• Saurabh

    (@wpsaurabh)


    Update[13.03.2024] – The issues that I have raised seems to to work now. I never had the intention to let down the work spent on creating such helpful plugin.

    Clarify my doubt which I tested. Lets say at 12.00 PM a user IP is blocked for 1 day. After 12 hours later, when I as a user refresh the page , the page still says Restrictions lifted – 23 hours from now. There is no timer countdown to show the actual time left and the 24 hour ban will continue again if user refresh the page after 12 hours ? The Access Restricted page must show the real time left for restriction. Can you clarify this ?

    Tried to test the offenses to check what happens after it hits the limit. For this I tried to spam the comment more than 10 times to trigger the cool down period. Offense limit was default 10 which I didn’t change, I hit this limit , got redirected to Shield page saying IP restricted which is good. The IP block is set 24 hours. Now help me understand, why after certain seconds, the IP which was blocked is able to access the website again. I was able to spam comments again got same IP restriction page, and now my offenses is 12. In a normal scenario if IP is banned for 24 hours, the same IP restrict message must be shown for total ban time and offense counter should not exceed the set threshold which is 10 in this case, not sure why after certain seconds I was able to access the page and spam again. If this is how your plugin works, I am afraid it has loopholes and bots can spam again and again as the IP ban does not work at all.

    Too bad there is no way to write a direct message as only pro users support is available which limits such reporting with screenshots.

    • This topic was modified 6 months, 4 weeks ago by Saurabh.
Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Paul

    (@paultgoodchild)

    To anyone reading this review, this is not a “review”. This is a malicious attempt to denegrate our security plugin by somebody who has no intention of making the world of WordPress a better place.

    They take a plugin that is 100% free, try to “test” it, encounter what they think is a bug and immedately leave a 1-star review.

    They then then state, disingenuously, that “Too bad there is no way to write a direct message as only pro users support is available which limits such reporting with screenshots” – this reveals their underlying malicious intent to do nothing other than leave a negative review (otherwise they’d have left a post in the forums).

    Anyone that looks at the wordpress.org support forum for our plugin will immediately see that we answer nearly all support questions that are posted there – especially those that report bugs, as this review purports to be doing. So to say that you can’t leave us a message about a “bug” is a plain falsehood.

    I wish that these sorts of people would try plugins on the repository, and if they don’t appear to work as they expect, leave a question in the forums, or just remove the plugin and move on. Instead they feel justified, somehow, to instantly resort to a 1-star review. This behaviour speaks far more to their character than of our plugin and the hard work that our team does to provide a powerful security plugin for free.

    We welcome anyone to try Shield Security and if you spot a bug, please leave us a post in the forums, we’re always on-hand to help out.

    Thread Starter Saurabh

    (@wpsaurabh)

    Seriously, this is how you take feedback? You advertise yourself as security plugin and the most basic feature of your plugin which is to block spam comments and temporary block the IP address for violations does not work and you blame me for that ? If you confirm it is a bug, I wonder why other users who are using your plugin have not reported this major bug till yet and how long this bug has been present.

    If you are providing a plugin for free, you have decided to do that nobody forced you to make it free. I never mentioned anywhere that plugin does not work at all, if I had your argument that “this is not a “review”. This is a malicious attempt to denegrate our security plugin by somebody who has no intention of making the world of WordPress a better place.” could have understood. Of course, I will test the plugin features before buying it if there are bugs your website should have dedicated option to report bugs . But no, the option is for pro users only. And if I have just malicious intention as you say, why would I go through all the hurdles and find the major issue. I would have wrote anything and just given 1 star.

    So according to your logic if anyone give 5 stars to your plugin they are genuine reviews, if they give 1 star they have malicious intent? Is there any logic here? Just accept there are major issues in your plugin, fix it I would happily give you 5 stars and even buy the pro version, but no you have to label users saying they are fake. Do you think I have no other work then rating 1 star for your precious plugin? I have reported a major bug this I wont find answer to this in your forums. Share me any link, I will provide you with proof with video and screenshot of what I wrote about.

    For all the users seeing this review, just test it yourself and check. You will see it yourself if my review is fake or not. Such a pathetic way to blame users who genuinely want to point out issues.

    Plugin Author Paul

    (@paultgoodchild)

    If you wanted to report a bug, you’d report a bug first. If you wanted to publicly denigrate a perfectly good product you’d leave a 1 star review before engaging with the developer.

    We also don’t fix or address bug reports with the threat/reward of 1/5-star reviews.

