Support » Fixing WordPress » Anyone know of a trick to determine whether or not a plugin is…

  • Resolved triplemoons

    (@triplemoons)


    [ Moderator note: moved to Fixing WordPress. Please do not use Developing With WordPress for these topics. ]

    Anyone know of a trick to determine whether or not a plugin is using an external source in some way instead of being 100% native?

    —–

    Backstory…

    I bought a plugin in September of 2014 and it’s never worked. I keep running the updates hoping that magically it will work, but nearly 3 years after purchase (and several improvement suggestions I made implemented by the developer) it still doesn’t. While many things were resolved over time in updates with this plugin, when 3.0 was released, the settings stopped being able to be saved. You configure something, hit Save Options and everything clears out and you’re back where you started.

    We’ve went so far as to create a fresh install with nothing but Woo and this plugin, but the behavior persists.

    With the release of 3.4.8, a blank pop up box appeared after update and I viewed the source and took note it’s trying to display information from a foreign IP (germany, possibly). We completely block traffic from outside north america which of course means anything foreign a plugin attempts to display or import or run is blocked. We asked the developer if it was possible that the settings configurations are controlled by an external source in some way and this is why this plugin has never worked properly for us. We couldn’t get a simple yes or no answer from them…Instead we were told to give them more money (for a plugin that we’ve never been able to use, mind you) or stop wasting their time with my question. Basically they wanted us to pay them $40 to answer a yes or no question on top of what we already paid for the dud plugin.

    They also kept demanding to access to our systems. That’s a huge security and legal issue they just can’t seem to understand. Being they are not in the US, their is no legal accountability. We offered videos of the behavior to show we weren’t nuts, but they refused.

    I also posted to their community support forums in hopes someone else noticed this and could confirm/deny my suspicions…but it was deleted instead of answered there as well.

Viewing 9 replies - 1 through 9 (of 9 total)
  • What’s the plugin?

    I don’t know if I should disclose that at this point to be honest. I don’t want to cause further drama, the developer is a bit volatile. One of his emails to me was “please request a refund. I will accept it, so you are not annoying us anymore with your comments. We will ignore all of your incoming messages and anywhere, so do us and you a favorite and look for another solution.”

    Unfortunately this is the only plugin that does what I need, so it’s not like I can go anywhere else unless I want to invest in building it out myself…and he knows it.

    Well there’s no trick. Plugins can do all almost anything, and if they want to load resources from an external source, or store settings externally, they can do that. It’s hard to say any more without access to the site or plugin or without the developer providing support.

    If it is doing that, it sounds like you’re not willing to open up the restrictions you have on that traffic anyway, so knowing if it’s external wouldn’t help much. You’re probably better off finding another plugin or paying someone to build something similar.

    I’m aware plugins can do anything. I just need to know if this one is doing something externally. It does help because then we’ll know what the problem is and we can modify server configurations to accept traffic just from him.

    I offered him a clean, separate install with just Woo & his plugin installed so he can see what it’s doing (I absolutely can’t give him access to our network) and he said to me “We are not going to answer any questions anymore, even if you extend support and give us the needed login credentials.”

    • This reply was modified 2 years, 7 months ago by triplemoons.

    Well unfortunately there’s not enough information in this thread for anyone to help, and it’s generally not possible to support commercial plugins here anyway. Forum volunteers are not given access to commercial products, so they would not know why your commercial theme or plugin is not working properly. This is one other reason why volunteers forward you to the commercial product’s vendors. The vendors are responsible for supporting their commercial product.

    You should consider hiring someone so that you can give them direct access to the site for a far more efficient fix than we can provide here.

    Please try https://jobs.wordpress.net/ or https://jetpack.pro/ and do not accept any hire offers posted to these forums.

    • This reply was modified 2 years, 7 months ago by Jacob Peattie.

    I don’t need to hire anyone. I have a MIS Director on staff who is very busy with client items and has not had the time to rip apart this plugin. We shouldn’t have to do that ourselves either.

    All I came here for is to see if anyone knew of a trick or plugin or script that could be run to determine whether or not a plugin is using an external source.

    Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    Read the plugin’s source — you have full access to it. Your IT folks can also look at outbound traffic from your web server.

    Many plugins and themes “call home” to do various things such as update checks and purchase validation checks. WordPress itself does so as well. Others will create IFrames to their home site to display certain information. Your blocking all traffic outside North America (which seems like a nuclear option to me) could easily inhibit these operations.

    Since there are numerous ways for a plugin/theme to accessw external content, it’s unlikely the simple solution you desire exists. I suppose you could use grep to search for things like curl_init, stream_context_create, and <iframe, but even things as trivial as loading external CSS and javascript would be affected by your blocking.

    As a plugin author, I routinely ask for access to sites if there is no other way to debug a customer issue with a paid plugin. If a customer refuses, I politely tell them that since I cannot debug the issue, there is nothing more I can do to assist. And depending on the plugin, I might offer a refund.

    However, if my plugin accessed external content and a customer inquires about it, I would always tell the customer that the plugin requires access to external content. I would also be willing to provide a list of IP addresses that should be whitelisted in the customer’s network firewall.

    I got on my hands & knees today to beg our MIS Director to take a look at the plugin over lunch and you’re going to DIIIIIIIIIE when you hear what the problem has been this whole time…

    The submit button to save the settings is being stripped out because it doesn’t have a value assigned to it. You add any value to the button using developer tools, it saves perfectly fine.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Anyone know of a trick to determine whether or not a plugin is…’ is closed to new replies.