|
If I understand correctly, when you try to load a PHP script, the PHP source code shows up in your browser? If this is correct, then what's happening (I think) is that the web server has stopped interpreting PHP code as script files and is sending it out as plaintext instead. This is typically due to some kind of server configuration error. There's a server directive which explains to the server software what to do with each file type, like text files or PHP or whatever. The server is normally told to send PHP files through an interpreter, like a PHP server plugin, which runs the code. These directives are configured on a server-wide basis, but they can also be configured on a per-folder basis by .htaccess files in a user directory. This would (for example) allow you to have two different folders that use different versions of PHP, or to disallow PHP code from being executed from a specific folder for security reasons. A bad .htaccess file can therefore make PHP files show up like plaintext instead, because the server doesn't know what to do with them anymore. One test is to put some kind of very simple PHP test file in a folder outside your wordpress folder. If that PHP file executes correctly, then the problem is probably due to an .htaccess file in your wordpress folder. If it doesn't, then the problem may be due to the server configuration and you should talk to your hosting provider.
|
# ? Jun 22, 2012 01:23 |
|
|
# ? Jun 12, 2024 23:19 |
|
That is exactly what is happening. I have a similar thread going on wordpress.org and they suggested that I ask if PHP is up on their end which they said it was. Their placeholder is working outside of the wp folder for sure. there is also a .htaccess file there as well. This was done by default by the host. I'm going to drop that same file into my wp folder and see if it still works, would that be a valid test to see if there is something in my wp directory that is messing things up? Thanks for the help by the way. Edit: Yep! As soon as I dropped it into my wp folder it crapped back plaintext instead of the placeholder. How would I go about fixing this?
|
# ? Jun 22, 2012 03:28 |
|
You said there was an .htaccess file. Do you mean that there's one outside the wordpress folder, one inside, or both? If there's one inside the wordpress folder, then that's the one you need to look at, sounds like. It's plain text, so if you share the contents here (using [code] or something) then I or somebody else might be able to figure it out.
|
# ? Jun 22, 2012 05:19 |
|
Well I just had a rather terrible experience. I posted questions on the wordpress.org support forum and a guy wanted my site address, so I posted it and he started rummaging around all over the place on my site. He somehow got into my FTP and edited files. Granted he made it work like it should have, but it left me feeling pretty raped. Then he continued to dig around and somehow saw my adsense ads, then refused to tell me how exactly he got into my site to "fix" things. Maybe I'm being paranoid, but I don't like the idea of someone being able to adjust files on my FTP without me knowing. I have scrapped my wordpress install and tried my best to lock down my FTP and ban any IPs I didnt recognize. I didn't have much of anything up there anyways, it will be easy to re-create. Where should I go from here? I am worried that if I install wp again this guy will somehow get access to it. Here's the thread for reference: http://wordpress.org/support/topic/wp-loginphp-opening-as-text?replies=21#post-2919926
|
# ? Jun 22, 2012 08:32 |
|
Sharkelberry posted:Well I just had a rather terrible experience. When you have a problem like this, go to your server's customer support or ask someone you trust (or post here). The WP.org forum is full of people looking for sites to hack. They'll inject their own ads and referral links while they "fix" your site. Change all your passwords and reinstall WP on a new database. He won't be able to access your files again as long as your server doesn't crap itself. Keep in mind though that this wasn't a Wordpress problem, it was an issue with your server. However you can secure your WP install by installing a few plugins, such as these: http://wordpress.org/extend/plugins/bulletproof-security/ http://wordpress.org/extend/plugins/better-wp-security/
|
# ? Jun 22, 2012 10:07 |
|
It's also possible that there's a security problem with your hosting. That's been a number of security issues with PHP lately, and it's possible that your hosting hasn't addressed them. I know that you're probably paranoid about divulging information, and for good reason, but would you be okay sharing who your hosting provider is?
|
# ? Jun 22, 2012 14:26 |
|
Heresiarch posted:I know that you're probably paranoid about divulging information, and for good reason, but would you be okay sharing who your hosting provider is? Based on the WP Support thread, it's Lithium Hosting.
|
# ? Jun 22, 2012 14:49 |
|
I have no experience with Lithium so I have no idea how good their security practices are. Maybe somebody else can comment.