    Best of luck with finding a solution out there that meets your needs, sorry that Shield isn’t it.

    Plugin Support Jelena

    (@jmisic)

    Hi,

    Firstly, many thanks for upgrading your review. Much appreciated.

    Here is a small clarification on the auto block expiration timeout you may find helpful:

    If the blocked IP accesses your site within 24hrs period of time, we update the last access time and the 24hrs counter resets and starts again from zero. If they come back and try to access the site again, they’ll get blocked. Again. This ensures that a given visitor stays blocked.

    They must wait 24hrs before trying to access the site again. Once an IP address entry has expired and that IP hasn’t attempted to access the site again within the 24hrs timeout period, the daily WordPress Cron will clean it out from the table and IP will be unblocked.

    We suggest decreasing the timeout to 1hour while you are testing.

    The reason it probably didn’t work before was because of the “High Reputation Bypass” setting (detailed here) that prevents high reputation IPs from being blocked. So, this option prevents your legit site visitors with a high Reputation Scores from being blocked.

    Imagine it this way: Shield will monitor everything your IP does, and it’ll mark offenses against it. Once the IP has accumulated enough offenses and it’s about to block your IP address, it’ll lookup your Bot Reputation Score and if it’s high enough, you wont be blocked.

    If you’ve got any thoughts or questions, feel free to leave a WordPress forum topic for us. It’s a much easier to all of us to chat and sort things out there than in the review section.

    We also highly appreciate any bug reports. If you spot it, please share it on forum or reach out to us directly any time and we’d be happy to work on it with you.

    Regards and thanks for using Shield. 🙂

    Jelena

    Thread Starter Saurabh

    (@wpsaurabh)

    If the blocked IP accesses your site within 24hrs period of time, we update the last access time and the 24hrs counter resets and starts again from zero. If they come back and try to access the site again, they’ll get blocked. Again. This ensures that a given visitor stays blocked

    Thank you clarification. Understand the logic used here. But assume there is a visitor who got banned for 1 hour. The banned visitor accidentally checks the site after 30- 45 minutes, the counter will reset and now banned visiter has to wait long. While from security aspect it seems good but visitor point of view this will be horrible experience. Can I edit the restriction page message for my users to anything I want to ? If so, possible on free version or do I need to upgrade?

    Plugin Author Paul

    (@paultgoodchild)

    Over the longer term this will become less of an issue. As you use Shield more, you’ll monitor the Activity Log and see why IP addresses are being blocked – particularly if visitors report this to you. You can see what exactly is being triggered in the plugin and tweak/adjust the Shield settings to reduce the likelihood of this happening. The Activity Log will show you everything you need to know about why a visitor is blocked. We’ve made the Log very comprehensive to ensure admins have all the information they need.

    If you upgrade, for example, you’ll be able to offer legitimate visitors & users the ability to automatically unblock themselves. We cannot discuss ShieldPRO or upgrading options on the wp.org forums, however. If you want to reach out to us to discuss that further and get more information, a good place to start would be our Facebook group.

    Thread Starter Saurabh

    (@wpsaurabh)

    Thank you will do that. One issue I have noticed that restricted page totally fails to work and i can access the website content and pages easily when litespeed cache is enabled. As soon as I deactivate the plugin the restrictied page works. It would be useful if you could tell me a way to display the user restriction page when violation occurs even when litespeed cache plugin is enabled.

    Plugin Author Paul

    (@paultgoodchild)

    Page caching caches output of content from the site. If you cache the output of content from the site, then it doesn’t matter what other plugins, like Shield, do. The content is cached, so you get the cached output. This is the problem with page caching, not Shield. Shield uses directives to prevent pages being cached… some caching systems honour it, some don’t.

    Thread Starter Saurabh

    (@wpsaurabh)

    Understood, the issue here is when lite-speed cache plugin is enabled, checking with different browser, it loads the website and I am able to move around pages too for awhile. I had same issue with another security plugin they added some code ,and now works well with lite-speed plugin ( no changes done in lite-speed plugin). Is it possible foe Shield too? Would appreciate if it can be done. I have cache requirement which cannot disable.

    Plugin Author Paul

    (@paultgoodchild)

    I’d need to know the plugin and what changes were made.

    Also, we primarily provide technical support to our premium members, so while you can provide these details of the changes, we make no committments to if/when any changes will be made.

    This is our final response to this review post – please post any further technical questions to the wp.org forums and we’ll address questions there.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Ban IP does seems to work now’ is closed to new replies.