Profile cover photo
Profile photo
Thomas Scholz (toscho)
2,650 followers -
✔ Verified very fine verifier
✔ Verified very fine verifier

2,650 followers
About
Thomas Scholz (toscho)'s posts

Post has attachment
Workaround for the current security vulnerability in WordPress 4.7.4

There is currently a vulnerability in WP as outlined here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295

Summary: An attacker can get password reset links that aren't meant to be shared. Some hosting services (like Uberspace) will not send a request with a faked HOST header to your site, then you are safe already.

In other cases, you can just disable password reset requests temporarily until there is a fix by WordPress.

Add the following to your .htaccess between "RewriteEngine On" and the WP rules:

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{QUERY_STRING} action=lostpassword
RewriteRule ^ - [L,R=403]

Don't forget to remove it after an update, you cannot reset your password otherwise.

How can we remove spam comments now?

In the new UI, when you remove a comment (on desktop), it comes back after a page reload. Thus, spam comments stay forever.

Is there a workaround for this nasty bug? I have of course reported it already, but it's pretty urgent.

How can I activate the Events in my community?

It seems to be gone for no reason. I also see no way to access past events.

Post has attachment
When you install WordPress: What dashboard widget is the least useful?

This is repeating a question from +Dion Hulse on Twitter: https://twitter.com/dd32/status/819733210032545796
-
votes visible to Public
Poll option image
Quick Draft
WordPress News
Welcome
At a glance
14%
Activity
19%
Quick Draft
47%
WordPress News
16%
Welcome
5%
At a glance

Post has attachment
WordPress 4.7 is ready

New features

- Theme Twenty Seventeen
- "Workflows" in the customizer: publish multiple changes at once
- Custom CSS for small tweaks to your site's appearance
- Thumbnail previews for PDF files
- Dashboard in your language, independent of the front end language
- REST API Content Endpoints

All 702 closed tickets
https://core.trac.wordpress.org/query?group=status&milestone=4.7

Trouble-shooting list
https://wordpress.org/support/topic/read-this-first-wordpress-4-7-master-list/

Please do not offer or ask for ripped code.

This should be obvious, but apparently it isn't. Hence this note.

If you do that once, we will remove the post or comment. The second occasion will lead to a permanent ban.

Post has attachment
Das Pluginkollektiv sucht Unterstützung. Deine!

Post has attachment
WordCamp Europe, wer von euch ist dabei?

Post has attachment
WordPress 4.5 is out!

Thank you to all contributors!

Please let us know how your update went. Which new feature do you like most?

Post has attachment
Habt ihr noch ungenutzte Blogs herumliegen?

Ich habe dieses gerade auf einem meiner selten genutzten Server gefunden. Jetzt will ich mal alle alten Installationen entweder wegwerfen oder in einer Multisite-Installation bei Uberspace zusammenziehen, damit ich nur noch ein Updateziel dafür im Auge behalten muss.

Was macht ihr mit alten Blogs?
Photo
Wait while more posts are being loaded