wordpress

KIE --- --- 9:21:45 15.10.2024

PULKA: včera mi přišel mail z ACF:

Hi .....,

We are reaching out to you promptly and directly to address Matt Mullenweg’s unprecedented and appalling actions on Oct 12th to forcibly appropriate the Advanced Custom Fields (ACF) plugin and .org listing. The potential impact of Mr. Mullenweg’s improper action is that millions of existing installations of ACF will be updated with code that is unapproved and untrusted by the experts on the ACF team at WP Engine. We want to highlight how you can immediately reduce your exposure and risk now, and ensure you are using the genuine ACF.

If your website is hosted on WP Engine or Flywheel or you are an ACF PRO customer – you are not impacted and do not need to take any action.

If you have a website that is NOT managed on WP Engine or Flywheel AND are using the free version of ACF, in order to protect our valued users and ensure you have access to updates approved by the ACF team, we recommend you follow the one-time instructions outlined in this installation guide.

You can also follow the same process if your site has already been upgraded to the modified “Secure Custom Fields” plugin, to get back to a genuine version of ACF, and should not experience any loss of configuration or data while doing so before there is further change to the ACF code.

For a more in-depth overview of what has happened with the free ACF plugin and WordPress.org, you can read this post here.

The WordPress community has trusted ACF for over a decade and the expert stewards of ACF will continue to support and enhance the capabilities that our users love and trust. We are dedicated to continuing our efforts in helping you build incredible websites with ACF!
The ACF Team

CYBERWOLF --- --- 10:31:05 3.3.2022

1 odpověď +1

REDSNAKE: na hloupé počítadlo by ti nejlépe posloužila analýza access logu ze serveru. Plugin to nebude, spíš nástroje, co přežvýkají logy ze serveru (které na hostingu bývají běžně dostupné) a spočítají requesty na jednotlivé url. Těch nástrojů je spousta, jde spíš o to vybrat si nějaký vyhovující. Je dokonce možné, že ti hosting takové statistiky už nabízí.

KEPASO: Contact Form 7 nemusí být na frontendu, aby mohl posílat spam. Vypni ho, nebo radši úplně odstraň.

REDSNAKE --- --- 9:48:10 26.7.2021

2 odpovědi

KOOTCHA: a co v style.css?ver=20190507
#access, .entry-meta, .entry-utility, .navigation, .widget-area {
-webkit-text-size-adjust: 120%;
}

na

#access, .entry-meta, .entry-utility, .navigation, .widget-area {
-webkit-text-size-adjust: 100%;
}

REDSNAKE --- --- 9:38:56 26.7.2021

1 odpověď +1

zkusil bych v css souboru style.css?ver=20190507
změnit
#access a {
color: #aaa;
display: block;
line-height: 38px;
padding: 0 10px;
text-decoration: none;
}

na

#access a {
color: #aaa;
display: inline;
line-height: 38px;
padding: 0 10px;
text-decoration: none;
}

Ale je to první řešení které mi zafungovalo ve výojářských nástrojích a je možné, že to rozbije jiné věci na webu, musíš to otestovat.

REDSNAKE --- --- 12:47:33 17.7.2020

1 odpověď

ZABIAS: pokud to máš koupený, tak bych jim normálně napsal, aspoň budeš vědět na čem jsi a jestli to fakt spraví aktualizace šablony.

Annual Membership
Most Popular!!
Get Immediate Access to ALL 10 Themes
GPL-Compatible Use Licenses on Unlimited Domains
Unlimited Theme Support From our Experts
All Theme Updates to Keep Your Site Up-To-Date
Access to All New Themes as they are Released

CYBERWOLF --- --- 22:07:03 5.4.2020

1 odpověď

LUIS_: netuší, protože jsi neřekl, co to je za šablonu. Ale hádám, že tam máš plugin Advanced Access Manager a ta šablona na výpisu blogu ukazuje jenom příspěvky, co mají být vidět pro uživatele bez role (nebo možná s nějakou rolí, nebo napsané uživateli s nějakou rolí nebo kýho čerta).

