Redirect to my blog site address

[bob noble]

Hi Drew,
Changing the two directories to be the same in wordpress seems to have helped things out a bit. The Wordfence enable enhanced firewall writes to the .htaccess now, but still doesn't work. I will work on that eventually and likely contact their forum for help on it.
I had to reset up my account in Live Writer so it's happy now too.
My log in is working well now too.
I've been monitoring the live traffic log in Wordfence quite a bit and can now see why your captcha plugin should be real effective in blocking all the robot type software the bad guys use, so now that I'm caught up, I just installed it. Thanks.
I still have to change the admn name and I will as soon as I think of a login name and have the time as that seems like a good idea too. I think I will use the plugin to do that as I'm not up to par with the Cpanel type software yet, as it seems like it has a learning curve.
Oh, the redirect using your code in the .htaccess file also works real good now too since the directory change in Wordpress.
Anyway, things are looking good and thanks again for your help.
Bob

[drew.phillips]

Hi Bob,

I'm happy to hear things are just about there and most everything is working well.

I think the reason the firewall isn't working actually has to do with how the "DOCUMENT_ROOT" value in PHP is getting set on our hosting platform. Basically, it won't load anywhere except in your root wordpress folder.

I just made a change to how your PHP CGI runs and I believe I have resolved that issue. I also needed to make a small path fix in your wordfence-waf.php file but it looks like that now points to the right files, and your .user.ini file is being processed for all directories on your site, and not just the root.

In a little while, we should have a better idea if it's working as it should start showing you more log entries.

Let me know how that worked out.

[bob noble]

Hi Drew,
I now have an enhanced or extended listing in my Wordfence firewall plugin, so you nailed it.
And your Securimage captcha plugin for Wordpress is installed and has stopped all the spam into my comments section, so I was able to remove the akismet plugin as Securimage is doing the job.

I do have a small issue with the captcha on my login after I close my browser, IE11 after being logged in.
It says: Securimage-WP CAPTCHA would appear here if you were not logged in as a WordPress administrator and returns an error when I try to log in, but a refresh or shut the browser and open it again to log in and it works just fine. I tried logging out first, but still get the error. I can handle that, but I thought I'd just let you know.

I also see you did a bit of house cleaning for me which I appreciate and now all is working as it should and hopefully the bad guys will not get into the site anymore.
Thanks for all your help in resolving these issues.
Bob

[bob noble]

Hi Drew,
Just a correction on your Securimage-WP plugin.
If I log out, I get the captcha, but it doesn't work and I get a security failure, just for your info.
I shut the browser or refresh and it works.
Bob

[drew.phillips]

Hi Bob,

Glad to hear Wordfence seems to be working now. And thanks for letting me know that issue with the plugin, I'll take a look tonight and see if I can pin point the issue. So far I haven't experienced it in Firefox but it sounds like a cookie thing where it still thinks you're logged in when it goes to show the form. Appreciate the feedback!

[bob noble]

Hi Drew,
I've been watching the live traffic in Wordfence a lot lately and even though it's a lot of work, I've been blocking anything that goes to the login or xmlrpc files and bots that go to the comments section. Your Securimage plugin for Wordpress is blocking all the comment bots so I don't need to block them anymore.
This morning I noticed that the bot logins have slowed a lot, but the xmlrpc file is being accessed a lot more now, so I removed it and will just stick it back when I want to post from Live Writer to see if I can get some of these hackers off my back at least for the short term.

What I think I'm seeing in the live tracking of Wordfence is the capthcha isn't getting kicked in for the xmlrpc file nor the logins files from the hacker bots. At least that's what I think I'm seeing as it is showing when they go to the comments section.
So, my question is since I'm the only one logging in and having to deal with the captcha, maybe it's not useful for the login files and I can remove it for logins?
Am I interpreting this correctly?
Thanks,
bob

[bob noble]

Drew,
A little update on the captcha problem.
A reader couldn't leave a comment after trying several attempts at the
captchas and the captcha's have been a pain for me to log in too. :O)
So I decided to switch to the math ones, thank you.
It still keeps all the spam comments out.
So far they are working great and the interesting thing that might be of interest to you is the captcha problem I let you know about is not happening any more with the math captchas, so I thought I'd let you know. The only thing I think might be an improvement is if a little text saying, solve the math, as I think some people might just try to type in what they see and have a problem with it.

As far as the bad guys trying to login, I've blocked a lot of them and rename the xml file until I need to use Live Writer and the number of login attempts have decreased dramatically.
So all is good and thanks,
bob