Jelena
Forum Replies Created
-
Hi,
It looks like the Events Calendar plugin you’re using is making use of an old version of the PHP monolog library.
The best solution going forward, particularly given that they support minimum PHP 7.4 is reach out to them and ask them to bring their Monolog library up-to-date…
Here is some explanation around the problem:
With our latest release, we moved Shield to a minimum PHP 7.2. This is because continuing to support PHP 7.0 & PHP 7.1 meant that we couldn’t properly support PHP 8.2 and every new version thereafter. As PHP develops, and more and more people start using newer versions of PHP, we have to keep up. Given the choice, we would prefer to continue to support older versions, but we just can’t.
For some context, please see this error report on the WordPress forums:
https://wordpress.org/…/php-fatal-error-declaration-of…/
This was because other plugins had started the shift to PHP 7.2+ and so our plugin was “out of date” and caused breaks because different versions of the same PHP libraries were running on the site and causing breaks, just like you’ve described.
We ultimately decided we had to also move our platform and this meant upgrading our libraries to keep up. But this now means that other plugins/themes running older libraries may now break. In much the same way as our plugin was behind when thatΒ wp.orgΒ support forum post was sent to us about our plugin.
Hope this helps…
Okay, great! Glad to know that all work fine for you now.
Whenever you need help, you can always reach out to us directly, too. We’d be more than happy to respond.
Cheers!
Jelena
Hi,
About U2F being disabled on your profile page, unfortunately this is happening because the browsers have all started disabling support for it. E.g. Google Chrome dropped support for U2F:
https://www.yubico.com/blog/google-chrome-u2f-api-decommission-what-the-change-means-for-your-users-and-how-to-prepare/On the contrary, U2F is not depreciated entirely in Firefox and you can use it but it has to be enabled in the browser itself and this is how to do that:
We do plan to implement WebAuthn into Shield, but we don’t have a time frame for this yet.
However, you can use Yubikey One Time Passwords with Shield. If you have it enabled in the settings, you can activate it for your user account:
https://www.screencast.com/t/KH0akTp633SKHope that you find this helpful in some wayβ¦
Thanks so much for such kind words about us and our work. We really appreciate you being a member of the Shield family and helping to share the word about us.
Shield Security crew is here for you and other folks who need us.
Cheers & stay safe. π
Hi,
Please see this thread here:
https://wordpress.org/support/topic/critical-incompatibility-with-wp-optimize-plugin/Unfortunately, in your case, we can’t ascertain which plugin on your site has the other monolog library installed as it’s not detailed in that error message…
What you can do is
1) leave Shield enabled
2) disable the all other plugins on your site
3) enable 1 plugin at a time and test
4) once the error occurs, please reach out to that plugin’s author and ask them if theyβd consider using an older version of the monolog library.Hope this helps.
Regards,
Jelena
Hi,
Do you use any type of page cache? Caching plugin maybe? If yes, please clear and then completely disable it and test.
As for locking out of the site, whenever this happens, best is to use a forceoff method outlined here. This will keep plugin active allowing you to log into that site and change settings.
We also have this guide you may find helpful:
https://help.getshieldsecurity.com/article/119-im-blocked-blacklisted-by-the-shield-how-to-unblock-and-prevent-thisHope this helps…
Regards,
Jelena
Hi,
We are happy to hear that you like Shield! π
Regarding your question, traffic logs can be cleared automatically.
Under the main Shield menu > Config > Traffic > you can find an option “Auto Expiry Cleaning”.
Please feel free to use that option to enter the maximum number of days you want and the Database cleanup will automatically delete logs older than that number of days.
The traffic log expiry will also depend on the Activity Log as the the Activity Log relies on data from the traffic log too.
Hope this helps but please do let us know if you have any other questions.
Thanks.
Jelena
- This reply was modified 3 years, 7 months ago by Jelena.
Hi,
Sorry to hear about the troubles you’re having.
This can happen if the user’s IP is whitelisted with Shield.
User can adjust their MFA settings even though they’re whitelisted. But MFA settings will not apply when logging in if they’re whitelisted.
This could explain why user can enable Google Auth for their account but when they try to login, they bypass it – the challenge is not available.
You may check if a user’s IP address is whitelisted with Shield (under the IPs & Bots section > Manage IPs > Manage Bypass List) and if yes, please remove it and Google Auth should display for that user during the login process.
Let us know how you get on sure.
Thanks,
Jelena
Hi,
Thanks for sharing this with us.
We’re sorry but we can’t comment other services and their reports.