CYBERWOLF --- --- 14:10:14 6.11.2019

1 odpověď

CYBERWOLF: parchant se vrátil. Tentokrát ho strejda google našel dřív, takže jsem i něco vyčetl z logů. Vypadá to, že mě nějakej skopčák s botnetem připravil o středu a pokazil reputaci u Googlu. Děkujem pěkně.

Nejsem si jistý, jestli se to tam dostalo znova, nebo jestli jsem to někde nechal od posledně. Takže jsem celý web hodil do stoupy a obnovil z dva roky staré zálohy, která vypadá čistá.

Podle access logu tomu předcházelo docela dost pokusů u přihlášení, dotazy xmlrpc.php a soubory pluginů, které na webu nemám (tj. zřejmě hledání zranitelnosti). Jednalo se o pokusy z mnoha různých IP.

Našel jsem škodlivý kód vložený do 4 souborů (zřejmě se jedná o mírně upravené názvy jinak existujících souborů):

\wp-includes\customize\class-wp-customize-filters-setting.php

\wp-includes\images\smilies\icon_reds.gif

\wp-admin\images\align-lefts.png

\wp-admin\includes\medias.php

Zdá se, že data změny souborů jsou nastavena na podle již existujících souborů, aby to nebylo snadné najít.

Když se tyhle soubory zavolají s nějakými POST parametry (z accesslogu není patrné jakými), tak udělají adresář /widgetso/ a nafrkají přesměrování do .htaccessu. To se mi stalo během doby co jsem to likvidoval.

Úplně do detailu jsem nezkoumal, co ten kód dělá, protože je to hodně znečitelnětelé. Domnívám se, že se rozstrká do různých souborů které mají podobné názvy jako soubory, co tam mají být a pak je bot spouští, když nenajde /widgetso/

Pokud chcete prohledat své soubory, doporučuji hledat (včetně fragmentů a variant):
@ini_set('display_errors', 0);@set_time_limit(3600);
$q1 ($q2, $q3 ...)
různé kombinace 0 a O, např. OO0O00

BLO_GROS --- --- 13:31:25 12.10.2018

1 odpověď

Prosím o ještě jednu pomoc. Zkouším to už od rána a pořád nic. Upozorňuji, že mé programátorské schopnosti se blíží nule.

Ale potřebuji (podobně jako v mém posledním dotazu) odeslat v URL titulek stránky (tagu). Ttento kód, odesílá pomocí toho "s" vyhledávací dotaz a já potřebuji odeslat místo toho titulek stránky, v mém případě get_tag_title

$search_terms = $_GET['s'];

Jak vložím namísto "s" titulek stránky?

Celý kód, který zobrazuje fotky ze Shutterstocku podle vyhledávacího dotazu nebo titulku na mém webu je tady:


<?php

session_start();
// We use the session to persist our access token

class ShutterstockAPI {

protected $accessToken;

public function __construct($userpwd) {
$this->userpwd = $userpwd;
}

public function search($search_terms, $type = 'images') {
$search_terms_for_url = preg_replace('/\s/', '+', $search_terms);
$url = 'https://api.shutterstock.com/v2/' . $type . '/search?view=full&per_page=7&query=' . $search_terms_for_url;

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_USERPWD, $this->userpwd);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
curl_close($ch);

return json_decode($response);
}

}
?>

<div style="text-align:center;" onclick="ga('send', 'event', 'affil', 'affil-photos', 'search-top');">
<p>Sponsored Images Shutterstock</p>
<?php

$search_terms = $_GET['s']; // Add your own security checks to cleanse this input
$api = new ShutterstockAPI($userpwd);
$images = $api->search($search_terms);
//$videos = $api->search($search_terms, 'videos');

if ($images) {
for ($i = 0; $i < 6; $i++) {
$imageid= $images->data[$i]->id;
$description = $images->data[$i]->description;
$thumb = $images->data[$i]->assets->large_thumb->url;
$thumb_width = $images->data[$i]->assets->large_thumb->width;
$thumb_height = $images->data[$i]->assets->large_thumb->height;
$description=htmlspecialchars($description);
$imageurl="http://www.shutterstock.com/pic.mhtml?id=$imageid";
$imageurl=urlencode($imageurl);
$shutterstockurl="http://shutterstock.7eer.net/c/314800/43068/1305?u=$imageurl";
echo "<a href='$shutterstockurl' target='_blank' rel='nofollow' ><img src='$thumb' alt='$description' style='width: auto; height: 159px; padding: 5px;'></a>";

