Quote from: BobRay at Feb 19, 2019, 08:59 PMThanks for posting that. I think it will help a lot of people.
I would only add that you should then rename your manager, connectors, and assets folders, and move the core directory above the web root as described here.
No problem! I've gotten so much help from the community over the years, I've felt bad that I haven't had time in a long while to hang out on the forums and try to give back like I used to.
About the renaming and other hardening methods, I've used them quite often and definitely support helping people with implementing them. They certainly work. I've made a few ARG sites that players were actively trying to hack in any way possible (it's kind of expected in some cases) and MODX has always held up perfectly! But I was writing this more for less experienced people who may not be comfortable even working directly with site files, and who are just wanting to quickly get a compromised site fixed as quickly and simply as possible, without having to redo the database or mess with anything else any more than they absolutely have to. (Although looking at it now, I probably should have stayed away from command line instructions and put a bit more detail about changing db values given that goal. I was a tech writer/editor in a past life, I'll blame sleep deprivation for my fuzzy audience targeting...)
That aside, I felt like my word count on that was already far past reasonable, adding in more complicated things would end up being, well, more appropriate for a blog post...
Quote from: BobRay at Feb 19, 2019, 08:59 PMDo you mind if I make this into a blog post (with credit to you), to make it easier to find?
I don't mind at all! I'm actually quite honored you'd ask. Feel free to add/edit/delete as much as you feel necessary. And by "feel free" I mean please do whatever you want/need to make my sleep-deprived ramblings more coherent, correct, and complete.
And maybe you can clarify what the disabled field in the modx_transport_packages is supposed to do? I guess at the very least you can clarify why it fixes the issue with UpgradeMODX. Either that, or I've given you a bug/feature to track down. ;-)
Speaking of blog posts, I've been meaning to contact you to request you put some type of "tip jar" on your site, like a PayPal link... like the one I just now found there, never mind. I usually end up on your site via direct searches. I have clicked around quite a bit, but never noticed the side link until now. (And actually misinterpreted it when I did as being three separate links...) My point was going to be that I end up on your site SO often when I'm searching for MODX help that I've started wanting to leave you tips when your posts help me out. My point now will instead be to advise you to decrease that line-height and add a graphic or something to make it stand out more. Although much more than that, put the link on your blog! I occasionally land on your MODX pages from searches, but I always read your blog posts and at least a couple times sat down and scrolled through start to finish. So many times I wished for a tip jar that was there all along... So yeah, make that more prominent so people like me know how to easily give you money!
BTW, you mentioned credit, and since I'm now poking more parts of your site, I just wanted to casually mention that I develop almost exclusively in MODX (unless practically forced at gunpoint) and have since way back before Revo was a thing, and have a dedicated server for hosting my clients. I think I could be considered a "MODX-Friendly Host." ;-) Although no pressure, I see how short that list is. Interesting thing, Glowhost is the company that maintains my server, good choice! (And god, don't get me started on EIG, they ruined my absolute favorite alternate hosting company. They were up there with Glowhost as far as reliability. I once worked with a consulting firm on a few sweepstakes for companies like Luzianne and Hostess that were hosted with them and they were getting multiple entries a SECOND, millions in total, lightning fast, no problems at all. I tried them once after EIG got them and they couldn't even keep a low-traffic, single-page site from going down multiple times a day, every single day from the very first day until I cancelled. When I first heard about EIG and learned about what they were doing, even before my own experience, I opened a support ticket with Glowhost specifically just to beg them not to sell out to them. Thankfully, they VERY firmly assured me I had nothing to worry about. I don't know what I'd do if they took Glowhost away, I've been with them well over a decade now and EIG has managed to snatch up and ruin every other host I've ever tried except Godaddy. (Suddenly thinking I should add "not owned by EIG" to my list of hosting benefits...))
Sorry. Massive sidetrack. Long days + little sleep = Coder rambling far, far off-topic.