MPthewho,
I can confirm you are correct about the problem “Users enumeration” (under the tab Miscellaneous) stops the functionality of sending emails through contact form made with Contact form 7 plugin. If you disable the user enumeration feature the contact form works again.
I have replicated the problem on three websites. The problem occured after an AIOWPS update two days ago (update 4.3.4)
Hope a fix is soon forthcoming.
Regards
Matt
Ok thanks for the feedback.
I will do some investigations and see what’s going on.
wpsolutions,
I found the code that is the problem.
——————
/*
* Re-wrote code which checks for REST API requests
* Below uses the “rest_api_init” action hook to check for REST requests.
* The code will block unauthorized requests whilst allowing genuine requests.
* (Peter Petreski)
*/
add_action( ‘rest_api_init’, ‘check_rest_api_requests’, 10, 1);
function check_rest_api_requests($rest_server_object){
$rest_user = wp_get_current_user();
if(empty($rest_user->ID)){
wp_die(‘You are not authorized to perform this action’);
}
}
——————–
The code lives in the wp-security-stop-users-enumeration.php file.
If I remove the code and enable user enumeration, the contactform 7 works again.
Hope this helps.
Regards
Matt
Yes, last updates have problems by using active e-numeration option with other plugins too. From this topic I have answer , how to resolved same REST API requests problems with ‘WordPress popular posts’ plugim. How correctly activate e-numeration, I don’t know…
Currently the REST API blocking code will block all REST requests from non-logged in users.
I am going to move the REST API blocking to its own setting. This way if people want to enable that feature they can do so independently of the enumeration setting.
For now as a workaround you can leave the enumeration feature disabled if you are using contact form 7 or other plugins with registered REST routes.
Glad I found this, all my sites not submitting CF7.
How quick can a fix be made so I don’t have to do a lot of changes across many websites?
Tested some sites using Caldera and they are running without issue, so I guess only a CF7 conflict?
KEVIN
-
This reply was modified 1 year, 11 months ago by
kairey1964.
Disable REST API should have it’s own setting, but option to disable only authors should stay. Maybe target just the author endpoint, like so https://wordpress.stackexchange.com/a/254251/90495
This issue is a week old. I feel like disabling the REST API for non-authenticated users is a big deal and am surprised at the response time to fix this issue. Surely Contact Form 7 isn’t the only plugin to rely on the REST API…
Hi,
I agree with @howdy_mcgee, I am shocked that this hasn’t been resolved yet.
We have 150+ websites using AIO and going through all these to turn this setting off ( and then back on again once you’ve corrected it ) is time we don’t have to spend.
Can you just rush out a patch for this problem asap please?
-
This reply was modified 1 year, 11 months ago by
infosws.
Same problem here.
Unchecking “Disable Users Enumeration” in “Miscellaneous” => “Users Enumeration” makes CF7 work again.
Dear @wpsolutions,
When are you planning to fix the issue?
Thank you for the information.
Hi,
The last release contained the so-called fix.
Basically the users enumeration feature and the disable REST API have their own separate settings.
So if you are having issues with CF7, go to the Miscellaneous >> WP REST API tab and disable that feature.
