April 8, 2013 at 1:05 pm #34056April 8, 2013 at 2:22 pm #34087April 8, 2013 at 2:36 pm #34093
They turned what off? The edit link?
Who turned it off and why? And how do I fix this?April 8, 2013 at 2:52 pm #34096
Here's the other thread with the same issue:
April 8, 2013 at 2:57 pm #34101
I've put in a ticket to them as well. I think Synthesis must have deactivated something?April 8, 2013 at 2:59 pm #34102
StudioPress support sent me this link:
I told them this makes no sense. Sure, I can do my editing via FTP, but that's what the WordPress dashboard is for. All I did was update a plugin. Is that what caused this problem?
They said Synthesis turned off the edit link and then told me to read the article. They didn't offer any additional help. So I'm expected to know what this means? Why on earth would they turn off the edit link?
How do I fix this???April 8, 2013 at 3:07 pm #34104April 8, 2013 at 3:11 pm #34107
Do you recall what your steps were up to the missing edit link? It seems this may have nothing to do with the plugin update I did this morning.
As a new StudioPress and Synthesis, this makes me uncomfortable, but I'm sure there's a way they can fix this.
🙂April 8, 2013 at 3:13 pm #34110
@ceeking, no I don't. I hadn't logged in in 2-3 days. I think the last thing I had done was in the css editor.
I followed the link and while I understand ftp, it sure is nice to be able to do it within wordpress..and if I do break something, I know how to go back and fix it. It's like 10 more steps to do it via ftp!April 8, 2013 at 3:20 pm #34115
FTP isn't an option for me. It's important knowing how to use it, but there's no way I'm changing font colors and doing simple things via FTP.
Something happened, and it's not our fault. But I did tons of research before joining Synthesis and trust they'll get this figured out. I'm just kind of bummed with the timing.April 8, 2013 at 3:28 pm #34118
The top security people Sucuri advise that the dashboard editor should be disabled.
If someone gets into your dashboard they can do what they like if the editor is live.
They can easily lock you out.
Without the editor they have to crack your FTP info.
Rather anoying that the Synthesis folk didn't warn you before turning it off though!April 8, 2013 at 3:42 pm #34122
From the Sucuri website:
Disable Editing in WP-ADMIN
I am also a big fan of this, too often we’re seeing wp-admin credentials compromised and by allowing someone to edit within your admin panel you give the attack full access to all your files. The easiest way to avoid this is to disable the editor via your wp-config file:
#Disable Plugin / Theme Editor
Define(‘DISALLOW_FILE_EDIT’,true);April 8, 2013 at 3:50 pm #34126
This is what StudioPress support just told me:
Due to large numbers of users crashing their sites by editing PHP from within WordPRess (a PHP application itself) we've removed the WP editor system wide. You can use FTP and a text editor to achieve the same in a much safer fashion. We also highly encourage backing up or making a copy of any files that you edit so that you can easily undo them should issues occur.
Did Sucuri just make this announcement? Or has this been a known problem for years and Synthesis is just now making this decision? I'm really upset and very confused. I am brand new to this company and am extremely disappointed that they didn't send out a warning to their customers. I find that to be incredibly insulting.
Could someone please clarify this . . .
If Synthesis is using top-grade security measures (one of their biggie marketing tools), how is my dashboard any more vulnerable than my Synthesis account or my FTP access, which uses sign-in information that can be found in my Synthesis account? Doesn't this make FTP clients a huge target for hackers, now?
Aren't they just shuffling off the problem to someone else, since they don't own/operate the FTP side of things? What protections do I have when I use FTP? How is that protection any different than what's in place for my WordPress dashboard?
So is it safe to assume that WP Engine is going to do the same thing? Does this mean the dashboard is going to become defunct? I downloaded FileZilla and am trusting I'm safe using their software. But now I'm feeling very concerned about this entire experience, because I'm not seeing how anything can fairly be considered safe. The logic just isn't connecting for me.
I trust StudioPress and Synthesis. I'm not a coder or an expert, so I completely believe they did this for good reason. But with no emailed warning/caution/explanation??? That really concerns me.April 8, 2013 at 3:55 pm #34129
No it's not new, but Sucuri are looking at it from a security point of view.
Like they say if the editor is active and someone gets into your site... they can change any file they like!
Full security article is here...
http://blog.sucuri.net/2012/08/wordpress-security-cutting-through-the-bs.htmlApril 8, 2013 at 3:57 pm #34131
Also, if this such a serious (and sudden) concern, does this mean my blog posts aren't safe? And that I should not blog via the WordPress dashboard anymore? This has now caused me to question the entirety of WordPress.
The only thing I'm questioning about StudioPress and Synthesis is how they handled this sudden shut-off. Nothing more.
The topic ‘The EDIT link in my WordPress Dashboard is missing’ is closed to new replies.