Support » Plugin: Simple Social Icons » ModSecurity and dissapearing icons after latest update

  • Resolved Lindsay Heydon

    (@lindsay-heydon)


    Follow up to: OK, one thing that I’ve noticed since the update… ModSecurity was firing and blocking my IP to sites that I’ve applied this latest update. If I switch off ModSecurity, then after clearing the cache all is fine and my icons display perfectly. Obviously though this is not really a solution as we would all rather have ModSecurity on (as it was before update and worked fine).

    Sites that don’t have this particular plugin appear fine and do not lock me out, all that do have Simple Social Icons installed and I’ve updated I get locked out. To test this further I disabled Simple Social Icons on a site I was having issues with and I don’t get locked out. If I re-eneable Simple Social Icons and switch ModSecurity off I can see the icons after clearing the cache. If I switch ModSecurity back on again and clear the cache two things happen, I just get a ‘box’ instead of an icon and I keep getting locked out by ModSecurity.

    I’ve checked with my webhosting co and they can’t supply me with any further info? Could I safely go back to an earlier version of Simply Social Icons?

    https://wordpress.org/plugins/simple-social-icons/

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Contributor Nick Cernis

    (@modernnerd)

    Thanks for this info, Lindsay.

    Who do you host with? Are they able to supply the mod_security rules and mod_security logs for your site? It sounds like one of their security rules could be catching the new Simple Social Icons font and blocking access to it by mistake. Happy to investigate further if you’re able to get any more info from them.

    Until we’re able to solve this together you’re welcome to use version 1.0.9 of the plugin, which you can grab here: https://downloads.wordpress.org/plugin/simple-social-icons.1.0.9.zip

    Thanks for all your help with this. I’ve gone back and reverted to the earlier version 1.0.9 on all sites I’d already updated. But have a ‘test’ site (under development) that we can ‘play’ with.

    These are the logs from my hosting company… (the key person there helped in the end) do they help you?

    Request: GET /wp-content/plugins/simple-social-icons/font/ssi-icomoon.ttf?-texv9a
    Action Description: Access denied with code 403 (phase 1).
    Justification: Pattern match “^(-(a|b|C|q|T|c|n|d|e|f|h|\\?|i|l|m|r|B|R|F|E|S|t|s|v|w|z)|–(interactive|bindpath|no-chdir|no-header|timing|php-ini|no-php-ini|define|profile-info|file|help|usage|info|syntax-check|modules|run|process-begin|process-code|process-file|process-end|server …” at QUERY_STRING.

    Plugin Contributor Nick Cernis

    (@modernnerd)

    You’re welcome, Lindsay, and thank you very much for persevering with your host – the info you’ve shared there helps a lot.

    I’ve made a tiny tweak to version 1.0.10 of the plugin that should work around the mod security rule. You can download a beta copy here and try it on your test site if you wish.

    If that solves things for you, I’ll submit this to be fixed in a future update of the plugin to help anyone else who happens to have the same mod_security rule.

    OK, installed and been testing on my site. All seems right with the world again. Many, many thanks for your help, I hope it helps somebody else too and it wasn’t all just for me! 🙂

    Great support, thanks again. Lins

    Plugin Contributor Nick Cernis

    (@modernnerd)

    Thanks for testing and reporting the results, Lindsay – appreciate it!

    No problem at all.

    Plugin Contributor Nick Cernis

    (@modernnerd)

    @lindsay Just to mention that the most recent update (1.0.11) does not yet include the ModSecurity fix from the sample above. It’s probably best in your case to stay with the custom version above for now until the fix is included in a future update.

    Will do, thanks for letting me know.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘ModSecurity and dissapearing icons after latest update’ is closed to new replies.