Support » Plugin: BulletProof Security » Annoying Forced JTC Lite

  • Resolved pattaya_web

    (@pattaya_web)


    Up until your most recent update I would have put BPS on the list of must have plugins. However, your forced use of JTC Lite now see’s me about to remove BPS. I run a secure website, I don’t need or want vendors telling what I should have running on my site. Is this some sort of tracker? Is it malware? I don’t know because YOU guys forced installed it. I couldn’t care if it is the best thing since sliced bread, but when I see stuff popping up on my login pages that I didn’t install and which take days and days to work out what it is I am pissed.

    How do I get rid of this ANNOYING and CONFUSING box on my sign in page that says ‘Hover or click text box below’?

    After days of cutting in to my 18 hour day already schedules I managed to find where this annoying and unwanted intrusion comes from and have disabled it for all forms, but this annoying and confusing text box still appears.

    This forced install and inability to kill SOMETHING I DON’T WANT on my website is totally unacceptable.

    The page I need help with: [log in to see the link]

Viewing 7 replies - 16 through 22 (of 22 total)
  • Plugin Author AITpro

    (@aitpro)

    Additional reference: https://security.stackexchange.com/questions/49461/should-login-pages-be-cacheable

    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.

    One of my favorite features is this hover captcha. I change the default to a site nickname and put it on every form. Brute force traffic almost gone, not overnight, but they are getting the hint. Better than any other plugin for this and so many other common and uncommon hacking efforts. I did turn on hover captcha for woocommerce checkout form to try it and couldn’t get it to go away by unchecking the box. For me, toggle on and off again with cache clear in between (site has 2 caching plugins running) worked to remove the box. Only css is supposed to be cached on my checkout page and that was enough to block the instant removal (the hover stopped working but the box remained). I don’t think it had anything to do with the toggle, suspect only the cache. Hope it helps you troubleshoot. I’ll go remove the css min on my checkout page now.

    Plugin Author AITpro

    (@aitpro)

    @astimegoesby – Cool glad you like smacking the Bots down. 🙂 What are you using to cache CSS on your checkout page? A caching plugin or something else? JTC-Lite loads inline CSS code so probably caching CSS code may be an issue/problem on the checkout page. Let me know what you are using to cache CSS (plugin or something else) and I will test things and see what is going on. Thanks.

    I like how instead of addressing Pattaya concerns you post a link. Your tone and the way you reply to customers makes you come off as arrogant and young. I also am pretty pissed that this feature automatically appeared across my sites. I will be removing BPS for this and will be installing wordfence security. What are you thinking BPS? Poor management decision. People don’t like their login pages being altered by your plugin without their consent. Common sense right? People run businesses with their websites. It is their source of income for some people. Think about these facts before making decisions.

    Plugin Author AITpro

    (@aitpro)

    @webmaster1234 – I’m sorry you feel that way. We did actually fully address Pattaya’s concerns and did a full assessment of why this problem occurred on his/her website. In Pattaya’s case the JTC-Lite problem was caused by a mistake on his/her custom login page.

    We addressed your concerns in your other forum posts:
    https://wordpress.org/support/topic/annoying-forced-jtc-lite/page/2/#post-9598777
    https://wordpress.org/support/topic/changed-my-login-without-my-consent/
    https://wordpress.org/support/topic/forced-implementation-of-jtc-lite-fail/#post-9598240
    https://wordpress.org/support/topic/jtc-lite-enabled-by-default-2-thumbs-down/page/2/#post-9598914

    Actually we spent 2 weeks trying to decide how to handle the new standard JTC-Lite feature inclusion. I now think we made a mistake for existing BPS plugin upgraders and that is we did not notify existing BPS plugin users via email about that this new standard BPS plugin feature would be automatically setup and turned on on BPS plugin upgrade. For new BPS plugin users this is not an issue because JTC-Lite is a standard BPS plugin feature and is automatically setup and turned on by default just like all other standard BPS plugin features.

    The decision has been made to release a new BPS plugin version that will notify existing BPS plugin users via email about the new standard BPS plugin JTC-Lite feature.

    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.

    I cannot believe AITpro did this. I have a small company that hosts around 30 websites and all of a sudden my customers were scared to login because of this login change. They asked me what was going on, and I had no clue whatsoever. Until I read this post.
    Why the hell would you enable this feature by default?

    I am now deleting the plugin from all my sites 🙁

    Plugin Author AITpro

    (@aitpro)

    @ikwilhet – As of BPS 2.8 we decided to no longer automatically setup and enable JTC-Lite by default for existing BPS users when they upgrade BPS (see changelog info below). The original reasons for enabling JTC-Lite by default are these: JTC-Lite is now a standard BPS plugin feature. JTC-Lite prevents user accounts from being repeatedly locked out by Bots Brute Force login attacking websites using harvested Administrator user accounts and other user accounts. The majority of folks prefer that all security features are automatically setup for them either via upgrade or Setup Wizard rerun so that they do not have to setup anything manually.

    https://forum.ait-pro.com/forums/topic/bps-changelog/

    New Feature Dismiss Notice: JTC-Lite: As of BPS 2.8 JTC-Lite is no longer automatically setup by default when upgrading BPS. A new feature Dismiss Notice is displayed instead with setup steps to enable/turn On JTC-Lite. For new BPS installations JTC-Lite is setup automatically by the BPS Setup Wizard.

    The general idea was to add an additional awesome new feature to the BPS free plugin version, which is a limited version of BPS Pro JTC Anti-Spam|Anti-Hacker, which has successfully been protecting 40,000+ websites worldwide for 6+ years now. So that is primarily why we enabled this awesome new feature by default – ie BPS Pro customers love JTC and love that everything is automatically setup for them without them having to figure anything out manually. 😉

    That’s kind of strange that people logging into your website would be scared to login. JTC-Lite is an advanced CAPTCHA, but it is still generally a CAPTCHA, which people have been seeing for decades now. Like I said BPS Pro is installed on over 40,000 websites worldwide and no one has ever said to us anything like “people were scared to login to their websites” in the last 6+ years.

    Anyway if someone does not want to use BPS JTC-Lite on their website they would just need to uncheck the Login Form checkbox option on the JTC-Lite page to disable/turn JTC-Lite Off. If someone is unable to turn off JTC-Lite like what happened on pattaya_web’s site then something else installed on the website (plugin, etc) is breaking the BPS plugin and the JTC-Lite feature. In that case the problem plugin or whatever else that is breaking BPS and JTC-Lite would need to fixed or someone would just not be able to use BPS on their website unless they fixed whatever is breaking the BPS plugin and JTC-Lite.

    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
    • This reply was modified 5 years, 1 month ago by AITpro.
Viewing 7 replies - 16 through 22 (of 22 total)
  • The topic ‘Annoying Forced JTC Lite’ is closed to new replies.