Joris Le Blansch
Forum Replies Created
-
Maybe to further illustrate the issue, in 8.7.0, the behavior is as expected:

And in 8.8.2 the menu option is gone:

Anyone here experiencing this behavior also?
- This reply was modified 2 years, 2 months ago by Joris Le Blansch.
Forum: Plugins
In reply to: [Mollie Forms] Latest update breaks paymentsThese are just the files contained in /wp-content/plugins/mollie-forms so you should just replace them. Not sure if this will “install” through the GUI. Your best bet is replace the files via sFTP and make sure you don’t have auto-updates enabled on that plugin for the time being. That works for me for now until we get an official update from Wobbie.
Forum: Plugins
In reply to: [Mollie Forms] Latest update breaks paymentsYou can’t revert via WP directly without backup. I can send you a zip of my working version 2.6.3 (as opposed to the faulty 2.6.10 version). Not sure if links work on this forum, but here it is to download: https://cloud.apio.systems/index.php/s/eHJYSiDRHpY3WZn . You can overwrite your files with those and you should be back to the working version as a temporarily solution.
Forum: Plugins
In reply to: [Mollie Forms] Latest update breaks paymentsYes, I think this general. Just revert to your backup from before the update (i.e. last night in my case) and disable auto-updates on that plugin for the moment until we get a solution (and maybe all try help the developer in fixing it).
I notice the error is triggered from here mollie-forms/classes/Form.php
if ($recurring && $_POST['rfmp_checkbox_' . $postId] != 1) { throw new Exception(esc_html__('Please give authorization to collect from your account', 'mollie-forms')); }Beyond that I’m a bit at a loss to see exactly what triggered it. I thought of reCaptcha low score which is my case, but that’s not (really) it since downgrading works again. Let’s join forces to help to get to the bottom of this.
Hey, in fact, it was the 2nd option to choose even though the text is wrong. Selecting it brought me to the Matomo Tag Manager configuration all right so I managed to finish configuration there and now all works, thanks ! So maybe a little bug on your side to note to fix? Also, I noticed on both sites, that the self-hosted Matomo URL needs /js at the end for the Tag Manager integration to work (otherwise you get a 404). Just FYI and maybe to clarify in the GUI.
Kind regards,
Joris.
Thanks for your reply Jarno. On the site that works indeed it is. On the other one, I have this list of options:
Do you compile statistics of this website?- Yes, and Google Tag Manager fires this script
- Get detailed insights into visitors’ behaviour with Burst Statistics, the privacy-friendly analytics dashboard from Really Simple Plugins.
- Yes, with Google Analytics
- Yes, with Matomo
- Yes, with Clicky
- Yes, with Yandex
- Yes, with Clarity
- Yes, but not with any of the above services
- No
So it’s really “not there”…
Would be great indeed to prefill name and email with current logged in user. UP!
Many thanks for the very fast update. Tested it and this is perfect. This is now fully compliant on this level.
Thanks for the quick support,
Kind regards,
Joris.
Sorry forgot tags.
Forum: Plugins
In reply to: [Stop User Enumeration] User Found By: Author Posts – Author PatternThanks for the proposal, I have “solved” it with just an .htaccess 403 on the author pages which weren’t needed anyway. No time to debug the theme of the client neither so let’s call it “fixed”.
Forum: Plugins
In reply to: [Stop User Enumeration] User Found By: Author Posts – Author PatternOK fair enough, thanks for your clear and quick reply. I’ll get rid of that type of scan by other means.
Thanks.
Joris.
Forum: Plugins
In reply to: [CDN Enabler] CDN Exclusions: how to exclude wp-login.phpMakes sense. Thanks again both.
Forum: Plugins
In reply to: [CDN Enabler] CDN Exclusions: how to exclude wp-login.phpThanks both for your quick answer. @coreyk your solution seemed to me the most elegant. I’ve implemented it in my functions.php of the active theme but it has no effect I’m afraid… I still get the page served like so:
$ curl -I https://cdn.mydomain.com/wp-login.php HTTP/2 200The main issue I have with this is that the page being accessed like this, uses the IP from the CDN and not the client. And since I ban IP’s based on failed login attempts (and normal humans will never access this URL since they would simply go to mydomain.com/wp-admin) I end up banning the IP ranges from my CDN servers and thus not serving static content anymore…
@brianbrown thus I implemented your solution which did n’t appear nice to me at first sight but is probably much better in the sense that we let handle Apache throwing the redirect rather than WP which is probably safer, faster and less ressource consuming. And now I properly get:
$ curl -I https://cdn.mydomain.com/wp-login.php HTTP/2 301 location: https://www.mydomain.com/wp-login.phpwhich is exactly what I want. The CDN IP shows only once when hitting the page and then it is the client’s IP doing the rest and can thus get safely banned if this was an attack.
Here the snippet as I use it since only one CNAME for CDN and wanting the URL’s prefixed with www to be consistent with the rest of the site and added support for mp4 files:
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_HOST} ^cdn\.(.*)$ [NC] RewriteCond %{REQUEST_URI} !\.(bmp|css|gif|jpe|jpeg|jpg|js|otf|png|swf|tif|tiff|ttf|webm|webp|woff|woff2|mp4)$ [NC] RewriteRule ^(.*)$ https://www.%1/$1 [L,R=301] </IfModule>It’s good enough for me, got rid of those annoying attackers using my CDN like this.
Thanks.
Joris.
Forum: Plugins
In reply to: [WP SAML Auth] Integrating plugin with our IDPYou might want to give this one a try : https://github.com/humanmade/wp-simple-saml . It works for me authenticating against G-Suite SAML. Sorry for not giving an answer related to this plugin directly but I never got this one to work neither unfortunately.
Kind regards,
Joris.
Forum: Plugins
In reply to: [Stop User Enumeration] Plugin breaks REST API even when disabledOf course you are right, throwing out the plugin should not leave any traces. I probably updated to many stuff at once incl. update to 5.2. Went through the classic check of disabling all other plugins and enabling them one by one and found out that “WP Simple Paypal Shopping cart” was the culprit. As soon as I get rid of that one the site health report is clean again… Sorry for bothering here with that. I have added your plugin also back in and the site report remains clean (and no more usernames are leaked). Many thanks. Joris.