Funches: Carney: meaning if you have an archive-podcasts.php file you can just hardcode the title you want to show for that particular archive page right in there
Gilfillan: Carney: “page” is a cpt of it’s own technically. so a “page title” would be the title of a page specifically, not posts or cpt’s.
Gilfillan: Just remember when saying “page” most of us will ***ume you literally mean “page”
Amphy: Opsec: i tried to make a standardized syntax for pages but it was shot down
Gilfillan: Well we can’t have things being clear.
Gilfillan: Takes all the fun out of the easter egg hunt
Wohld: To be fair, pages are really a hierarchal post type
Gutter: But they are a littl deceptive
Amith: Haaga: thats almost exactly what opsec said. they are a CPT but they are unto themselves because they already exist when you install WP
Swierk: All these hacks going on atm – PHP code being injected in all the PHP files if!isset$GLOBALS”x61156x75156x61″ etc, any idea of how stuff is infected?
Gilfillan: I’m so much clearer on the subject now.
Bribiesca: Renter: http://codex.----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/FAQ_My_site_was_hacked , and stop trying to patch up your hacked site. Reinstall or restore your backups. And read http://codex.----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/Hardening_WordPress
Mcnany: Posts are just default cpt’s
Sexauer: Renter: there’s a million ways for you to have gotten hacked
Tschoepe: I like how “and stop trying to patch up” is in the premade answer
Jankowiak: Guimares, it seems to happen on updated WPs, all kinds of different installations, so I would not suspect one particular plugin. But all the hacks seems to be the same
Bussen: So, if it happens on a completely up2date WP, reinstalling doesn’t do a thing
Beckstrand: I’m having trouble doing Plugin updates I get error : Download failed. Problem with the SSL CA cert path? access rights?
Lutrick: Renter: theres a lot of variables that could result in a hacked site. not up to date installs of both WP or plugins is one. the plugins as a whole could be bad. themes could be not updated or never issues an update, etc etc
Arvay: Renter: when a security hole is found thatr is part of a WP core function they usually announce it just to plugin devs, let them patch it, then announce it publicly so general users know about it. etc.
Tschoepe: There was talk of some big-ish hack a couple days ago with a popular plugin probably dunno if its the same
Janusz: I just wonder what the thing in common is, since all the hacks are identical ~13000 bytes prepended all PHP files. And since it is so many different installations on different servers, it just sounds odd
Busser: That’s why I suspect something more general, than a plugin
Shaheed: Renter: it could be a chunk of code that a bunch of different plugins use. some commonly used code or script
Gilfillan: If a plugin is shared across sites, it’s not general.
Toriello: Renter: you’re really over simplifying things with your weak logic
Siddell: Renter: if the sites are on the same server, the plugin exploited could have spread across the system
Tschoepe: I dunno if thats a marketing campaign type of post or actually big
Tschoepe: Ya they can use it for that also
Carty: Haaga, it is multiple servers
Forte: Guimares, I’m just asking if there’s something known going around, since it spreads like the plague, and I can’t seem to see the attack vector
Gilner: So reinstalling is really not a solution – that is just pure stupidity and waste of time
Gilfillan: When you use something as big as wordpress and that involves so many areas of expertise, database, webserver, filesystem security, iptables/fiorewalls, selinux/apparmor, etc. *and* you try to do all these things yourself without knowing them inside and out. you’re doomed to be exploited at some point.