-
Posts
-
@jorodrigues wrote:
I haven’t received an email but I just updated the plugin and this is the result.
Trying to use http://site.com/wp-login.php to login spits out this Warning:
Warning: Missing argument 2 for wpdb::prepare(), called in /home/site/wp-admin-protection.php on line 550 and defined in /home/site/wp-includes/wp-db.php on line 992
Now I seem to be locked out. I’m sorry but I have to remove it for now. I just put something important on hold to try this out. Let me know when it is sorted out and I’ll test it again.
Jo
He told me he sent you the mail from your site from contact. But did you uninstall it and re-install?
Jo, this is their email adress, support@safetybis.com if you didn’t receive their mail contact them they will help you, I don’t understand why is not working for you, for me works just great!
I was thinking that maybe on your server it’s turned on to show all errors and warning to user’s browser and this it’s not good cuz if you using free scripts and some script have a bug hacker can easy find the way how to hack it. All errors must be store on the server in logs file and warning is not an error, it’s like recommendation.Missing Argument 2 for Wpdb Prepare, Why?
WordPress team made a change to $wpdb->prepare() usage to prevent possible SQL injection vulnerability in 3.5, so this error only happens on the WordPress 3.5 websites. But WP has version 3.8 now. Anyway it was just an warning is not a bug in the code. They will correct this too.
also http://codex.wordpress.org/Function_Reference/wpdb_Class
it’s official website of wordpress
Please note: As of 3.5, wpdb::prepare() enforces a minimum of 2 arguments. [more info]@ezeepics wrote:
@jorodrigues wrote:
I don’t want to clutter up this thread with this but I can still login with the plugin installed.
Jo
Edit: Still login the normal way via the normal link and get access to my dashboard. I tried a different browser to test.
Did you empty your cash first? Did you set a secret keyword in the user area and you saved it? It’s impossible, I think you can still login because you didn’t empty the cash
Here, by setting a secret keyword in the user area and saving it, I can’t login in the backend through the normal link, it refreshes the page as it was entered a wrong password. So, here it seems to be working ok. The only thing I’m thinking is once the hacker knows the login data, can enter from the front-end as an user and get access to the back end from the front-end, once WP shows dashboard/edit post and so on on the front-end.
@ezeepics wrote:
Jo, this is their email adress, support@safetybis.com if you didn’t receive their mail contact them they will help you, I don’t understand why is not working for you, for me works just great!
I was thinking that maybe on your server it’s turned on to show all errors and warning to user’s browser and this it’s not good cuz if you using free scripts and some script have a bug hacker can easy find the way how to hack it. All errors must be store on the server in logs file and warning is not an error, it’s like recommendation.Missing Argument 2 for Wpdb Prepare, Why?
WordPress team made a change to $wpdb->prepare() usage to prevent possible SQL injection vulnerability in 3.5, so this error only happens on the WordPress 3.5 websites. But WP has version 3.8 now. Anyway it was just an warning is not a bug in the code. They will correct this too.
also http://codex.wordpress.org/Function_Reference/wpdb_Class
it’s official website of wordpress
Please note: As of 3.5, wpdb::prepare() enforces a minimum of 2 arguments. [more info]Honestly I don’t know. I had pressing things to attend to today so I just deleted the plugin via FTP so I could get access to the site. I’ll install it again and test it out. I also just sent some test emails to myself. So far they haven’t arrived. I wonder if there is something wrong with recapture mail plugin or the settings?
Urg! I just don’t have the patience for any of this today!
Jo
Edit: I’m up to date with everything. I update regularly on both my WordPress sites.
@lucato wrote:
@ezeepics wrote:
@jorodrigues wrote:
I don’t want to clutter up this thread with this but I can still login with the plugin installed.
Jo
Edit: Still login the normal way via the normal link and get access to my dashboard. I tried a different browser to test.
Did you empty your cash first? Did you set a secret keyword in the user area and you saved it? It’s impossible, I think you can still login because you didn’t empty the cash
Here, by setting a secret keyword in the user area and saving it, I can’t login in the backend through the normal link, it refreshes the page as it was entered a wrong password. So, here it seems to be working ok. The only thing I’m thinking is once the hacker knows the login data, can enter from the front-end as an user and get access to the back end from the front-end, once WP shows dashboard/edit post and so on on the front-end.
Don’t understand what you mean with “once the hacker knows the login data”…. 😮 From where he could know it?
Doesn’t matter what login page he is using. If hacker is trying to login with admin login and password (admin level of access), the plugin will check for secret word 100%.
Hacker will not get full admin access, cuz his login action will be rejected.
Let’s suppose that hacker used any keylogger or admin found because it was used a public computer (e.g. in library) and it was possible to steal the login and password. Hacker will not get access to dashboard of WP website, cuz the plugin will not allow it to him without the secret word…. 😀http://perishablepress.com/wordpress-basics-login-to-admin/
http://codex.wordpress.org/First_Steps_With_WordPress
It will be enough to understand that everything comes thru /wp-login.php
You must be logged in to reply to this topic.