|
# ? Jun 22, 2012 15:55 |
|
When I spoke to Lithium about it they said they could help me out for a fee, but my scripts/code weren't supported by them so there wasn't much they could do. Lithium is a goon run hosting service. It seemed pretty highly recommended in a few threads so I gave it a shot. I deleted the mySQL database I was using, and changed email passwords as well as a few other things. Once I get a free second to mess with it, I'll give a new wp install a shot and see how it goes. Thanks for your help thus far guys!
|
# ? Jun 22, 2012 17:51 |
Heresiarch posted:I have no experience with Lithium so I have no idea how good their security practices are. Maybe somebody else can comment. They seem on the ball as far as that sort of thing goes. I think it's more likely the php misconfiguation returning the wp-config file as text and the guy gleaning the passwords/etc from there.
|
|
# ? Jun 22, 2012 18:58 |
|
I hate to be a naysayer, but I used Lithium Hosting for several years. For a while I was happy but after a lot of downtime as they kept moving my site around to different servers I started getting annoyed, and finally bailed when they allowed a security hole that led to all of my sites getting hacked. I use HostGator now, which can be slow at times but it's a lot better overall, and with my plan I end up paying less with HG than I did with Lithium, for a lot more domains.
|
# ? Jun 22, 2012 22:00 |
|
Ok I seem to have everything back up and running. I beefed up security a bit more this time around, and everything seems to be up and running. I'm kinda glad that I ran into this early on before I had anything up. The website is https://www.lowgravitas.com but there isn't really anything up on it just yet. Can anyone tell me if everything looks okay from their end? Does there seem to be any huge loopholes I am missing or anything? Again, thanks a ton guys you helped me out a lot.
|
# ? Jun 27, 2012 08:23 |
|
cocteau posted:I hate to be a naysayer, but I used Lithium Hosting for several years. For a while I was happy but after a lot of downtime as they kept moving my site around to different servers I started getting annoyed, and finally bailed when they allowed a security hole that led to all of my sites getting hacked. I use HostGator now, which can be slow at times but it's a lot better overall, and with my plan I end up paying less with HG than I did with Lithium, for a lot more domains. Hostgator is a piece of poo poo. Use Dreamhost.
|
# ? Jun 27, 2012 14:24 |
|
Gyshall posted:Hostgator is a piece of poo poo. Use Dreamhost. I dunno. I've used both and it seems that they're about the same if you're on a shared hosting plan.
|
# ? Jun 27, 2012 15:42 |
|
All cheap hosting is terrible. You get what you pay for.
|
# ? Jun 27, 2012 19:22 |
|
Gyshall posted:Hostgator is a piece of poo poo. Use Dreamhost. They are not even in the same ballpark if you take support into account. At HostGator I can get to a representative on their chat in under 3 minutes - someone that is able to deal with pretty much anything.
|
# ? Jun 27, 2012 21:24 |
|
Hostgator has better help support and you can call them 24/7, though they may be involved in sketchy stuff. Their servers run slower, especially on the database side which can be bad with certain plugins. They also limit the file listings on ftps to 2000 files which was annoying. Dreamhost was slightly faster though the server I was on had multiple problems (to the point where someone set up a message board just for those of us trapped on the server!) and I was down for over 50 hours straight once (which made me bail for Hostgator.) They communicated okay but that downtime was too excessive and I had to vote with my wallet. I wouldn't vote against either one for someone looking for a shared plan, Dreamhost at one point had a killer coupon for new people, but being able to call someone at Hostgator is a big plus.
|
# ? Jun 27, 2012 23:57 |
|
I've been using Pair for years, and I usually don't even have to call them because they're incredibly proactive. Typically I find out about problems involving the servers because they've fixed them and emailed me about what they did. For example, when that recent PHP exploit showed up, the one that only works if you're using CGI for it instead of mod_php or something, they found everybody who was using CGI for PHP and added a workaround via .htaccess files to their accounts to keep things secure while they rebuilt the CGI binaries and did sufficient testing. I was very impressed and it's just one example of why I continue to use them even though they're noticeably more expensive than companies like DreamHost or HostGator. It depends on what your priorities are.
|
# ? Jun 28, 2012 01:47 |
|
joebob posted:They are not even in the same ballpark if you take support into account. At HostGator I can get to a representative on their chat in under 3 minutes - someone that is able to deal with pretty much anything. I've had to deal with HostGator at my work for a year - often times all of our hosted sites would go down, or the SQL database server would go down, and I'd have to wait in a queue in chat or phone for ~45 minutes before talking to someone. I agree with the goon that said all shared hosting sucks. Dreamhost is the least sucky, in my experience. Nothing beats Amazon, though.
