[cheinyeanlim]

The plugin was designed to stop hackers from gaining access to your blog via trial and error, something which is quite common with WordPress blogs since most people use the default username login ‘admin’….

http://www.pupuweb.com/blog/protect-blog-with-login-lockdown/

[jimgroom]

Hey everyone,

Testing out RC3, and it works in terms of bbPress/BuddyPress/WPMu 2.7.1 integration far better than RC2, which had me stumped. I do have one lingering issue with the integrated signon between WPMu and bbPress for anyone who might have a lead. When I login to either WPMu or bbPress it logs me into both applications, however, if I try and logout of bbPress when I originally logged in to WPMu, for example, it won’t log me out. I have to actually go and logout of WPMu to be logged out of bbPress. This was a similar/common issue in a version that was in the 0.7.x or 0.8.x series. And I have the sneaky suspicion there is something in my config files that is baling it. Anyone having a similar issue? Anyone know of a fix? Below are my config files for both wp and bbPress.

Right now I have this in my wp-config:

define( ‘COOKIE_DOMAIN’, ‘.umwblogs.org’ );

define( ‘SITECOOKIEPATH’, ‘/’ );

define( ‘COOKIEPATH’, ‘/’ );

define( ‘COOKIEHASH’, ‘#################’ );

And this in my bb-config:

// WordPress cookie integration speedup

$bb->wp_siteurl = ‘http://umwblogs.org’;

$bb->wp_home = ‘http://umwblogs.org’;

$bb->cookiepath = ‘/’;

$bb->authcookie = ‘wordpress_###################’;

$bb->secure_auth_cookie = ‘wordpress_sec_###################’;

$bb->logged_in_cookie = ‘wordpress_logged_in_###################’;

$bb->admin_cookie_path = ‘/forums/bb-admin’;

$bb->core_plugins_cookie_path = ‘/forums/bb-plugins’;

$bb->user_plugins_cookie_path = ‘/forums/my-plugins’;

$bb->sitecookiepath = ‘/’;

$bb->wp_admin_cookie_path = ‘/wp-admin’;

$bb->wp_plugins_cookie_path = ‘/wp-content/plugins’;

// End integration speedups

define( ‘WP_AUTH_COOKIE_VERSION’, 1 );

[dss]

• bb latest discussions wordpress plugin now reports an error.

This was not actually true… Seems I only needed to remove the trailing slash on my bbpress URL and voila! It works fine.

• No more images… bbpress just eats the code. allow images plugin installed, and activated.

This, however, is still true. Has anyone else encountered this trouble?

Trying to determine if it’s a plugin in need of update, or if it’s an error on my part, or an actual issue in RC3

However, it looks like integration actually works (for the very first time ever!)

This remains true. So happy about that!

[dss]

Just updated to RC3 with WP2.8

• No more images… bbpress just eats the code. allow images plugin installed, and activated.

• bb latest discussions wordpress plugin now reports an error.

However, it looks like integration actually works (for the very first time ever!)

[Marcomail]

Johnjamesjacoby could you give us some more information ? Thanks

[aditya2311]

Thanks for your reply.

I have installed WordPress 2.8. and bbpress 0.9.0.5. I have used the same database named “wordpress” for both. Please check http://bits-oasis.org/blog and http://bits-oasis.org/forum

[yakusha]

ı downloaded old database

after deleted old tables like bb_ on database, using phpmyadmin tools.

after re-installed bbpress and integreted to wordpress

after opened downloaded sql file and re uploaded 3 tables:

bb_post

bb_forum

bb_topic

forum is fasted

yes, bbpress rc3 faster older versions…

[rich! @ etiviti]

@nuprn1

Are you integrating with WordPress there?

No, straight install on MySQL 5.0.67

I believe everything is working correctly, I can log in with the keymaster and setup forums and general settings.

[johnhiler]

What versions of bbPress and WordPress are you using? And what was your method for integrating the two?

[aditya2311]

I have installed both wordpress blog and bbpress forums. But on integrating them, i am facing a problem of login into my account while using firefox. Although it is working properly in other browsers. Please check http://bits-oasis.org/blog and http://bits-oasis.org/forum

[Sam Bauers]

@nuprn1

Are you integrating with WordPress there?

[Sam Bauers]

They have to be changed separately. You might be able to write a plugin for WordPress that syncs them up or even deletes the bbPress role for recreation (based on the role map) when the user next visits bbPress.

[johnhiler]

Ah I see – you’d like to add a theme editor to bbPress?

The Theme editor is what I mentioned earlier as a huge existing potential security hole in WordPress. It seemed to be a major attack vector in the recent Bablooo spammer attack, which hit one of my sites; it allowed the virus to add spam links to existing posts. If they had wanted to, they could have easily overwritten the posts completely – or even deleted them.