Regarding cookies in general, we never store any sensitive, personally identifiable information in any cookie at any time.
The purpose of the ‘shield-notbot-nonce’ cookie is solely designed to work around page caching systems that mostly break Shield’s AntiBot system. If you don’t get the cookie and you use page caching, you’ll break the antibot system.
We have a dedicated Cookies section here:
https://www.fernleafsystems.com/wordpress-plugins/policy-addendum-shield-security-plugin/Please give this a little bit of read and let us know if you need any further clarifications.
Thanks,
Jelena
Hi,
Sorry to hear about the troubles you are having.
Please check out this thread, here:
https://wordpress.org/support/topic/hidden-link-not-working/Let us know how it went.
Thanks and have a nice rest of the weekend. π
Jelena
Hi,
Thanks for reaching out.
Please understand that Shield doesn’t control emails sending (deliverability) in any way. The problem is that your site can’t send emails through CF7.
We’ve just responded to your support request about this. Please check your email inbox. Ticket ID is: # 1618
Thanks,
Jelena
Hi Jessica,
I’m closing this thread.
Since you are a premium client and if you need any further help and support, please feel free to reach out to us directly here.
Thanks,
Jelena
Hi Jessica,
As always, we are very thankful to you for such detailed problem explanation. This helps us a lot to understand the problem better and provide best possible solution for you.
Here are the reasons why hiding login might not have any effect (or not work):
1) Page cache: disable and test
2) Another plugin is interfering: Disable the all plugins and test. If the problem is gone then enable other plugins 1 by 1 and test to see which one is interfering.
3) A forceoff method is in place – remove a “forceoff” file and test
4) Plugin disabled: Option under the General settings, ensure it’s enabled.
5) Whitelisted IP: Remove your IP from the whitelist and testI tried to load your site login URL (wp-login.php) and I’m getting 404 – not found. This tells me that the hiding login URL feature is working normally and I suspect in your case it’s about #5 – you have your IP whitelisted in Shield.
If your IP is whitelisted, that doesn’t mean that the hide login URL feature doesn’t work. It just means that this type of login protection (including settings page – your screenshot) does not apply to you – to your whitelisted IP.
This is how this feature works:
Non-whitelisted IPs
If the not logged in users…
1) try to access the ‘wp-login.php’ page of this site, they will receive a 404 Not Found error page.
2) try to access any page within the ‘wp-admin’ section of this site, they will receive a 404 Not Found error page.
Whitelisted IPs
It’ll work the opposite. User with whitelisted IP will
1) be able to login via ‘wp-login-php’
2) get 404 when they load hidden URL (including if they are logged in)
3) admins will have a feeling that changing login URL in settings (your screenshot) can’t be done nor saved.
All the above means that the hide login URL works correctly on that site.
You may test this by removing your IP from the whitelist and you’ll see that:
1) your current login URL will show your renamed login URL in the settings
2) if you use another browser and try to access the old wp-login.php URL you’ll get 404 Not Found
3) if you use your renamed login URL it’ll load normally
Regarding Bot Detection: Link Cheese offenses report, may I ask you to go to the Block Bad IPs/Visitors module > Probing Bots > and ensure that ‘Link Cheese’ is set to at least ‘Increment Offense Counter, please?
And then in the next few days monitor your audit trail logs for this type of offense. You’ll see entries in your logs, like “Link cheese access detected at xxxxxxx”.
Hope these answers were helpful but please do let us know how you get on sure.
Jelena
Hi Matt,
Sorry to hear about the troubles you’re having.
The AntiBot Detection Engine (ADE) is tracking each IP address and the actions they take on the site. If a visitor or user is triggering Shield defenses too often, eventually they’ll reduce their reputation and eventually Shield will see them as a bot.
We kindly suggest you to use this guide to get a more detailed info about this particular block and what you can try to debug it:
https://help.getshieldsecurity.com/article/435-warning-message-shield-security-bot-check-failedWe truly hope that you’ll find this helpful.
Please also understand that generally we provide more investigative and 1-to-1 support for our premium customers only. If you need further help and support, please consider upgrading to ShieldPRO. You may find more info about this here.
Regards and may we wish you a nice weekend! π
Jelena
Hi Matt,
Thanks for your questions.
We have a dedicated Cookies section here:
https://www.fernleafsystems.com/wordpress-plugins/policy-addendum-shield-security-plugin/Please give this a little bit of read and feel free to get back to us if you need any further clarifications. We’d be happy to respond.
Thanks,
Jelena