redsand
Forum Replies Created
-
Hey @treviscarletta,
You’re welcome. Glad to hear that’s helping. π
Just one thing to consider: If you lock down the
/wp-admin/by password you might have issues, because you’ll need to make an exception for/wp-admin/admin-ajax.phpor certain functionality could break. If you’re going to protect that directory, it might be better to do it by IP address in your.htaccess. I did a quick write-up on some best practices for this in another forum thread (for a different plugin) here and here. Hope that helps!– Scott
Forum: Plugins
In reply to: [WP-SpamShield] Cannot upload media with WordPress AppHi @joshofstl,
At the top of the support forum there is a sticky post that we ask users to read first because it guides you to excellent troubleshooting options we have already put together for our plugin users.
We will be happy to help you. You will need to take the following steps:
- The Troubleshooting Guide and Frequently Asked Questions (FAQs) are the place to start.
Please take a few minutes to work through these, as they solve over 90% of issues users have. (Please be sure to follow all the steps, not just read through them.) The issue might not be what you suspect.
Once you have gone through the Troubleshooting Guide and FAQs, if that doesn’t solve the issue, we’ll need a bit more info from you on the specifics, and we’ll need to email back and forth, so you should move on to the next step.
- Submit a support request using the secure form at the WP-SpamShield Support page, our main support channel for the plugin. We have an excellent diagnostic process.
That will allow us to help you diagnose this, find out what the real issue is, and get things working right for you.
– Scott
Please note that the WP-SpamShield Support page is our main support venue, not the WordPress forums here, so that will always be the best way to get a quick response and resolve any tech support issues.
Forum: Reviews
In reply to: [WP-SpamShield] Must have pluginHi @esp2013,
Thanks so much for taking the time to leave this great review! It’s really gratifying to hear real life results and examples of the plugin stopping spam like this. We’ll continue working hard to keep spam away from your site. π
Have a good one!
– Scott
XML-RPC ( xmlrpc.php ), WP REST API, etc.
Your Admin login is not the only place that can be logged into. If you’re not using the REST API, disable it. Check your raw server logs, and you’ll be able to see where they are trying to log in. It will be a POST type request.
- This reply was modified 9 years, 7 months ago by redsand.
+1
From another plugin developer who shares your experience in this issue, I want to say thanks for your initial report, and for describing the issue so well. (FYI, we use UpdraftPlus too and recommend it to all our clients. So, thank you for your excellent work on it. Much respect.)
Over at UpdraftPlus (900,000 installs), weβre getting a regular stream of users who use this tool (or another) to test for PHP 7 compatibility, and then ask us why UpdraftPlus is not PHP7-compatible.
This is exactly what we’ve been experiencing. WP-SpamShield (100,000+ installs) and other plugins we’ve developed are getting reported as not PHP 7 compatible by this plugin. They are all 100% PHP 7 compatible, and have been for over a year as well. (We run all our plugins through rigorous compatibility testing.) The unnecessary reports & support requests have become a real headache. @octalmage : I would say that so far, this plugin is not making a lot of friends among other plugin developers.
The fact that upon the plugin’s launch – and without doing much testing – WP Engine put out press releases announcing to the world, “Web’s First WordPress PHP 7 Compatibility Checker”, only compounds this issue. :/ (Personally, I would have waited until it had proven itself in the WPorg community first before doing any kind of marketing.)
Unfortunately, though, this tool is not sufficiently intelligent.
Could not have said it better myself!
– Scott
You got it!
Wow, it’s the weekend already? π
You have a great weekend too.
– Scott
Hi Garry,
Happy to help. π
If I can make a suggestion…(Feel free to ignore if it’s no longer relevant…) I see that you’re using quite outdated versions of WP-SpamShield, WordPress and PHP. Please update these, and that alone may take care of the issue. Your version of WP-SpamShield is about 8 months old, which is ancient in internet time, so we’ve made a ton of improvements since then, including better detection and compatibility. (Please see Changelog for details.)
For PHP, in most cases, it’s easy…literally a matter of changing settings in your .htaccess, or if not familiar, you can ask your web host or web developer. You should be able to jump to PHP 5.6 without any problems. (Possibly 7, but go to 5.6 first. If any issues with 5.6, in most cases, you can fall back to 5.5 safely, and give yourself time to make the tweaks needed to upgrade further.) Newer versions of PHP are faster and more efficient. All versions of PHP below 5.6 are not supported, meaning no more security updates, so for security it’s important to update too.
