably because they logged out. The problem is that the user that it was done under hasn’t been logged into in about a year according to … Read more
Running WordPress multisite login from a subdomain
These are safe. Normally the contents of wp-salt.php is in the wp-config.php. The reason you site became inaccessible is due to the change in wp-config.php to include wp-salt.php. I.e. include(‘wp-salt.php’); You can delete wp-salt.php, but be sure to copy the defines into the wp-config.php were the “include(‘wp-salt.php’);” line is and remove the “include(‘wp-salt.php’);” line. The … Read more
I guess you are not familiar with WordPress API. WordPress uses nonces to keep track of logged in users and authorized requests. Relatively new feature is also App authentication, which is under the hood basic authentication. However, while WordPress IS secure (nonces are sent in headers and have expiry time), specific plugin you are using … Read more
The answer, as mentioned in a comment by @JacobPeattie, was to add the domains to my .htaccess file where I am setting the CSP Headers, (turns out most plugins’ “View Details” link loads images from ps.w.org, which I just learned). A few other plugins loaded images from other domains, so I also added each of … Read more
It could be that you have the Post SMTP plugin installed. There is an exploit in this plugin: https://patchstack.com/database/vulnerability/post-smtp The issue has been fixed in version 2.8.8 and above.
This is a bug in the POST SMTP plugin. It has been reported here, and also the plugin support forum is full of reports of the same issue. The issue has been fixed in version 2.8.8 of POST SMTP.