I would highly encourage you to delete the theme editor file from any existing WordPress installs… at least until WordPress has diagnosed the vulnerability and if appropriate, issued a patch.

But if you feel safe behind your firewall… I suppose you could pay a developer to build a plugin which lets Adminstrators and above write to your file system using the bbPress admin. There’s definitely no existing bbPress plugin that I’m aware of! Maybe WordPress’s code could be ported…

Good luck!

[rafff]

Why this translation can’t be in the official package version of bbPress?

[mightybutton]

@johnhiler: Sorry for the confusion. I am not talking about a role permission with bbpress. I am actually talking about the Theme editor that wordpress has. That way theme modifications can be made without having to use ftp. It looks like though that I am not going to get that luxury.

[_ck_]

It’s kind of hilarious they have blocked ftp yet template upload and edits via php can completely open your system to security vulnerabilites. We’re still trying to figure it out but I have a strong suspicion of the WordPress theme-editor.php causing a large number of WordPress sites to get compromised recently:

babloo/blyat spammer attack on many WordPress blogs

The day bbPress gets a built in theme-editor, delete the file immediately.

Also delete xmlrpc.php unless you absolutely need trackbacks/pings.

And never, ever, use a dictionary word within a WordPress password as there’s no limit on login attempts.

[thion]

Perhaps because if you will install wordpress in https:// domain, secure_auth_salt will be created automatically.

[coca_cola]

Hi, just tried to install bbpress 1.0-RC3. Step 1-3 was no problem but after step 4 I got the following info:

“Your installation completed with some minor errors. See the error log below for more specific information.”

“Show installation messages”

Installation errors: “Forum could not be created!”

Is there anybody who knows how I can solve that problem? I’ve no idea why it could not be created…

Installation log:

Referrer is OK, beginning installation…

Step 1 – Creating database tables

>>> Database is already installed!!!

Step 2 – WordPress integration (optional)

>>> Integration not enabled (I made this before….thats not the problem I know where to find keys and how copy/paste works)

Step 3 – Site settings

Site name: page1

>>> Site address (URL): http://ssssss.com/

>>> From email address: dxd@dffff.com

>>> Key master created

>>>>>> Username: admin

>>>>>> Email address: dxd@dffff.com

>>>>>> Password:

>>> Description: Just another bbPress community

>>> Forum could not be created!

>>> Key master email sent

There were some errors encountered during installation!

I use latest wp mu version and latest buddypress version.

[johnhiler]

WordPress and bbPress permission levels work a little differently… bbPress doesn’t have an “editor”. In addition to the basic level of “Member”, we have Moderators, Administrators, and Keymasters.

What sort of things do you want your editor to be able to do?

[mightybutton]

@johnhiler: That makes a lot sense to me. I have three servers full of wordpress blogs and for the last three months I have been hammered with viruses and hacks. This is something I need to pass onto my server admin!

However, for the specific project I’ve mentioned above our forum will reside on the company intranet. We are behind a firewall and only those from our company can access the forum. So, I would still like to add an editor. Can anyone point me to documentation on how to do this?

By the way, I really appreciate the input from both Ipstenu and johnhiler. It helps as I stumble around figuring out bbpress!

[infected]

Hi!

Having the same problem here: I can´t login to bbpress & wordpress at the same time. I´m using wp 2.8, bbpress 1.0 rc3 and the bbpress integration plugin 1.0-rc-3

[johnhiler]

I don’t think there’s a theme editor built into bbpress… but I would highly recommend against it.

There’s been a recent WordPress virus which has hit thousands of of sites, and used the theme-editor as an attack vector:

http://ckon.wordpress.com/2009/06/05/bablooo-spammer-attack-on-several-wp-blogs/

My WordPress install was hit, and I was able to confirm from my access logs that the attacker attempted to use theme-editor as an attack vector. I’m actually deleting the theme editor from my WordPress install, even though I haven’t enabled write permissions on the theme folders… just because the whole experience was so traumatic.

[lcaruana]

Will bbPress 1.0 integrate easily with WP2.8 when it releases? Currently I have WP 2.8 and bbPress .9.0.5 installed. I’m wondering if I should keep pulling my hair out trying to get these two to work together or if I should just wait for 1.0 to release.

[thion]

Not every wordpress installation have secure_auth_salt – you can skip this part, as it’s related to https:// protocol – I mean, as long as you’re not using https:// for your websites .

[Munnday]

Fresh WordPress 2.8 and bbPress 1.0RC3 installation.

I have assigned the ‘Authentication Unique Keys’ correctly in WP (auth_key, secure_auth_key, logged_in_key, nonce_key).

Now when I check options.php in WordPress I have the following:

* auth_salt

* logged_in_salt

* nonce_salt

Thats it! No secure_auth_salt!!