redsand

We have been in this business for over 20 years.

Then, you should have been familiar with best practices, and configured your servers correctly out of the box, with garbage collection enabled. If the customer tells you they have an issue like this, then the first thing you should have checked is if they disabled PHP’s built in garbage collection, and shown them how to fix it. That’s web server management 101.

Customers buy a VPS, install Plesk and start using it e.g. with WordPress.
They don’t know about garbage collection, etc. That is how it is nowadays.

They shouldn’t have to know about garbage collection. That’s the point. If it’s set up correctly out of the box, they would have to go out of their way to turn it off.

No other web hosts have an issue with this. In fact many top web hosts recommend WP-SpamShield.

PHP sessions are a standard feature. Nothing needs to be “fixed”. This plugin and its predecessor have been around for ten years using PHP sessions basically the same way, and this is the first time someone has complained of an issue like that. We do a ridiculous amount of testing, on all different servers, configurations and PHP versions.

We do not give such a review lightly.

There is no excuse to write a review like this without submitting a support request first.

Go scratch the back of your head and fix it somehow.

It’s a bit difficult to fix things that aren’t broken. Again, that is a server management issue.

As plugin developers, there is a certain code of ethics. We should not be interfering with Session management, and we should do our best to avoid messing with a user’s php.ini settings at runtime. Sometimes it is necessary, but it should be the least invasive approach possible. (For example, WordPress itself has to tweak a few things, but it’s non-invasive.) What you’re requesting when you say “go fix it” would require invasive modifications to the user’s settings. For example, if they have their own garbage collection set up, and turn PHP’s off, then if we go and turn it back on, we’d be overriding their php.ini settings. That’s not ok, and would be a bit heavy handed IMO.

For the time being, it is on our blacklist.

Blacklist? WOW. Just so we’re clear…you’re blacklisting one of the highest rated plugins in the WordPress directory, that has almost 200,000 users. Ok.

It just has this problem that can cause a HUGE problem.

Anything can cause a huge problem if your server isn’t configured correctly. As a company that resells hosting and/or manages websites, you should know this.

I suggest you Google “PHP session garbage collection”. More on PHP.net:

• php.ini ‘session.gc_probability’ setting – http://php.net/manual/en/session.configuration.php#ini.session.gc-probability

– Scott

• This reply was modified 9 years, 8 months ago by redsand.
• This reply was modified 9 years, 8 months ago by redsand.

You’re welcome! 🙂

@luisimpulsum,

I’ll be happy to address your questions.

Before I get too far into this, I’ll just take a second to point out that the WP-SpamShield Support page is our main support venue for this plugin, not the forums here, so if you need further help after this, please head on over there. We’ve also put together some informative resources for plugin users, such as the plugin documentation, the FAQs, and Troubleshooting Guide, so I encourage you to make full use of those.

Please see two FAQs that address these issues:

• FAQ #14: “Q: I’m trying to optimize my site for speed, and Google PageSpeed and/or Yahoo YSlow are telling me I should move the wp-spamshield/js/jscripts.php file to the footer. (aka ‘render-blocking JavaScript’) Should I be concerned about this script slowing down my page?”
• FAQ #15: “Q: Will WP-SpamShield slow down my site, and is there anything I can do to optimize my site for it?”

Thanks @lukecavanagh for your comment – you are 100% correct…the actual site load time is far more important than the scores.

@luisimpulsum:

The scores are there to be an indicator to help people improve the load time. The goal of speed optimization for a site is not to get a high GTmetrix, PageSpeed, or YSlow score, but to get a fast-loading site.

We’ve been in touch with Frank – the author of Autoptimize – to build compatibility between the two plugins. We’ve discussed some of the issued you’re bringing up here, and have come up with ways to have the two plugins work well together. We agreed on some compromises that aren’t going to negatively affect a site’s load time. I’m sure there are further ways that we can make improvements, but anything we come up with from here on out isn’t going to make or break your site speed.

This method, however, is not valid for this website because of the upload speed requirements (80%).

You’re stating this as if it’s a generally accepted fact, and that simply isn’t true.

It is a misconception that moving JavaScript to the footer will automatically speed up your site, just as it is a misconception that having JavaScript in the header will automatically slow your site down. Optimizing a site requires a fine-grain approach.

We do speed-optimization for clients day in and day out, so this is something we’re quite familiar with. We have developed our own JS/CSS minification plugin, RS Head Cleaner Plus, and you are welcome to try it out. It is built for brute speed, whereas Autoptimize is designed for maximum compatibility – each has their strengths and some different approaches to optimization. We recommend both to people depending on their needs.

There are some situations where you will need to ignore advice given by automated evaluation systems such as PageSpeed and YSlow. They are giving you a list of things that typically slow down a site. You need to remember that this is general advice and not every item will be applicable to every site. There are a number of speed issues that automated evaluations like these cannot properly address. You can follow all their advice and still have a slow site if you have other undiagnosed issues on your site, yet they will give you a high score. Conversely, you can ignore some of their advice and improve your actual speed more than if you follow it exactly. Optimizing a site for speed requires knowing when each item is applicable, along with a little common sense.

