Category: webmaster

 

Defender WordPress Security, Malware Detection, and Firewall to block access to wp-includes: Internal error

Defender WordPress Security, Malware Detection, and Firewall to block access to wp-includes to avoid an internal error 500.

After installed a WP plugin called Defender and configured, we found out that it provoking access denied to wp-includes:


The script from “https://yourdomain.com/wp-includes/js/thickbox/thickbox.js?ver=3.1-20121105” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/dist/a11y.min.js?ver=2.5.1” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/wp-sanitize.min.js?ver=5.3.2” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/wp-auth-check.min.js?ver=5.3.2” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/heartbeat.min.js?ver=5.3.2” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/jquery/ui/draggable.min.js?ver=1.11.4” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.11.4” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/jquery/jquery.ui.touch-punch.js?ver=0.2.2” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/backbone.min.js?ver=1.4.0” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.

1- Solution check inside the folder wp-includes for .htaccess file that is added by WP defender, you delete this file and try configure again o modify this file here is an example:


deny from allallow from allallow from all
## WP Defender - Protect PHP Executed ##

Order allow,deny
Deny from all


Allow from all


Allow from all

## WP Defender - End ##

How to recover an Google Analytics Tracking Code, when you changed the website without it?

How to recover an Google Analytics Tracking Code, when you changed the website without it?

Google cached the website to view web pages cached in Google Search Results
Use the https://webcache.googleusercontent.com/search?q=cache:your-domain-url

Example:
1- https://webcache.googleusercontent.com/search?q=cache:https://ukgoodbye.co.uk

2- Step 2, Right click, and select “View source page” and search for Google tracking code on cached page.
Example it should look like:


 

.....
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'UA-79894830-1');
....

Now check if the Google Analytic and the site can be crawl by the robots
You can use third parties website as http://www.gachecker.com/, to Check your entire site for missing Google Analytics or Google AdWords code with one click

WordPress, why ACF won’t appear on menu my WP dashboard?

WordPress, why ACF won’t appear on menu my WP dashboard?

There are many reasons Advanced Custom Fields, doesn’t appear in dashboard menu. The custom fields menu item can be hidden like on the next example:
Check on the wp-content/theme/your-active-theme/functions.php



....
add_filter('acf/settings/show_admin', '__return_false');
....

 

By removing this line the ACF should appear back to the dashboard.
"Custom Fields" doesn't appear in dashboard menu

 

 

 

 

You can try to  access to ACF menu, by type you browser

http://your-domain/wp-admin/edit.php?post_type=acf-field-group,

Solution of Failed to connect to www.ukgoodbye.info port 443: Connection refused

Solution of Failed to connect to www.ukgoodbye.info port 443: Connection refused

The first I have check on php.ini if SSL is activated:

openssl

OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.1f 6 Jan 2014
OpenSSL Header Version OpenSSL 1.0.1f 6 Jan 2014

I configured the htaccess following the recommendations, Force your site to load securely with an .htaccess file
1- Checked the SSL is active on php configuration, I have tried the option 1
Full example including the default WordPress code

Below is what your .htaccess file looks like with both the new HTTPS code and existing WordPress code.


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] 

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Result, check again for ssl but unfortunately is not working at all.
a) Check using curl:
(7) Failed to connect to www.ukgoodbye.co.uk port 443: Connection refused.

2- Tried the option 2:
Full example including the default WordPress code

Below is what your .htaccess file looks like with both the new HTTPS code and existing WordPress code.


RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L,NE]

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Result: Is still not working. It looks like the port 443 is not opened at server level. Using the SSL checker with result:


Server Type: Apache
 	
No SSL certificates were found on www.hatley.info. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall.

Last option contact the hosting service to open the port 443, and  “et voila” now everything is working:

 

These results were cached from June 6, 2019, 5:38 am PST to conserve server resources.
If you are diagnosing a certificate installation problem, you can get uncached results by clicking here.

www.ukgoodbye.co.uk resolves to 77.72.0.126

Server Type: LiteSpeed

The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).

The certificate was issued by Let’s Encrypt.
The certificate will expire in 85 days.

The hostname (www.ukgoodbye.co.uk) is correctly listed in the certificate.

