April 8, 2013 at 1:05 pm #34056April 8, 2013 at 2:22 pm #34087
Since you are the second user who uses Synthesis who has asked this question today, I posed the question elsewhere, and the answer was:
if they are hosted on Synthesis, they have turned it offApril 8, 2013 at 2:36 pm #34093
They turned what off? The edit link?
Who turned it off and why? And how do I fix this?April 8, 2013 at 2:52 pm #34096
Here's the other thread with the same issue:April 8, 2013 at 2:57 pm #34101
I've put in a ticket to them as well. I think Synthesis must have deactivated something?April 8, 2013 at 2:59 pm #34102
StudioPress support sent me this link:
I told them this makes no sense. Sure, I can do my editing via FTP, but that's what the WordPress dashboard is for. All I did was update a plugin. Is that what caused this problem?
They said Synthesis turned off the edit link and then told me to read the article. They didn't offer any additional help. So I'm expected to know what this means? Why on earth would they turn off the edit link?
How do I fix this???April 8, 2013 at 3:07 pm #34104
@CeeKing - thanks for the clarification that it was Synthesis who turned off the edit link.April 8, 2013 at 3:11 pm #34107
Do you recall what your steps were up to the missing edit link? It seems this may have nothing to do with the plugin update I did this morning.
As a new StudioPress and Synthesis, this makes me uncomfortable, but I'm sure there's a way they can fix this.
🙂April 8, 2013 at 3:13 pm #34110
@CeeKing, no I don't. I hadn't logged in in 2-3 days. I think the last thing I had done was in the css editor.
I followed the link and while I understand ftp, it sure is nice to be able to do it within wordpress..and if I do break something, I know how to go back and fix it. It's like 10 more steps to do it via ftp!April 8, 2013 at 3:20 pm #34115
FTP isn't an option for me. It's important knowing how to use it, but there's no way I'm changing font colors and doing simple things via FTP.
Something happened, and it's not our fault. But I did tons of research before joining Synthesis and trust they'll get this figured out. I'm just kind of bummed with the timing.April 8, 2013 at 3:28 pm #34118
The top security people Sucuri advise that the dashboard editor should be disabled.
If someone gets into your dashboard they can do what they like if the editor is live.
They can easily lock you out.
Without the editor they have to crack your FTP info.
Rather anoying that the Synthesis folk didn't warn you before turning it off though!April 8, 2013 at 3:42 pm #34122
From the Sucuri website:
Disable Editing in WP-ADMIN
I am also a big fan of this, too often we’re seeing wp-admin credentials compromised and by allowing someone to edit within your admin panel you give the attack full access to all your files. The easiest way to avoid this is to disable the editor via your wp-config file:
#Disable Plugin / Theme Editor
Define(‘DISALLOW_FILE_EDIT’,true);April 8, 2013 at 3:50 pm #34126
This is what StudioPress support just told me:
Due to large numbers of users crashing their sites by editing PHP from within WordPRess (a PHP application itself) we've removed the WP editor system wide. You can use FTP and a text editor to achieve the same in a much safer fashion. We also highly encourage backing up or making a copy of any files that you edit so that you can easily undo them should issues occur.
Did Sucuri just make this announcement? Or has this been a known problem for years and Synthesis is just now making this decision? I'm really upset and very confused. I am brand new to this company and am extremely disappointed that they didn't send out a warning to their customers. I find that to be incredibly insulting.
Could someone please clarify this . . .
If Synthesis is using top-grade security measures (one of their biggie marketing tools), how is my dashboard any more vulnerable than my Synthesis account or my FTP access, which uses sign-in information that can be found in my Synthesis account? Doesn't this make FTP clients a huge target for hackers, now?
Aren't they just shuffling off the problem to someone else, since they don't own/operate the FTP side of things? What protections do I have when I use FTP? How is that protection any different than what's in place for my WordPress dashboard?
So is it safe to assume that WP Engine is going to do the same thing? Does this mean the dashboard is going to become defunct? I downloaded FileZilla and am trusting I'm safe using their software. But now I'm feeling very concerned about this entire experience, because I'm not seeing how anything can fairly be considered safe. The logic just isn't connecting for me.
I trust StudioPress and Synthesis. I'm not a coder or an expert, so I completely believe they did this for good reason. But with no emailed warning/caution/explanation??? That really concerns me.April 8, 2013 at 3:55 pm #34129
No it's not new, but Sucuri are looking at it from a security point of view.
Like they say if the editor is active and someone gets into your site... they can change any file they like!
Full security article is here...
http://blog.sucuri.net/2012/08/wordpress-security-cutting-through-the-bs.htmlApril 8, 2013 at 3:57 pm #34131
Also, if this such a serious (and sudden) concern, does this mean my blog posts aren't safe? And that I should not blog via the WordPress dashboard anymore? This has now caused me to question the entirety of WordPress.
The only thing I'm questioning about StudioPress and Synthesis is how they handled this sudden shut-off. Nothing more.April 8, 2013 at 3:58 pm #34132
"I downloaded FileZilla and am trusting I’m safe using their software."
Filezilla comes with a couple of secure protocols... not just plainFTP, which is far from secure.
Check which secure Filezilla protocols the Synthesis people allow.April 8, 2013 at 4:03 pm #34134
The only thing I’m questioning about StudioPress
As far as I am aware, it's not something that is StudioPress related per se; they haven't disabled that edit option (otherwise, I'm sure there would be more people with questions) - so at this point, it looks like a Synthesis decision.April 8, 2013 at 4:18 pm #34137
You're right, Susan. They say "we," but I think they really mean Synthesis. I'm just getting a repeated response from StudioPress support:
We have rolled out a change that turns the WordPress code editor off.
The reason for this is that, we have experienced large numbers of users crashing their sites by editing PHP from within WordPRess (a PHP application itself) we've removed the WP editor system wide.
You can use FTP and a text editor to achieve the same in a much safer fashion.
We also highly encourage backing up or making a copy of any files that you edit so that you can easily undo them should issues occur.
They are only indirectly referencing hackers/security and instead are focused on their customers as the cause of any problems. Yesterday I pasted some code from the Code Snippet page into the functions file, and my entire website shut down. I sent a support ticket. And now I'm being told that actions like what I did yesterday are the reason they're doing this. They said nothing about hacker vulnerability. They say this was a system-wide change, but I'm feeling like only a handful of customers have been hand-slapped and have had their WordPress edit features removed.
Now I need to examine the FileZiller software I download and somehow figure out how to evaluate it in terms of security protocols??? This is why I chose Synthesis. But now a third-party software program is involved, and I have no way of knowing if it's going to lead to more problems. And what's their support like? So let me guess: This is where people start chiming in about GREAT programs that have high-grade security in place, but are expensive to buy, right?
I'm totally baffled.April 8, 2013 at 4:44 pm #34141
If the reason is because people are crashing their sites by editing that's silly...it's just as easy to make the same edits and crash your site via ftp?April 8, 2013 at 5:02 pm #34144
It's even easier to screw up when using FTP.
You can inadvertently make edits directly in the parent files, thinking you're in the child files. Also, even though the sFTP access through Synthesis is secure, hence the s, there are still vulnerabilities.
CyberDuck, a free FTP client, was just recommended to me by StudioPress support and WP Engine. This is what they use. So I'm going to download that and join the ducks.
- The topic ‘The EDIT link in my WordPress Dashboard is missing’ is closed to new replies.