If you’ve already upgraded…just ignore the last two paragraphs. π
WP-SpamShield added the Whitelisting in a later version than what you have, so you’ll need to upgrade. Once you do upgrade, turn on Logging in your WP-SpamShield settings, and then run a test. When it gets blocked, the IP address will be in the log, and you can add that to the whitelist. But you may not even have an issue. (We’ve worked hard to make sure PayPal doesn’t get blocked.)
Hope that helps!
– Scott
That’s a WP-SpamShield error message. Please see these relevant links:
That should help you fix it.
Forum: Plugins
In reply to: [WP-SpamShield] WP-SpamShield with Dreampress – VarnishRight on! I’ll be in touch. π
Forum: Plugins
In reply to: [WP-SpamShield] WP-SpamShield with Dreampress – Varnishthanks for the follow up. That sounds more like you. π
Ok, I understand. Thanks for clarifying.
I think WP SpamShield is a nifty product, but I think itβs at odds with the way DreamPress set up Varnish. Which SUCKS.
Thanks…we appreciate that. π I hear you.
Well, if you guys do want to get in touch with me, we can make a compatibility bridge. It does detect Varnish and adapt, so it may just have compatibility issues on DH. We’ve seen it work fine on other hosts with Varnish.
You rely on unique cookies to determine who people are.
That’s only partially true. There are some tweaks in compatibility mode that make it work around this.
There are ways to configure Varnish so it doesn’t have this issue. We’ve worked with a number of web hosts to consult on both security and performance issues. We’d be happy to work with you guys too. I’m pretty sure we can find a solution. You’ve got my email or you can contact me through slack if you like.
– Scott
Forum: Plugins
In reply to: [WP-SpamShield] WP-SpamShield with Dreampress – VarnishHi @ipstenu,
The problem here is that the way SpamShield appears to work, it uses cookies to determine if your visitors are spammers or not⦠which means it wants to mark each user as unique. And that means it runs at odds with Varnish
That setup breaks PHP functionality. Cookies aren’t something that should have to be disabled for websites to work properly. Cookies are a standard PHP function. In essence you’re saying that not all PHP functionality is available to your users.
As long as SpamShield insists on using a cookie…
“Insist on using a cookie”…? That’s implying that there is an issue with code. There is absolutely nothing wrong with using this standard PHP functionality.
Iβm not sure if thereβs a way around it, except MAYBE if you only used SpamShield on registration pages and not on comment pages. We donβt cache wp-admin/login pages.
It’s an anti-spam plugin…it needs to be used on comment pages. That’s sort of the point.
@ipstenu I greatly respect your work as a moderator, but I think in this case responding as a representative of Dreamhost presents an obvious conflict of interest, and makes this response a bit inappropriate. I think it would be best if you hand this off to another Dreamhost rep. Please contact me offline for further discussion.
– Scott
Forum: Reviews
In reply to: [New User Approve] Bypasses error checkingThat’s exactly correct. I reported that exact issue to the plugin author about a year and a half ago.
Forum: Plugins
In reply to: [New User Approve] Incompatibility and crashI’m glad to hear you’re working on a fix.
sorry I didnβt see your fix.
Forgive me if I remain a bit skeptical that you didn’t see our fix.
We reported the issue initially about a year and a half ago, and made over 10 attempts to contact you through the forums here and through your website, over the course of about 6 months. Each time we posted a support request here, you responded to support threads both before and after ours, which made it seem that you were making a point to ignore our contact attempts. If that’s not the case, then I’d be happy to hear it.
Forum: Plugins
In reply to: [WP-SpamShield] Contact form fields not changingForum: Plugins
In reply to: [WP-SpamShield] WP-SpamShield with Dreampress – VarnishHi outpost33,
At the top of the support forum there is a sticky post that we ask users to read first because it guides you to excellent troubleshooting options we have already put together for our plugin users.
We will be happy to help you. You will need to take the following steps:
- The Troubleshooting Guide and FAQs are the place to start.
Please take a few minutes to work through these, as they solve over 90% of issues users have. (Please be sure to follow all the steps, not just read through them.)
Once you have gone through the Troubleshooting Guide and FAQs, if that doesn’t solve the issue, we’ll need a bit more info from you on the specifics, and we’ll need to email back and forth, so you should move on to the next step.
- Submit a support request at the WP-SpamShield Support Form, our main support channel for the plugin. We have an excellent diagnostic process.
That will allow us to help you diagnose this, find out what the real issue is, and get things working right for you.
– Scott
Please note that the WP-SpamShield Support page is our main support venue, not the WordPress forums here, so that will always be the best way to get a quick response and resolve any tech support issues.
- The Troubleshooting Guide and Frequently Asked Questions (FAQs) are the place to start.