}
}

?></div>

CRS1138 --- --- 18:24:58 26.3.2018

1 odpověď

Co delam spatne? Snazim se predelat to jakym zpusobem se zobrazuje WooCommerce 'my-account' stranka. Mam vlastni Class, ktera se prokazatelne inicializuje, pridam do constructoru 'add_acction' ale to co mam definovane v te funkci pro tento konstruktor uz se mi nezobrazi…


/**
 * @path functions.php
 */

// Modify Avada WooCommerce
if ( class_exists( 'Woocommerce' ) ) {
  include_once 'include/planx-woocommerce.class.php';
  global $planx_woocommerce;
  $planx_woocommerce = new Planx_Woocommerce();
}


<?php
/**
 * Modifications for WooCommerce.
 *
 * @author     crs1138
 * @link       http://planxdesign.eu
 * @package    Avada-Child
 * @subpackage Avada
 * @path include/planx-woocommerce.class.php
 */

// Exit if accessed directly.
if ( ! defined( 'ABSPATH' ) ) {
  die;
}

/**
 * Class to apply woocommerce templates.
 *
 * @since 1.0.0
 */

class Planx_Woocommerce {

  /**
   * Constructor
   *
   * @access public
   */
  public function __construct() {
    add_action( 'woocommerce_account_dashboard', array( $this, 'planx_account_dashboard' ), 4 );
  }

  /**
   * Rewrite Acount Dashboard
   *
   * @access public
   */
  public function planx_account_dashboard() {
    echo "<h1>planXdesign Account Dashboard</h1>";
  }
}

KOCMOC --- --- 22:19:31 11.10.2017

1 odpověď +2

CRS1138: If WordPress is running as the FTP account, that account needs to have write access, i.e., be the owner of the files, or belong to a group that has write access. In the latter case, that would mean permissions are set more permissively than default (for example, 775 rather than 755 for folders, and 664 instead of 644).

KOCMOC --- --- 16:12:07 19.9.2017

Asi nejkomplexnejsi snippet na kompletni odstraneni podpory komentaru na webu

// Add to existing function.php file

// Disable support for comments and trackbacks in post types
function df_disable_comments_post_types_support() {
	$post_types = get_post_types();
	foreach ($post_types as $post_type) {
		if(post_type_supports($post_type, 'comments')) {
			remove_post_type_support($post_type, 'comments');
			remove_post_type_support($post_type, 'trackbacks');
		}
	}
}
add_action('admin_init', 'df_disable_comments_post_types_support');

// Close comments on the front-end
function df_disable_comments_status() {
	return false;
}
add_filter('comments_open', 'df_disable_comments_status', 20, 2);
add_filter('pings_open', 'df_disable_comments_status', 20, 2);

// Hide existing comments
function df_disable_comments_hide_existing_comments($comments) {
	$comments = array();
	return $comments;
}
add_filter('comments_array', 'df_disable_comments_hide_existing_comments', 10, 2);

// Remove comments page in menu
function df_disable_comments_admin_menu() {
	remove_menu_page('edit-comments.php');
}
add_action('admin_menu', 'df_disable_comments_admin_menu');

// Redirect any user trying to access comments page
function df_disable_comments_admin_menu_redirect() {
	global $pagenow;
	if ($pagenow === 'edit-comments.php') {
		wp_redirect(admin_url()); exit;
	}
}
add_action('admin_init', 'df_disable_comments_admin_menu_redirect');

// Remove comments metabox from dashboard
function df_disable_comments_dashboard() {
	remove_meta_box('dashboard_recent_comments', 'dashboard', 'normal');
}
add_action('admin_init', 'df_disable_comments_dashboard');

// Remove comments links from admin bar
function df_disable_comments_admin_bar() {
	if (is_admin_bar_showing()) {
		remove_action('admin_bar_menu', 'wp_admin_bar_comments_menu', 60);
	}
}
add_action('init', 'df_disable_comments_admin_bar');

KEPASO --- --- 10:44:34 25.4.2017

4 odpovědi

zdarec, resim problem pri ukladani nastaveni sablony, hazi chybu You don't have permission to access /wp-admin/options.php on this server.