|
# ? Jun 28, 2012 14:27 |
|
The problem isn't shared hosting, it's cheap hosting. Dedicated servers can be cheap with crap service too.
|
# ? Jun 28, 2012 18:53 |
|
Heresiarch posted:The problem isn't shared hosting, it's cheap hosting. Dedicated servers can be cheap with crap service too. Word. Pay peanuts, get monkeys. (maintaining your server)
|
# ? Jun 30, 2012 13:21 |
|
Any recommendations as to the best pages navigation widget? Details: I'm porting my site from another system and making heavy uses of pages and subpages, such that there's 200+ pages, nested in up to 4 levels, so that users "tunnel down" to what they need. However, finding the right widget to navigate these is problematic. Obviously I don't want it to show all the pages all the time. My previous CMS worked by showing the top level pages and pages on the same level as the current one, i.e.: code:
|
# ? Jul 3, 2012 15:06 |
|
Random problem I've been trying to fix all day. Installed Wordpress on a fresh host for a client. No problems. Can get into the Admin panel, make pages etc. But if I try to view the root domain it takes me to the wordpress install page and wants me to do that again. Yet if I go directly to another page or post it works fine.
|
# ? Jul 3, 2012 23:43 |
|
outlier posted:Any recommendations as to the best pages navigation widget? I would also like to know this. Sidebar navigation is a bitch. In the past, I have used Dynamic Widgets + Widgetized area on theme + menu widget with custom menus. I'm pretty sure that is the clunkiest solution to this, though. Come to think of it, here are the plugins I am using right now. I am curious if anyone has any recommendations on any replacements or things I might find useful?
Not all on the same site, but it is basically my standard plugin loadout for tackling a new site. E: Also, could someone explain to me how I can use a Custom Post Type - and call the content in my theme (I can already do this) but not have the end-user be able to browse to http://www.mysite.com/customPost/customPostPost ? Gyshall fucked around with this message at 00:02 on Jul 4, 2012 |
# ? Jul 3, 2012 23:53 |
Anyone else having problems uploading large-ish (2MB+) files since upgrading to 3.4? The progress bar restarts multiple times and then gets stuck in processing without finishing the upload. This guy describes it better. Weirdly, I can upload files in a second installation in the same server without any problems, the only difference is that it's a multisite/network setup.
|
|
# ? Jul 4, 2012 14:33 |
|
Gyshall posted:
Thanks for these! Being completely new to this whole thing, it helps to see what people use and stuff. I am not sure how to get traffic to my site. I registered with google, (I plan on registering with bing and yahoo as well, but lately I've been ) but I'm not sure about the whole keywords/meta tags thing. By not sure, I mean that I understand the concept, just not the implementation. Is there a plugin or something for this sort of thing other than wp SEO? Or perhaps is there a guide to using that plugin around? Most of the stuff I have found on my own has been a bit over my head. Maybe things are doing okay and I am just unaware. Since I re-did my wp installation my Google analytics stats look like this: code:
|
# ? Jul 6, 2012 19:17 |
|
This is a tutorial directly from the guy who wrote the Wordpress SEO plugin: http://yoast.com/articles/wordpress-seo/ Cool avatar, by the way.
|
# ? Jul 6, 2012 21:24 |
|
Gyshall posted:This is a tutorial directly from the guy who wrote the Wordpress SEO plugin: Why thank you! Same to you sir, Mitch Hedberg passed way before his time, but I suppose that freezes our memory of him in a special place. I appreciate the link. I'll have to go through it when it isn't 2:30am. I just feel like there is something more that I could be doing to rake in some traffic, but at the same time I also realize that my site is still in it's infancy. I guess I'm just antsy.
|
# ? Jul 7, 2012 07:40 |
|
I just registered a domain and setup Wordpress and, being totally new at this, I've got a few questions. I threw together a quick draft of what I'd like my blog to look like, layout-wise. Ignore the colors, I just picked those at random. What's a good theme you'd recommend for a first-time user to design my blog like this? I don't mind spending a couple of bucks. Is there anything else I should think about in this initial stage of building my site? I'm not done with all of my content but I've got a few articles I'd like to put up and tweak the site as I go along. I added a robots.txt to prevent search engines from indexing my site, this means I can try stuff out without anybody visiting my site, right?