Anyhow, it would not be a valid method neither, because there would be a couple of scripts in the header, which would cause a low score on GTmetrix and Google PageSpeed.

Again, I think you have a misconception here.

jQuery scripts generally need to stay in the header of a site for maximum compatibility, especially with WordPress. Other scripts may be moved to the footer. (Caveat: If you move a script to the footer, you need to test and make sure it doesn’t break any functionality.)

I could discuss this topic all day, but unfortunately I can’t do that. I will offer a few quick points to consider. You can still have a blazing fast site with jQuery or other JavaScripts in the header. We’ve got sites loading .6 seconds with jQuery in the header.

Each of these make more of a difference to site speed than whether JavaScript is in the header or footer:

• It is far more important to concatenate scripts (combine them) and reduce the number of scripts and stylesheets loaded, than whether they are in the header or the footer.
• It is also far more important to minify scripts and CSS, and serve gzipped files.
• You can speed up the load time of scripts by using a CDN, and there are even CDNs that host the most popular JavaScript libraries, that you can use for free. If you even just do this, it makes a big difference.
• Using a caching plugin and configuring your server to properly leverage browser caching.
• Optimizing your image file sizes, and serving images from a CDN. Again there are free CDNs specifically for images.
• One item that doesn’t get talked about enough – optimizing your database. A lot of sites run much slower than they need to because of a bloated database. Make sure your database is being regularly maintained (optimized, repaired, etc) and that you don’t have any extra bloat from old plugins, themes, etc.

I hope this information helps. If you have any further questions please check out the plugin documentation and submit a support request.

– Scott

• This reply was modified 9 years, 8 months ago by redsand.
• This reply was modified 9 years, 8 months ago by redsand.

Hi Liz,

I’m sorry to hear that you had an issue, and I’ll be happy to help.

We’ll dig through the logs for your support form submission, and email you to help you directly, but we’ll answer a bit of your question here as well.

I need to know how to “whitelist” this form from the wp-spamshield protection basically.

In the WP-SpamShield settings, if you use the option, “Disable anti-spam for miscellaneous forms” that will do exactly that.

I tried unchecking the “miscellaneous” forms option…

I’m not sure exactly what you are saying here…the “Disable anti-spam for miscellaneous forms” option is not checked by default. In other words, Anti-spam for Miscellaneous forms is enabled by default. If you check the box, then you are disabling anti-spam for miscellaneous forms. If you uncheck the box (as you’re saying), then you are leaving Anti-spam for Miscellaneous forms enabled…which sounds like the opposite of what you want…

I tried unchecking the “miscellaneous” forms option in the settings but the form still gave this error when users tried to submit the form:

Unknown column ‘3204681114fd79aefe596a05bca4b3e9’ in ‘field list’

The long hex/number was different each time. Any idea why it is is happening and if there is an easy way to say don’t monitor these pages/forms?

If you disabled miscellaneous form protection, and got an error, that’s an issue with the form on your site…There’s nothing we can do about that.

It sounds like your form generates an error if there are any additional fields that it wasn’t expecting. I would recommend modifying the form to not generate an error if there are extra fields sent with the stock form fields. There’s no reason for it to consider an extra field being sent as an error. If it doesn’t want to use an extra field, then it should just ignore any extra fields when it is processing the form.

Yes, I do know why…the “The long hex/number” is the name of an HTML form field. That’s a randomly generated security key that WP-SpamShield adds to the forms via jQuery. That is explained in the “How it Works” section of the documentation.

I actually do have cookies and javascript allowed in by browser (linux/firefox), but s=for some reason it thinks not.

If you have JavaScript enabled in your browser, then it’s likely that one of your browser plugins is interfering with the functionality of the JavaScript. Also, have you tried clearing your browser cache and cookies, and reloading the page? I’d recommend doing that. We have tested that support form inside and out, in every type of browser and OS out there, and it definitely works.

I do also think it is a bit problematic for users that for whatever reason don’t like having javascript enabled to make it impossible to use? Is that how the plugin works?

Yes, JavaScript is required.

Please see the plugin documentation, especially the section “How it Works”. It explains all of this in detail so I won’t rehash all of that again here.

Stats show that among all Internet users, less than 1% have JavaScript turned off, and less than 1% have cookies turned off. This requirement isn’t anything out of the ordinary because almost every single modern websites requires the use of JavaScript and cookies for key features — AJAX, for example, won’t work if JS is disabled.

– Scott

Hi Tim,

You’re very welcome! We’ve got plans to make it even better too. 🙂

I’m sorry to hear you had that issue. Sounds like we need to do some debugging with you, and see what’s going on. If you wouldn’t mind heading over to our main support site for the plugin and submit a support request, we’ll get you squared away.

– Scott