– overil jsem atributy souboru, nepomohlo
– opravil jsem htaccess, nepomohlo
– povypinal jsem pluginy, nepomohlo
– debug nic nehlasi
– na jinym hostingu se tento problem neobjevuje :)

nejakej napad?

KEPASO --- --- 16:01:50 9.2.2017

1 odpověď

MICKEY_MOUSE: plugin no, chce to hledat klicovy slova jako time, restrict, access, premium content, membership atd.

10 Ways to Set Up Hidden Premium Content In WordPress - WPMU DEV
https://premium.wpmudev.org/blog/hidden-premium-content-wordpress/
Simple Membership — WordPress Plugins
https://cs.wordpress.org/plugins/simple-membership/

CRS1138 --- --- 9:32:14 19.12.2016

1 odpověď

KOCMOC: ja vetsinou zprostredkovavam hosting a z clientu pacim ssh access :)

ZPC --- --- 16:15:47 11.7.2016

1 odpověď

nechci tomu dělat nějakou velkou reklamu, prosím, neberte to tak, nic z toho nemám ani tam neni referral id...

každopádně:

DESCRIPTION
WordPress users can get very excited about this incredible offer. Your blog(s) is about to get the premium treatment with over 80 top plug-ins that will completely cover all your marketing and social engagement needs. Never again will you worry about reaching the right audience or needing a new marketing strategy. This bundle has you covered with over $4000 worth of premium WordPress plug-ins.
Access over 80 premium plug-ins
Drive your Facebook & Twitter presence w/ social media & engagement plugins
Market a new product or content w/ marketing plug-ins
Beautify your site w/ graphic editors & beautiful launch pages
Drive SEO w/o having to hire any outside sources
Re-engage your audience w/ opt-in forms, coupon management & lead capture pages
SPECS

Details & Requirements
Unlimited sites/blogs
For a full list of included plug-ins & descriptions, click here.

Compatibility
WordPress 3.5.1 or later

LICENSE
Length of access: lifetime
Unlimited sites & blogs

TERMS
All sales final
Instant digital redemption

KOCMOC --- --- 13:19:28 1.6.2016

konecne kompletni kod na vypnuti komentaru globalne (functions.php)

//DISABLE COMMENTS GLOBALLY
// Disable support for comments and trackbacks in post types
function df_disable_comments_post_types_support() {
	$post_types = get_post_types();
	foreach ($post_types as $post_type) {
		if(post_type_supports($post_type, 'comments')) {
			remove_post_type_support($post_type, 'comments');
			remove_post_type_support($post_type, 'trackbacks');
		}
	}
}
add_action('admin_init', 'df_disable_comments_post_types_support');

// Close comments on the front-end
function df_disable_comments_status() {
	return false;
}
add_filter('comments_open', 'df_disable_comments_status', 20, 2);
add_filter('pings_open', 'df_disable_comments_status', 20, 2);

// Hide existing comments
function df_disable_comments_hide_existing_comments($comments) {
	$comments = array();
	return $comments;
}
add_filter('comments_array', 'df_disable_comments_hide_existing_comments', 10, 2);

// Remove comments page in menu
function df_disable_comments_admin_menu() {
	remove_menu_page('edit-comments.php');
}
add_action('admin_menu', 'df_disable_comments_admin_menu');

// Redirect any user trying to access comments page
function df_disable_comments_admin_menu_redirect() {
	global $pagenow;
	if ($pagenow === 'edit-comments.php') {
		wp_redirect(admin_url()); exit;
	}
}
add_action('admin_init', 'df_disable_comments_admin_menu_redirect');

// Remove comments metabox from dashboard
function df_disable_comments_dashboard() {
	remove_meta_box('dashboard_recent_comments', 'dashboard', 'normal');
}
add_action('admin_init', 'df_disable_comments_dashboard');

// Remove comments links from admin bar
function df_disable_comments_admin_bar() {
	if (is_admin_bar_showing()) {
		remove_action('admin_bar_menu', 'wp_admin_bar_comments_menu', 60);
	}
}
add_action('init', 'df_disable_comments_admin_bar');

