This global brute force attack on self hosted WordPress sites has been going on for past few days. I am going to address different cases and attempted solutions here. Please bookmark this Q&A and check back for new case studies.
CASE 1
One site came to my notice today, where the users could not login because the login or admin page got redirected to a page that output “not acceptable“. I checked the .htaccess
file and it seemed to have non-standard statements, which neither the
developer nor the site-admin remember putting in. So, we removed the
extra statements and retained only the default WordPress generated
htaccess statements and the site was back to normal.
…to be cont’d…
Find where the comment_form() function is called. Usually it will be in the comments.php file of your WordPress theme.
It might be displayed like:
<?php comment_form(); ?>
Pass an argument to the function as below:
<?php comment_form(array('comment_notes_after' => '')); ?>
The array can have other arguments as well to mod the comment form to your liking. Refer to WordPress comment form codex for all possibilities.
This is very easy and simple in WordPress, if your theme doesn’t have it already.
Go to Dashboard > Appearance > Editor.
Click on footer.php in the list of program files.
Now, insert below code where you want the copyright and year to appear.
© <?php echo date("Y") ?>
Not really. WordPress Multisite (WP-MU in older versions) only facilitates one-stop management. That is, you don’t have to logout and login into multiple sites to manage them – you can manage them all from one dashboard.
Ask SRI (Systems Resources Integrators)