Forum Replies Created

Viewing 15 replies - 31 through 45 (of 519 total)
  • Plugin Author Nico

    (@nico23)

    This feature will be ready in 9.0 its listed by accident. I will remove it form the readme until the a true detection is ready.

    Nico

    (@nico23)

    security is of the utmost concern and priority to us.

    Sorry but NO! Just no.

    1. The password that is sent in plain text is an auto generated password. It is sent only as a temporarily password and it is never intended that the user use that password permanently. What we should be doing here, which we do not currently, is clearly informing the users that they have an auto generated password that needs to be changed after the purchase is complete. Doing this would resolve the security concern while still providing an easy, clean experience for the customer.

    Lets see how the WP standard registration process looks like.

    1. You put in your email.
    2. WP sends a email with a code as url arg to you.
    3. You do back to the site your email is verified.
    4. Then you will be asked to type in or use a generate pass. This will be the first real pass you get for your account.

    And or a similar process is pretty much how every single site on the web works. So no I do not think this is all good by simply telling people to change the pw after its send to them. If they don’t it will be a valid pass forever and I think its a reason sites do not do it this way.

    The authorization code to generate a pass has the same effect as your proposed temp pass but its better because its not a password and I do not know the details, yes its send on cleartext as well but my guess is WP will do some things to improve security like deactivating the account when no pass is generated in a certain amount of time …

    Can’t you hook into the the default user registration process of WP? The user should just be send the default mail WP sends out when vanilla registering.

    You also did not address the part about using email addresses as usernames, users are able to login with their emails anyway no matter what their username is. And again emails can be easily guessed by the author slug WP generates. I think this entire approach is bad for security. I feel bad about it because thanks to this plugin I have a lot of customers in my DB with their email as their username and also a password that they never changed that was send in cleartext.

    2. You mentioned the ssl_verify flag that we used to set to false. You’re absolutely right about this. We hated that we had it that way but it was genuinely the only way for a long time while the bug in WordPress itself was present. When the bug was resolved, we were able to cease that practice. If you have ever noticed it anywhere that we missed, please do let us know as we do want to ensure that all instances have been updated.

    Also let me be clear about this it was actually me who informed you about this, otherwise you would have kept in in place for the next 10 years until finally someone else whould point it out to you. And I got nothing that a little “thank you” text for this.

    So to not tell me

    security is of the utmost concern and priority to us.

    its just sounds ridiculously dishonest. And no it was not the only way. You could have detected the PHP WP combination that was very very outdated that had this problem where ssl failed, then you should inform users they had to upgrade or enable a option and a BIG FAT warning that this option will compromise their security. But no what you did was took the lazy sledgehammer method because you did not want to have support influx because of this or whatever. Just NO! You did not cease that practice when that bug was resolved, you ceased it after a way to long time after I told you about it!

    3. When it comes to security concerns, please consider contacting us privately … Our team includes three of the top security experts in WordPress and security is something we care greatly about.

    Since when do you have them employed? So it takes some guy who has a little bit of knowledge and above average attention I guess to be alarmed by software delivery done with sslverify => false. And lastly let me also tell everyone that I did contact you privately about this, to lazy to research the exact time-frame but I think it took you over 6 months to actually do something about it. Sorry but I can’t really take you seriously when you claim now that you care so much. Not sure what those security experts are doing but this should be the very first thing to spot and fix, from what I saw anyway.So please do not act like I am just

    broadcasting problems to the wider internet

    right away. Do people get anything out of it apart from a “thank you” text via email?

    I actually wrote some JavaScript now that simplifies/reduces the checkout process. Will be live on my site soon I guess and I will maybe release it as as a plugin. But again I think most ideal solution to this would be to combine this with the vanilla registration process WP already has. Not sure if this is possible but I would be happy if would do it this way.

    • This reply was modified 2 years ago by Nico.
    • This reply was modified 2 years ago by Nico. Reason: bah
    • This reply was modified 2 years ago by Nico.
    Plugin Author Nico

    (@nico23)

    Should be fixed now.

    Plugin Author Nico

    (@nico23)

    Should be fixed now.

    Plugin Author Nico

    (@nico23)

    Thank you.

    Plugin Author Nico

    (@nico23)

    • This reply was modified 2 years ago by Nico.
    • This reply was modified 2 years ago by Nico.
    Plugin Author Nico

    (@nico23)

    Please let me know if 8.8.1 fixed this.

    Do you plan to fix this, or do I need to recode my video page?

    Really?

    Plugin Author Nico

    (@nico23)

    OK I removed the top level menu and the the ads page. I would appreciate if you would change your review to a positive one. I have not got a positive review for 7 months now.

    Plugin Author Nico

    (@nico23)

    OK I removed the top level menu and the the ads page. I have not received a positive review on over 7 months. I really need some while I work on a big update that will make ARVE even better.

    Plugin Author Nico

    (@nico23)

    Please check version 2.1.0 and if you want plugins issues to be resolved (generally speaking) do not downgrade but provide the dev with a site to debug the issue with the version that has the issue.

    Plugin Author Nico

    (@nico23)

    Something seems wrong with WP.org its updated on the SVN but the zip is still the old version https://plugins.svn.wordpress.org/advanced-responsive-video-embedder/trunk/advanced-responsive-video-embedder.php

    Plugin Author Nico

    (@nico23)

    Very strange because I am pretty sure I updated it, also I do not get why WP notifies you of a update when the version tag is actually not updated.

    I just bumped the version another time 8.7.9 hope that helps.

    Plugin Author Nico

    (@nico23)

    It’s a ID on the HTML to increase CSS specificity to avoid putting !important on basically all CSS rules ARVE has. To make it higher then potential breaking theme styles. I had a lot of issues with the themes people use in the past that broke ARVE styles.

    If it fails to create the ID with that PHP code ARVE will actually create the id on body if there is not already one there, if that fails as well arve will create a div with that id around the entire site to get that id in ;). Not the most elegant solution but this way people can actually use the WP CSS customizer and get the expected results.

    Plugin Author Nico

    (@nico23)

    No 😉

    Plugin Author Nico

    (@nico23)

    False review! Updates do work like for any other WP plugin, this plugin is free.

    You seem to review the Pro Addon instead of the free plugin available here! So this is actually the wrong place for that.

    Updates of the Pro Addon can be downloaded as a zip file and installed. I am currently in the process of figuring out why auto updates do not work with the easy digital downloads support, this issue came up after I switched host to pantheon and they refused to help me with this.

    Nextgenthemes.com uses the “Stop Spammers” plugin that is pretty aggressive in stopping spammers and sometimes there are false positives, I regularly check allow requests and approve them so I think its pretty unfair to blame me for trying to keep spam bot off my site. All you needed to do is to apply to the allow lists or find out my mail or even try to contact me on the support forum here. Did you do any of this before you wrote a negative review? My guess is not.

    I also would love to see this “better solutions”, would love to compare the ARVE Pro features, with other plugin. Not saying there is none, but I heard at least someone else make that claim but never named names either.

Viewing 15 replies - 31 through 45 (of 519 total)