KOCMOC --- --- 15:08:41 10.2.2016

KEPASO: ja mam jeste takovejhle .htaccess :)))

# BEGIN iThemes Security - Do not modify or remove this line
# iThemes Security Config Details: 2
	# Enable HackRepair.com's blacklist feature - Security > Settings > Banned Users > Default Blacklist
	# Start HackRepair.com Blacklist
	RewriteEngine on
	# Start Abuse Agent Blocking
	RewriteCond %{HTTP_USER_AGENT} "^Mozilla.*Indy" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Mozilla.*NEWT" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^$" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Maxthon$" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^SeaMonkey$" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Acunetix" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^binlar" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^BlackWidow" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Bolt 0" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^BOT for JCE" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Bot mailto\:craftbot@yahoo\.com" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^casper" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^checkprivacy" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^ChinaClaw" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^clshttp" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^cmsworldmap" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^comodo" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Custo" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Default Browser 0" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^diavol" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^DIIbot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^DISCo" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^dotbot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Download Demon" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^eCatch" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^EirGrabber" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^EmailCollector" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^EmailSiphon" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^EmailWolf" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Express WebPictures" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^extract" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^ExtractorPro" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^EyeNetIE" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^feedfinder" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^FHscan" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^FlashGet" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^flicky" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^g00g1e" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^GetRight" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^GetWeb\!" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Go\!Zilla" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Go\-Ahead\-Got\-It" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^grab" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^GrabNet" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Grafula" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^harvest" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^HMView" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^ia_archiver" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Image Stripper" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Image Sucker" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^InterGET" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Internet Ninja" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^InternetSeer\.com" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^jakarta" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Java" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^JetCar" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^JOC Web Spider" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^kanagawa" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^kmccrew" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^larbin" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^LeechFTP" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^libwww" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Mass Downloader" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^microsoft\.url" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^MIDown tool" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^miner" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Mister PiX" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^MSFrontPage" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Navroad" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^NearSite" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Net Vampire" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^NetAnts" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^NetSpider" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^NetZIP" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^nutch" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Octopus" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Offline Explorer" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Offline Navigator" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^PageGrabber" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Papa Foto" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^pavuk" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^pcBrowser" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^PeoplePal" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^planetwork" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^psbot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^purebot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^pycurl" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^RealDownload" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^ReGet" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Rippers 0" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^sitecheck\.internetseer\.com" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^SiteSnagger" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^skygrid" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^SmartDownload" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^sucker" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^SuperBot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^SuperHTTP" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Surfbot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^tAkeOut" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Teleport Pro" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Toata dragostea mea pentru diavola" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^turnit" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^vikspider" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^VoidEYE" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Web Image Collector" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Web Sucker" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WebAuto" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WebBandit" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WebCopier" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WebFetch" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WebGo IS" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WebLeacher" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WebReaper" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WebSauger" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Website eXtractor" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Website Quester" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WebStripper" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WebWhacker" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WebZIP" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Wget" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Widow" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WPScan" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WWW\-Mechanize" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^WWWOFFLE" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Xaldon WebSpider" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^Zeus" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "^zmeu" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "360Spider" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "AhrefsBot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "CazoodleBot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "discobot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "EasouSpider" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "ecxi" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "GT\:\:WWW" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "heritrix" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "HTTP\:\:Lite" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "HTTrack" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "ia_archiver" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "id\-search" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "IDBot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "Indy Library" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "IRLbot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "ISC Systems iRc Search 2\.1" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "LinksCrawler" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "LinksManager\.com_bot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "linkwalker" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "lwp\-trivial" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "MFC_Tear_Sample" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "Microsoft URL Control" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "Missigua Locator" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "MJ12bot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "panscient\.com" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "PECL\:\:HTTP" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "PHPCrawl" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "PleaseCrawl" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "SBIder" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "SearchmetricsBot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "SeznamBot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "Snoopy" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "Steeler" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "URI\:\:Fetch" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "urllib" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "Web Sucker" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "webalta" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "WebCollage" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "Wells Search II" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "WEP Search" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "XoviBot" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "YisouSpider" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "zermelo" [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} "ZyBorg" [NC,OR]
	# End Abuse Agent Blocking
	# Start Abuse HTTP Referrer Blocking
	RewriteCond %{HTTP_REFERER} "^https?://(?:[^/]+\.)?semalt\.com" [NC,OR]
	RewriteCond %{HTTP_REFERER} "^https?://(?:[^/]+\.)?kambasoft\.com" [NC,OR]
	RewriteCond %{HTTP_REFERER} "^https?://(?:[^/]+\.)?savetubevideo\.com" [NC]
	# End Abuse HTTP Referrer Blocking
	RewriteRule ^.* - [F,L]
	# End HackRepair.com Blacklist, http://pastebin.com/u/hackrepair

