Support » Plugin: All In One WP Security & Firewall » Contact form 7 doesn’t work with the feature “Users enumeration”

  • Dear AIOWS&F support team!

    The feature “Users enumeration” (under the tab Miscellaneous) stops the functionality of sending emails through contact form made with Contact form 7 plugin.
    The Contact form 7 plugin starts working again, after I disable the “User enumeration” feature. Could you please check the issue?

    I would like to keep the feature enabled since it’s very useful for hiding /wp-json/wp/v2/users user and admin data. At the same time I would like to continue using Contact form 7 plugin.

    I would like to ask you to let me know if you are planning to implement a fix for this problem soon.

    Thank you for your answer.
    Regards, MP

Viewing 12 replies - 1 through 12 (of 12 total)
  • MPthewho,

    I can confirm you are correct about the problem “Users enumeration” (under the tab Miscellaneous) stops the functionality of sending emails through contact form made with Contact form 7 plugin. If you disable the user enumeration feature the contact form works again.

    I have replicated the problem on three websites. The problem occured after an AIOWPS update two days ago (update 4.3.4)

    Hope a fix is soon forthcoming.

    Regards
    Matt

    Plugin Author wpsolutions

    (@wpsolutions)

    Ok thanks for the feedback.
    I will do some investigations and see what’s going on.

    wpsolutions,

    I found the code that is the problem.
    ——————
    /*
    * Re-wrote code which checks for REST API requests
    * Below uses the “rest_api_init” action hook to check for REST requests.
    * The code will block unauthorized requests whilst allowing genuine requests.
    * (Peter Petreski)
    */
    add_action( ‘rest_api_init’, ‘check_rest_api_requests’, 10, 1);
    function check_rest_api_requests($rest_server_object){
    $rest_user = wp_get_current_user();
    if(empty($rest_user->ID)){
    wp_die(‘You are not authorized to perform this action’);
    }
    }
    ——————–

    The code lives in the wp-security-stop-users-enumeration.php file.

    If I remove the code and enable user enumeration, the contactform 7 works again.

    Hope this helps.

    Regards

    Matt

    Yes, last updates have problems by using active e-numeration option with other plugins too. From this topic I have answer , how to resolved same REST API requests problems with ‘WordPress popular posts’ plugim. How correctly activate e-numeration, I don’t know…

    Plugin Author wpsolutions

    (@wpsolutions)

    Currently the REST API blocking code will block all REST requests from non-logged in users.
    I am going to move the REST API blocking to its own setting. This way if people want to enable that feature they can do so independently of the enumeration setting.

    For now as a workaround you can leave the enumeration feature disabled if you are using contact form 7 or other plugins with registered REST routes.

    Glad I found this, all my sites not submitting CF7.

    How quick can a fix be made so I don’t have to do a lot of changes across many websites?

    Tested some sites using Caldera and they are running without issue, so I guess only a CF7 conflict?

    KEVIN

    • This reply was modified 1 year, 11 months ago by kairey1964.

    Disable REST API should have it’s own setting, but option to disable only authors should stay. Maybe target just the author endpoint, like so https://wordpress.stackexchange.com/a/254251/90495

    This issue is a week old. I feel like disabling the REST API for non-authenticated users is a big deal and am surprised at the response time to fix this issue. Surely Contact Form 7 isn’t the only plugin to rely on the REST API…

    Hi,

    I agree with @howdy_mcgee, I am shocked that this hasn’t been resolved yet.

    We have 150+ websites using AIO and going through all these to turn this setting off ( and then back on again once you’ve corrected it ) is time we don’t have to spend.

    Can you just rush out a patch for this problem asap please?

    • This reply was modified 1 year, 11 months ago by infosws.

    Same problem here.

    Unchecking “Disable Users Enumeration” in “Miscellaneous” => “Users Enumeration” makes CF7 work again.

    Dear @wpsolutions,

    When are you planning to fix the issue?
    Thank you for the information.

    Plugin Author wpsolutions

    (@wpsolutions)

    Hi,
    The last release contained the so-called fix.
    Basically the users enumeration feature and the disable REST API have their own separate settings.
    So if you are having issues with CF7, go to the Miscellaneous >> WP REST API tab and disable that feature.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Contact form 7 doesn’t work with the feature “Users enumeration”’ is closed to new replies.