Common name: ukgoodbye.co.uk
SANs: cpanel.ukgoodbye.co.uk, mail.ukgoodbye.co.uk, ukgoodbye.co.uk, webdisk.ukgoodbye.co.uk, webmail.ukgoodbye.co.uk, www.ukgoodbye.co.uk
Valid from June 5, 2019 to September 3, 2019
Serial Number: 03c813484b9936945ea50dc0b7203eba0975
Signature Algorithm: sha256WithRSAEncryption
Issuer: Let’s Encrypt Authority X3
Common name: Let’s Encrypt Authority X3
Organization: Let’s Encrypt
Location: US
Valid from March 17, 2016 to March 17, 2021
Serial Number: 0a0141420000015385736a0b85eca708
Signature Algorithm: sha256WithRSAEncryption
Issuer: DST Root CA X3

WP All Import – Slow Imports – due images

WP All Import – Slow Imports – due images

All Import can make your XML or CSV import task easy. To import large amount of data to woocommerce that include importing the images could be very slow.
Solution:
1- Upload the images by file manager from your hosting control panel or by ftp client to All import directory: wp-content/uploads/wpallimport/files/

And the All import, https://your-website/wp-admin/admin.php?page=pmxi-admin-import
You just need at image section,

Select the option to import image:
Use images currently uploaded in wp-content/uploads/wpallimport/
Find out more on the next image:
WooCommerce WP all Import

WP, woocommerce stripe testing mode

WP, wooCommerce stripe testing mode

How to test payment gateway on WordPress?
Configured, tested and working on ukgoodbye, second life for stuff’ s website
Stripe works by adding payment fields on the checkout and then sending the details to Stripe for verification

 

2- Obtaining your API keys

Your API keys are always available in the Dashboard. For your convenience, your test API keys for esse.uk are:
Key Value
Publishable
pk_test_HtuBrUILSdaddasdasd
Secret
sk_test_VFSPCrdasdsaO4ZgTHy

Stripe automatically populates code examples in our documentation with your test API keys while you are logged in—only you can see these values.

Use only your test API keys for testing and development. This ensures that you don’t accidentally modify your live customers or charges.UKgoodbye stripe payment

3- Pay in test mod

Pay with your credit card via Stripe. TEST MODE ENABLED. In test mode, you can use the card number 4242424242424242 with any CVC and a valid expiration date or check the Testing Stripe documentation for more card numbers.

Us you see on the next image:

 

SystemException in API_Linux.cpp:172: setuid() failed: Resource temporarily unavailable

SystemException in API_Linux.cpp:172: setuid() failed: Resource temporarily unavailable??

I believe after that error, the WordPress stop

[Wed Mar 20 17:40:16 2019] [error] [client 80.47.1.117:0] End of script output before headers: admin-ajax.php

 

UKgoodbye, Learn how to identify your smartphone model

UKgoodbye, Learn how to identify your smartphone model

Learn how to identify your smartphone model by its model number and other details.

You can identify your smartphone by Brand, model name, number, colour and capacity, you just to type on search box, as you can find out on the picture:

https://www.ukgoodbye.co.uk/smartphones

By e-smartsolution for UKgoodbye.co.uk

 

Google API manager

Google API manager

Creating an API for a Reverse Geocoding With Google Map API And PHP!

After created an API key, when I trying to test it, I have received the next message:
https://maps.googleapis.com/maps/api/geocode/json?latlng=40.714224,-73.961452&key=AIzaSyDWpVDQyIieftj5WOKekltjoDx3z8rnowY

Result:

{
“error_message” : “This IP, site or mobile application is not authorized to use this API key. Request received from IP address 86.182.65.135, with empty referer”,
“results” : [],
“status” : “REQUEST_DENIED”
}

google api reverse enconding

Editiing/creating a Credential for a Browser API key

Accept requests from these HTTP referrers (websites) (Optional)
Use asterisks for wildcards. If you leave this blank, requests will be accepted from any referrer.
Be sure to add referrers before using this key in production.

*.camssay.com/*

*.camssay.co.uk/*

Once I click to save, I have received the next message:

Sorry, there’s a problem. If you have entered information, check it and try again.
Otherwise, the problem might clear up on its own, so check back later.

Google saving a credential

Using the console for developers by Google

One account for all Google is true?

One account for All Google is not 100% true?

It looks like with one account in Google is for all Google, but here you can find out is not 100% true.

1- I use my Google account to access my https://www.google.com/webmasters/tools, where I set up the domain camssay.com and camssay.co.uk. I have verified them on webmasters website. Check it on the next images:

camssay.com verified on Google webmaster tools

camssay.com verified on Google webmaster tools

camssay.co.uk verified on Google webmaster tools

camssay.co.uk verified on Google webmaster tools

2- Once I tried to create an API by using the console of developers(https://console.developers.google.com), using the same account.
When I have added my project, on the “Credentials”. Using the option “Domain verification” by adding my sames domains names(camssay.com and camssay.co.uk)
add domain again

Google asks again to verify the same domain:
camssay.com verify again

Conclusion:
I believe to be like one account for all Google, should not ask two times for a verification(like admin in both side). If I have verified my domain name using the same Google account on the Google webmaster tools, Google should not ask again to verify the same domain on Console developers. The first verification was with Google not on Yahoo, Baidu, Bing or Yaindex, so is not sense to ask again.