Forum Replies Created
-
Posts
-
Hi @cosmocanuck!
Ah yes, hacking. Sorry you got hacked. 🙁
Unfortunately it’s very difficult to say if Piklist was somehow involved. While we’re always looking for vulnerabilities, it’s tough to say what affect a vulnerability could have until we’re aware of it. Keep in mind that there’s typically two forms of hacking: One is a hacker intentionally went after your site, which is unusual and hard to defend against. Second, and far more likely, is bots programmed to test a multitude of sites for typical vulnerabilities to exploit. This is probably what happened to your site.
With that, you have a few things to consider:
– Are your users using good, strong password?
– Are your file permissions consistent and secure?
– Do you have any major plugins (e.g. WooCommerce) that are outdated?
– If your theme was purchased, is it up-to-date?Unfortunately, where a file is doesn’t necessarily tell you much. It’s possible the bot checked for a piklist directory, but it’s just as likely that it simply traversed the plugins directory and picked a directory that was vulnerable (due to file permissions), or it checked the active_plugins to find a directory.
The best thing to do in this moment is reset the user passwords, re-download core to make sure it wasn’t affected, consider doing the same with the plugins/themes, and apply secure file permissions over all of WordPress.
Hope this helps! 🙂
Just made a pull request for it! Check it out! https://github.com/piklist/piklist/pull/31
Hey @friendlyfire3!
We do feel pretty uncommonly beautiful. Thanks for noticing! 😀
So the WP API changed some very key parts when merging into core. I’m afraid I haven’t had time to fix it. The way that it used to work was to use post_has, post_belongs, or relate_query in the filter parameter of the request. But the filter query parameter support was removed when the API was merged into core. So now a different method is needed.
I’m going to throw together a branch in Github to try and tackle this, which I invite you to test. Otherwise, you’re welcome to install the Filter plugin and use the old method.
I’ll post here again once I have the branch and pull request for this made.
Cheers! 🙂
Hi @wpdeveloperpro!
Have you tested out the latest beta to see if the problem still exists? If you’re not on Windows then it should be working, otherwise test out @hakakouka’s PR.
Regarding support, please understand this is all volunteer support provided by people who do it to be nice (we don’t get paid). We help as we can and hope to foster a community that’s eager to help Piklist grow (hence moving to Github) and support one another. 🙂
Hi @trackkillers! Welcome! 🙂
Can you please tell us more about your setup and what version of Piklist you’re using?
Also, what information are you provided by the activation error?
Hi @friendlyfire3!
That only inspects what’s on WordPress.org. Presently we’re not pushing this to dev-trunk, so you wouldn’t be able to use composer for this, currently. Are you familiar with a good way of syncing Github releases with WP.org, per chance? We’re open to suggestions.
Once we finish a release, however, we will push the final version (so 0.10, in this case) to WP.org.
@bhushanjawle since you made the issue on Github, let’s please keep the discussion there so we’re not working in multiple places. 🙂
Hi @brightestspark!
So, running PHP 7 on a Mac (10.12.4) and using Safari, I create a page, gave it a title and some content, then clicked “Save Draft” and it’s saving as a draft. When I try to access the page directly it gives me a 404 (as it should because it’s a draft). Seems to be working just fine.
This actually sounds like it could be a theme/plugin issue elsewhere. It sounds like, somehow, when querying for the posts on the live site it’s not being limited to only published posts, but drafts as well. I’m not sure why it would be a PHP 7 and Safari only issue, but that’s the best I’ve got for now.
Hi @intrepidrealist!
Yeah… all errors in PHP look catastrophic. Hahah! If you look in the top-left of the message you’ll see “warning”, which is your only indication that it isn’t an error (it would say error if it was).
Typically, unless you’re actively developing, it’s recommended to keep WP_Debug false in your wp-config.php file. And on production you should never have that turned on. Warnings are there just for developers. It means that PHP didn’t like the way something happened, but was able to handle the situation anyway.
And thank you for reporting! Even if it is just you we want to know so we can either improve Piklist or help guide you to a solution.
@intrepidrealist just to be clear, these are warnings and, while they shouldn’t exists, they don’t seem to negatively affect any of the functionality. That just means that you have WP_Debug turned on and have it set to display errors. Otherwise those would happen silently. Again, they will be fixed, I just don’t want you to think they’re major. 🙂
You are absolutely right! I will make issues for these on Github to make sure they’re fixed in the next beta release.
In the future, for the beta, please report things on the Github repository to keep the beta issues in one place.
Thank you! 🙂
@friendlyfire3 Has this been tested with the latest 0.10 Beta?
Thanks, @friendlyfire3! We appreciate the encouragement! We’re excited to see Piklist become even more of a community effort and see it go to the next level! 🙂
Hi @oferli!
Can you please explain what you mean? Maybe provide a screenshot or screencast?
I’m not sure what you’re talking about. 🙂
Hi @hirschbrat!
To be clear, have you tested this with the latest beta?
