• ilektronx

    (@ilektronx)


    Everything is fine until you figure out that the plugin is running amok. It is as bad as ransomware because if you do have an issue with the firewall blocking something it shouldn’t be, the only choice you have is to pay for a subscription. Guess what? you can’t even submit a support ticket without paying them. Even if you deactivate the plugin, it still continues to cause problems. Terrible, terrible, terrible.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author yorman

    (@yorman)

    Everything is fine until you figure out that the plugin is running amok.

    What exactly do you mean by “amok”?

    It is as bad as ransomware […]

    That’s a very bad comparison.

    I encourage you to read about what “ransomware” really is from this WikiPedia article [1]. I am sure you will learn a lot from it; after that, I am sure that you will understand the difference between a real “ransomware” and a security plugin that simply reports unusual activity in your website. The plugin doesn’t do any encryption nor any significant change in your project files, so calling it “ransomware” is very misleading for other users.

    if you do have an issue with the firewall blocking something it shouldn’t be, the only choice you have is to pay for a subscription. Guess what? you can’t even submit a support ticket without paying them

    If you are talking about the Sucuri Firewall, it means that you already paid for the service, which means that submitting a support ticket will cost absolute nothing, $0.00, nada!

    Just to clarify, the Sucuri Firewall and the Sucuri WordPress plugin are two completely different services. If you are seeing warnings about malicious code being served by your website to the Internet, this is because external scanners (there are many in the market) found the malware and flagged your website as compromised, the Sucuri WordPress plugin is simply showing you the warnings so you can fix them. The Sucuri Firewall has nothing to do with this, if you had the firewall in the first place, you wouldn’t even see the warnings because we are cleaning and filtering the malicious code.

    I encourage you to read more about how the Sucuri Firewall works from here [2].

    Even if you deactivate the plugin, it still continues to cause problems

    This doesn’t even makes sense. If you deleted the plugin from your website, how can it cause problems if the code that powers the plugin is not running anymore? Maybe you if explain what problems you are experiencing I could help you.

    [1] https://en.wikipedia.org/wiki/Ransomware
    [2] https://sucuri.net/website-firewall/

    ilektronx

    (@ilektronx)

    Consider this from a user perspective. User inherits admin position of website. User receives message that sucuri firewall is erroneously blocking a valid resource. User checks to see where sucuri warning message is coming from. User determines that the only sucuri product in use is the through the plugin installed previous to user taking over website. User clicks on ‘open a support ticket’ link in error message. User gets blocked by login, which user doesn’t have. In order to submit a ticket, user must buy a subscription.

    Yes, I know now that the plugin and firewall are completely different services, and that the plugin may have absolutely no connection to the firewall. Perhaps you should consider how the plugin displays information if no API key is connected to the plugin. Clicking on the firewall tab just takes you to the pay wall. For all intents and purposes, the only way for me to figure out that my host must be running a separate sucuri firewall, unconnected to the sucuri plugin, is through a snotty plugin developer. Forgive me if I don’t trust plugins to actually deactivate themselves or remove themselves completely through WP’s plugin interface. From the user perspective, every attempt that I made to correct the situation, change a setting, or otherwise correct the situation I ended up at a paywall. That link to the firewall description does nothing to inform a user that the plugin without an API connected is not actually performing any firewall actions. For all I could figure out, the free version of the plugin must have a basic firewall that if you wanted to white list something, would need to pay for a subscription in order to connect the api to control.

    From my perspective, in order to fix my site, I needed to pay. That is called ransomware. Maybe Sucuri should figure out how not to be mistaken for ransomware. A simple ‘If you are receiving this message contact your host’ or something notifying that somewhere in my stack someone was already paying for the firewall. I wasn’t making a comparison, I was making an allegation based on my observation. I rescind my accusation of it being ransomware, but based on my experience and your response have no reason to adjust my evaluation and rating. Your response to my support ticket was much more professional and less condescending.

    Plugin Author yorman

    (@yorman)

    Consider this from a user perspective. User inherits admin position of website

    This is what started the whole problem.

    When you inherited the “admin” position of this website you should have received all the information related to the infrastructure of that project, including all the services that are being used (which in this case includes the Sucuri Firewall).

    When you say “User determines […] this and that” you are saying that after having made assumptions about the project and associated services because there was a lack of proper training before the “admin” position was inherited. Otherwise, you wouldn’t have assumed anything.

    For all intents and purposes, the only way for me to figure out that my host must be running a separate sucuri firewall, unconnected to the sucuri plugin, is through a snotty plugin developer.

    I apologize for my attitude.

    Receiving a bad review before requesting support is something that I take in a bad way. After spending a couple of minutes in the forums associated to the plugin [1] you will notice that I am the only one answering questions.

    Again, I apologize and will take your feedback to my upper managers so they can improve the user experience in the interfaces, specially the ones associated with the Sucuri Firewall. I will try to do my best explaining the functionality in the plugin, but I am not a native English speaker so this may not be possible until I can get help from one of my co-workers.

    That link to the firewall description does nothing to inform a user that the plugin without an API connected is not actually performing any firewall actions. For all I could figure out, the free version of the plugin must have a basic firewall that if you wanted to white list something, would need to pay for a subscription in order to connect the api to control.

    Fair enough. I will fix the information in that page.

    From my perspective, in order to fix my site, I needed to pay. Maybe Sucuri should figure out how not to be mistaken for ransomware. A simple ‘If you are receiving this message contact your host’ or something notifying that somewhere in my stack someone was already paying for the firewall.

    I get your point about “ransomware”.

    I will ask one of my co-workers who speaks native English to fix the wording of these pages.

    Your response to my support ticket was much more professional and less condescending

    I apologize once again and hope you can find a solution to the problem that you are facing. Since you are managing a website that is being protected by the Sucuri Firewall, but are new to the security interface, I suggest you to contact one of my co-workers in chat [2] (at the bottom of the page) they will be happy to help you getting that PHP file whitelisted to get rid of that error. You can also send an email to info@sucuri.net if you prefer to have a copy of the conversation.

    [1] https://wordpress.org/support/plugin/sucuri-scanner/
    [2] https://sucuri.net/

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this review.