|
# ? Jul 10, 2012 12:04 |
|
What exactly is the kind of content that the site is going to have? Unless the actual content is visual in some way, having large image buttons for category navigation is going to look sort of tasteless, and even then it might be better to have just text links.
|
# ? Jul 10, 2012 12:08 |
|
It's going to be an instructional site about brazilian jiu-jitsu, a martial art, aimed at beginners/novices. I'm planning on using quite a lot of pictures and/or GIF's together with text to describe techniques, concepts and stuff like that throughout the site since BJJ is a very technical sport. The buttons correspond to the major positions used in BJJ and let's the visitor jump to whatever they want to learn more about. Kind of like an encyclopedia of techniques. If you have any other ideas, I am all ears!
|
# ? Jul 10, 2012 13:14 |
|
Depending on how much CSS/HTML/PHP you are comfortable with, I would recommend any of the following (from easiest to hardest to customize) - WooThemes (https://www.woothemes.com) are my absolute favorite for out of the box, usable themes. The support is great too and the price per theme is very reasonable for what you get. - Some sort of "starter" or barebones responsive theme. I just saw this Gridiculous based theme yesterday - http://bavotasan.com/2012/gridiculous-for-wordpress/ , but as of late I've had a ton of success with Responsive - http://wordpress.org/extend/themes/responsive - A boilerplate theme like Starkers/Bones/Twitter Bootstrap for Wordpress. This would require the most customization. As far as worrying about someone visiting your site, this guide here is a good way to create a fast, local installation that no one can see (on your own computer) http://wp.tutsplus.com/tutorials/how-to-setup-a-wordpress-development-environment-for-windows/
|
# ? Jul 10, 2012 14:09 |
|
Dumb WP Super Cache question: How do you handle the refresh settings for your cache? I just noticed that one of the category archives on my site hadn't refreshed in nearly two months but today it just refreshed, after I got an email from a site user about it. I don't get a lot of traffic but I host several sites on a basic bluehost shared hosting package so I want to minimize my CPU usage as much as possible. I also host 2 podcasts that do over a terrabyte of bandwidth a month so I'm trying to streamline everything as much as possible.
|
# ? Jul 10, 2012 21:07 |
|
I don't user Super Cache, but I do use W3 Total Cache. I use the "cache preload" option - which I think is similar to the refresh settings. It generates cache pages according to your sitemap, which is nice. I usually set the update interval to 1200 seconds (20 minutes) and limit it to X amount of pages per refresh - depending on how many "top level" pages I have (usually the ones on the menu bar)
|
# ? Jul 10, 2012 21:40 |
|
This is a weird question; is there a way to make WordPress render everything once into static HTML so I can get rid of it completely, but still have static pages left behind?
|
# ? Jul 10, 2012 23:17 |
|
Is there a reason you need to do that? I found this plugin: http://wordpress.org/extend/plugins/static-html-output-plugin/ Sounds like more work than it is worth, though.
|
# ? Jul 10, 2012 23:33 |
|
I'm thinking of removing Wordpress from a site root and branch, but keep the current article/url structure in place staticly for SEO reasons. That's why I said it's a weird question, not even sure if I want to do it.
|
# ? Jul 11, 2012 01:38 |
|
What I would do is use Wordpress SEO, and then use Redirection to point the old URL addresses to the new ones (which is good for SEO still) http://wordpress.org/extend/plugins/redirection/
|
# ? Jul 11, 2012 02:35 |
|
I'm currently way out of my depth and I'm not even sure exactly what to ask. I'm working on a project with Buddypress, and I was able to take the basic theme and use custom.css to make something fairly presentable, but the project leader doesn't want the site to look like a blog, so he's currently floating Cosmic Buddy which is way more complicated (and seemingly very buggy) than I think I can work with. Is there a good half-way point between the bloggish format of the traditional theme and the convoluted mess of Cosmic? I think he wants something with slicker social networking integration than BP currently offers.
|
# ? Jul 11, 2012 19:03 |
|
|
# ? Jun 12, 2024 23:19 |
|
Gyshall posted:What I would do is use Wordpress SEO, and then use Redirection to point the old URL addresses to the new ones (which is good for SEO still) That would still require me to have WordPress installed unfortunately. It's not even my install/server, just trying to help out someone and they've been hacked three times lately so I want to remove wordpress entirely to 'simplify' the attack surfaces. Worst comes to worst I can hack together .htaccess redirects myself, but was hoping to have the static files/directory structures to refer to rendered out.
|
# ? Jul 11, 2012 20:17 |