esn024 Posted July 10, 2022 Posted July 10, 2022 23 hours ago, Krydos said: Yep, that donation counts for the Plesk transfer. You've moved from #960 to #1. You should have received an email with a link that allows you to move to Plesk. Let us know if you didn't get the email, or if you have any questions. Thanks, I think it got moved over. The FTP connection works. I can sign in to Plesk. However, if I go to https://www.thebrooksreflections.com/ now, it still shows a "Security Risk" message. If I click "ignore" and continue, it goes to a page that says "Error establishing a database connection". And if I go to https://thebrooksreflections.heliohost.org/, it goes to a page that says "This is the wrong folder."
Krydos Posted July 10, 2022 Posted July 10, 2022 Your SSL certificate got issued for thebrooksreflections.com but not for wwwthebrooksreflections.com. I reissued the SSL certificate for you so it will cover both. You could have done this yourself by going to Websites & Domains > thebrooksreflections.com > SSL/TLS Certificates > Reissue Certificate and then checked the box next to www. The reason your Wordpress stopped working is because you were using esn024 as your MySQL user. On cPanel if you used your username you could access all of your databases will full access. Plesk is a little more secure, and you have to actually grant permission to each database. What I recommend doing is creating a MySQL user named 'esn024_wp' or something like that and granting that new user access to just the Wordpress database. Make sure you update the wp-config.php file to match the new user and password. It's actually pretty insecure and bad practice to use a MySQL user that has full access to all of your databases for something like this. Wordpress is the most easily hacked software you can possibly install, and if someone gets a hold of the password that can access all of your databases on the whole account they can do that much more damage and not be contained to just Wordpress. If you can't figure out how to create a MySQL user and grant them access to your database let us know and we can help some more.
esn024 Posted July 10, 2022 Author Posted July 10, 2022 1 hour ago, Krydos said: Thank you very much for the very helpful reply, I did as you suggested and got it working. I also looked logged in to Wordpress for the first time in many months, and Holy Batman, nearly 4000 spam comments! Funny how my other site, that I coded myself in PHP, gets NO spam comments or accounts at all despite having only a very simple "real person checker", while this WordPress one just got absolutely flooded. Maybe I should just rewrite the whole thing on my own... on the other hand, it feels a bit like defeat - I've read that WordPress CAN be made secure...
wolstech Posted July 10, 2022 Posted July 10, 2022 Wordpress gets attacked because it's so widely used. Spambots and even dedicated cybercrime groups exist that specialize in attacking WP. Spam comments are just an annoyance considering it's extremely common for a WP site to get hacked and replaced with phishing content. WP can't really be made secure in any sensible manner just due to how badly it's written. They find new security holes all the time. Keeping it updated and not using dubious extensions makes a big difference, but even then it's not uncommon to see it suddenly get hacked out of the blue. Security extensions can also help, but some of those are famous for bloating it to the point where it causes high load and has 30+ second load times.
sylvain Posted July 14, 2022 Posted July 14, 2022 Well i'm glad that WP has been removed from my account. Would not like that replaced or give some phishing content. I wonder why still peoples use WP?
wolstech Posted July 14, 2022 Posted July 14, 2022 It's easy to use, has been around forever, and has tons of integrations and extensions available for it...the same reasons it's widely used are also the reasons it should not be used. The code base is ancient, a lot of those extensions have backdoors or are abandoned and have unfixed security issues, and it's easy to use it to do nearly anything...including phish.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now