	# Enable the hide backend feature - Security > Settings > Hide Login Area > Hide Backend
	RewriteRule ^(/)?prihlaseni/?$ /wp-login.php [QSA,L]

	# Protect System Files - Security > Settings > System Tweaks > System Files
	<files .htaccess>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files readme.html>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files readme.txt>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files install.php>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files wp-config.php>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>

	# Disable Directory Browsing - Security > Settings > System Tweaks > Directory Browsing
	Options -Indexes

	<IfModule mod_rewrite.c>
		RewriteEngine On

		# Protect System Files - Security > Settings > System Tweaks > System Files
		RewriteRule ^wp-admin/includes/ - [F]
		RewriteRule !^wp-includes/ - [S=3]
		RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
		RewriteRule ^wp-includes/[^/]+\.php$ - [F]
		RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
		RewriteRule ^wp-includes/theme-compat/ - [F]

		# Disable PHP in Uploads - Security > Settings > System Tweaks > Uploads
		RewriteRule ^wp\-content/uploads/.*\.(?:php[1-6]?|pht|phtml?)$ - [NC,F]

		# Reduce Comment Spam - Security > Settings > System Tweaks > Comment Spam
		RewriteCond %{REQUEST_METHOD} POST
		RewriteCond %{REQUEST_URI} /wp-comments-post\.php$
		RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
		RewriteCond %{HTTP_REFERER} !^https?://(([^/]+\.)?moje-domena\.cz|jetpack\.wordpress\.com/jetpack-comment)(/|$) [NC]
		RewriteRule ^.* - [F]
	</IfModule>
# END iThemes Security - Do not modify or remove this line

# BEGIN WP Rocket v2.4.3
# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset UTF-8
# Force UTF-8 for a number of file formats
<IfModule mod_mime.c>
AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml
</IfModule>

# FileETag None is not enough for every server.
<IfModule mod_headers.c>
Header unset ETag
</IfModule>

# Since we're sending far-future expires, we don't need ETags for static content.
# developer.yahoo.com/performance/rules.html#etags
FileETag None

<IfModule mod_alias.c>
<FilesMatch "\.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml)$">
<IfModule mod_headers.c>
Header set X-Powered-By "WP Rocket/2.4.3"
Header unset Pragma
Header append Cache-Control "public"
Header unset Last-Modified
</IfModule>
</FilesMatch>

<FilesMatch "\.(css|htc|js|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$">
<IfModule mod_headers.c>
Header unset Pragma
Header append Cache-Control "public"
</IfModule>
</FilesMatch>
</IfModule>

# Expires headers (for better cache control)
<IfModule mod_expires.c>
ExpiresActive on

# Perhaps better to whitelist expires rules? Perhaps.
ExpiresDefault                          "access plus 1 month"

# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
ExpiresByType text/cache-manifest       "access plus 0 seconds"

# Your document html
ExpiresByType text/html                 "access plus 0 seconds"

# Data
ExpiresByType text/xml                  "access plus 0 seconds"
ExpiresByType application/xml           "access plus 0 seconds"
ExpiresByType application/json          "access plus 0 seconds"

# Feed
ExpiresByType application/rss+xml       "access plus 1 hour"
ExpiresByType application/atom+xml      "access plus 1 hour"

