And to crap on top of it, I actually do have W3 Total Cache installed and did update it just the other day.
However, it only updated “because it’s there” — I don’t actually use it. I just never happened to delete it after I deactivated it. I guess I was hoping I’d figure out how to enable something useful like cacheing without it destroying the usability of my site.
So now I’ve had a “cleverly disguised backdoor” installed on my web site (which can thus access ALL my domains) for a few days.
Of course, I don’t even know what to look for regarding this exploit.
How could I have protected myself from this? Checking the WordPress.org news minute by minute for their latest security issues? Can I afford to ever sleep? Or maybe I just need to read through every single line of code for every single theme and plugin? Oh — but I probably have to scan the entire WordPress core as well. How long could that take?
Oh – the only solution is to buy VaultPress for ALL my domains… That makes sense. At least then I’ll be making somebody else’s monthly Corvette payment.
That’s the problem I keep running into with WordPress — it’s a bunch of very pretty cards and when you’re done… you’ve built a house of cards.
From my admin page — I gave up on even having this plugin activated in January.
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
This plugin — Amazon Widgets Shortcodes — almost does what I’d want with amazon affiliate links. It’s nice that it makes them stand out in the editor with a little amazon logo. It seems to work in the WYSIWYG editor, but there are some issues with trying to move the cursor before or after it that make it necessary to switch to HTML mode to insert a placeholder character and then go back to WYSIWYG and move the cursor to the placeholder. Icky.
This comment regarding the TinyMCE Unfilter plugin points out the problem with inadequate care in coding. Otherwise the TSL TinyMCE Unfilter plugin seems to do what is actually needed. Unfortunately, the author hasn’t updated it in 6 months. And if you go in and edit it yourself, you run the risk of the author someday updating it and WordPress allowing you to overwrite your edited version with the author’s update — whether or not he addressed this issue.
That’s a problem with WordPress plugins – you can’t tell which ones will be abandoned or when or what the effects of that will be.
It looks to me like the TinyMCE Unfilter plugin will work if you aren’t making any other modifications via plugin to the TinyMCE. I think.
I couldn’t find anything else in the WordPress plugin repository that would do this kind of thing — which surprises me. Might just be an issue of not searching for the right keyword. Or results being buried under plugins that only work in version 2 of WordPress. Or whatever.
But there’s two other possible solutions — which both beat messing with the functions.php file and losing your stuff when you change themes.
Another WordPress thingy to drive me crazy! I try to put an amazon affiliate link in a post and it seems to work, but then as soon as I switch back the the Visual editor the link disappears!
As with many WordPress things:
There’s probably a reason beyond my comprehension why this “bug” is actually a feature
There’s all sorts of solutions posted by people with such high levels of technical expertise that I can’t understand how to implement their “obvious” solution
The fix is actually simple (I think)
NOTE: Watch the video below to understand the danger of the word “simple” — then read the rest of the post for what I did to make it work.