# Favicon (cannot be renamed)
ExpiresByType image/x-icon              "access plus 1 week"

# Media: images, video, audio
ExpiresByType image/gif                 "access plus 1 month"
ExpiresByType image/png                 "access plus 1 month"
ExpiresByType image/jpeg                "access plus 1 month"
ExpiresByType video/ogg                 "access plus 1 month"
ExpiresByType audio/ogg                 "access plus 1 month"
ExpiresByType video/mp4                 "access plus 1 month"
ExpiresByType video/webm                "access plus 1 month"

# HTC files  (css3pie)
ExpiresByType text/x-component          "access plus 1 month"

# Webfonts
ExpiresByType application/x-font-ttf    "access plus 1 month"
ExpiresByType font/opentype             "access plus 1 month"
ExpiresByType application/x-font-woff   "access plus 1 month"
ExpiresByType image/svg+xml             "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"

# CSS and JavaScript
ExpiresByType text/css                  "access plus 1 year"
ExpiresByType application/javascript    "access plus 1 year"

</IfModule>

# Gzip compression
<IfModule mod_deflate.c>
# Active compression
SetOutputFilter DEFLATE
# Force deflate for mangled headers
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
# Don't compress images and other uncompressible content
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g)$ no-gzip dont-vary
</IfModule>
</IfModule>

# Compress all output labeled with one of the following MIME-types
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE application/atom+xml \
		                          application/javascript \
		                          application/json \
		                          application/rss+xml \
		                          application/vnd.ms-fontobject \
		                          application/x-font-ttf \
		                          application/xhtml+xml \
		                          application/xml \
		                          font/opentype \
		                          image/svg+xml \
		                          image/x-icon \
		                          text/css \
		                          text/html \
		                          text/plain \
		                          text/x-component \
		                          text/xml
</IfModule>
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
</IfModule>

<IfModule mod_mime.c>
AddType text/html .html_gzip
AddEncoding gzip .html_gzip
</IfModule>
<IfModule mod_setenvif.c>
SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteRule .* - [E=WPR_ENC:_gzip]
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} =""
RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_|wp-postpass_|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]
RewriteCond %{REQUEST_URI} !^(/kosik/|/pokladna/(.*)|/obchod/pokladna/(.*)|/obchod/kosik/|/wp-json/*|.*/feed/)$ [NC]
RewriteCond %{HTTP_USER_AGENT} !^(facebookexternalhit).* [NC]
RewriteCond %{HTTPS} off
RewriteCond "%{DOCUMENT_ROOT}/domains/moje-domena.cz/wp-content/cache/wp-rocket/%{HTTP_HOST}%{REQUEST_URI}/index.html%{ENV:WPR_ENC}" -f
RewriteRule .* "/domains/moje-domena.cz/wp-content/cache/wp-rocket/%{HTTP_HOST}%{REQUEST_URI}/index.html%{ENV:WPR_ENC}" [L]
</IfModule>
# END WP Rocket


# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddType x-font/otf .otf
AddType x-font/ttf .ttf
AddType x-font/eot .eot
AddType x-font/woff .woff
AddType image/x-icon .ico
AddType image/png .png

# end compress text, html, javascript, css, xml:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^^zdravotni-karta/? /wp-content/themes/pet-rescue/zdravotni-karta.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

CITRONAK --- --- 14:21:35 29.1.2016

1 odpověď

PIDIZUB: https://wpml.org/...-your-contents/how-to-use-access-plugin-to-create-editors-for-specific-language/

PIDIZUB --- --- 22:34:38 8.12.2015

PIDIZUB: Vyřešeno. Zatím funguje. Našel jsem plugin: editorial-access-manager/ | http://bit.ly/1NU7CzY
Nastavuje se přímo na stránce nebo příspěvku. Lze nastavit omezení celé skupině, nebo konkrétním lidem. V přehledu je to pak taky uvedené. Jednoduché, rychlé. Přesně to jsem chtěl.

BULHI --- --- 21:59:41 8.12.2015

1 odpověď

PIDIZUB: ve WP jsem to nikdy neresil, ale tomuhle se rika access control, tak bych se zkusil odpichnout od toho.. namatkou treba:

WordPress › WordPress Access Control « WordPress Plugins
https://en-ca.wordpress.org/plugins/wordpress-access-control/

Kliknutím sem můžete změnit nastavení reklam

přezdívka
heslo

pamatuj si mě
registrace
ztracené heslo?