redsand

Please see this FAQ:

Q: Is WP-SpamShield Compatible with, or Does WP-SpamShield Support this Particular Plugin _____________? (Fill in the blank)

Just a follow up for anyone else reading this:

The issue ended up not being an error with either plugin, but rather a site configuration error. This particular issue is addressed in Step 10 of the Troubleshooting Guide:

If you have multiple domains that resolve to the same server, or are parked on the same hosting account, make sure the domain set in the WordPress configuration options matches the domain where you are accessing the blog from. In other words, if you have people going to your blog/site using
http://www [dot] other-domain [dot] com/ and the WordPress configuration has:
http://www [dot] your-main-domain [dot] com/ you will have a problem (not just with this plugin, but with many other plugins, themes, scripts, etc.)

WP-SpamShield has a security and anti-spam measure that ensures that all contact form submissions originate from the same website domain that is set up in the WordPress settings. That should be a requirement on all form and anti-spam plugins, but unfortunately, it is not.

This is very important: Make sure you do not set up your site use SSL on a different domain than the main site domain.

While it may be tempting to set up SSL this way, using a separate domain for SSL is not a proper or secure way to use SSL, because it negates one of SSL’s key security features. SSL is not only meant to provide encryption for the data transmission, but to provide site identity verification — to show that the domain the user is going to, is in fact, the real deal. (The one they intend to interact with.) That’s actually one of the most important functions of SSL security certificates, yet it is often misunderstood. (Encryption would be pointless without it.) Site identity verification helps to prove to visitors that their sensitive information will not be intercepted by some unknown third party, and that the domain they are visiting is not susceptible to a MitM (Man in the Middle) attack. ( See this for more info: https://en.wikipedia.org/wiki/Man-in-the-middle_attack )

Hopefully, this info helps.

WP-SpamShield is one of the most secure anti-spam plugins available, and we remain committed to helping enhance and improve the overall security level of sites that use it.

Hi enquirer32,

First, thank you for your prompt and comprehensive reply.

You’re very welcome. 🙂

I (and perhaps people like me) are spending more and more time on resolving website issues (I know WP is amazing but it has become complex) and I want to focus on creating content not troubleshooting issues.

We completely understand! We work hard to help users minimize issues like this as well.

The biggest problem for me is that I was blissfully unaware of the issues until I started ringing around a few people who should have registered – that’s the real danger.

We completely understand this as well. To help mitigate, we recommend turning on the logging in WP-SpamShield. (Blocked Comment Logging Mode) This will log all incoming submissions that get blocked, whether comment, contact form, registration, etc. It will stay on for a week, or until the log reaches a certain size. Whenever you have an issue, this becomes a valuable tool, because you can send this to us after submitting a support request to us (through the WP-SpamShield Support Form – don’t post this info on forums). You can also log the non-blocked submissions by enabling “Log All”.

Retesting plugins every time something changes on a website isn’t possible – updates occur every day.

Understandable, and we feel the same way. With WP-SpamShield you should only need to test when you install it. If you see other user reviews and feedback, you’ll see a recurring theme…”set it and forget it”, “plug and play”, etc. We want users to be able install it and then forget it’s there. It’s mainly the initial install when you should test, or if any major changes are made to the site or plugin/theme lineup. After that you should be fine.

People rarely provide feedback on these issues. They just don’t return. It’s not possible to troubleshoot issues often without their help.

Again, we definitely understand.

However, I have read your extensive FAQ and Troubleshooting Guide. I have noted potential conflicts like Rocket Loader with Cloudflare – I have turned this off. I have looked at plugin conflicts. I have taken another look at the black lists. etc etc. I have retested and it seems to work OK.

Excellent. I’m glad you did. You’d be surprised how something seemingly small like this could make the difference.

But, to be sure, I have, for the time being, turned it off for registration. (Sorry, I didn’t mean it was blocking log-ins).

No worries. Obviously…do what you need to do. If you ever want to test it again, feel free to. And we will be glad to help if you have any trouble.

I am going to stick with this and try and make it work… a) because I (we) need it, b) because you clearly offer outstanding support. Thank you.

Glad to hear. We want you to have the best solution for your site, even if it is another plugin. Hopefully it’s WP-SpamShield though! 🙂 Thank you for the kind words. We’ll be happy to help should you ever need it. You are very welcome. Have a good one.

– Scott

@angrywarrior

I stand by my response. Our records/logs indicate malicious behavior coming from the IP address. You may or may not be aware of it. I’m not going to go into further detail on a forum. You may need to do a deeper security audit of your computer/network.

And now there is nothing wrong with my pc, I do not have any virus/trojans, malware etc or anything and yes I use good security application that protects my computer.

That is meaningless. Using a security application alone does not make your computer secure, especially if there are other vulnerable attack vectors. There are a million and one ways to compromise a computer. Most people are never aware when their computer/network is compromised.

Hi enquirer32,

I’m sorry to hear you had an issue. We’ll be happy to help.

To answer a couple questions…

You can read through the long FAQ and Troubleshooting for this but why bother?

The short answer is, because it fixes the problems. In over 90% of supports issues, this helps users fix things, and they have no other issues moving forward.

It is extremely rare for users to have a JavaScript and cookies error after they have worked through the Troubleshooting Guide and FAQs.

In 10 years of diagnosing user support issues (on thousands of sites) for both this plugin, and its predecessors, there is almost never a case where the JavaScript and Cookies issue persists after working through the FAQs and Troubleshooting Guide. Conversely, in almost 100% of cases where users are having the JavaScript and Cookies error, the user has not worked through the Troubleshooting Guide and FAQs.

I would call that a pretty compelling reason! 🙂

A few other, quite important reasons to work through them:

1. To make sure you site meets the plugin’s minimum requirements. If your setup doesn’t support the plugin, can you blame the plugin if you’re having issues? It’s important to check.
2. To make sure you don’t a have a plugin on the Known Conflicts List, that is guaranteed to cause problems.
3. It’s important to read through the documentation and instructions for anything new, whether it’s open source software or a new car.
4. With the complexity of website elements, both server side and client side, would it not be smart to read through the documentation and make sure everything is compatible and setup correctly? Often our guides help users fix unknown issues on our site that were affecting them in other ways they didn’t know about, and things are running better afterward.
5. It takes less time than you think.

Please take special note of FAQ 9, as it specifically addresses your issue:
“Q: I think a legitimate user or comment may have been blocked. What’s going on here and what do I do?” Read the full FAQ: http://www.redsandmarketing.com/plugins/wp-spamshield/faqs/#faqs_9

For the rest of the FAQ, please click here to read it.

From the Troubleshooting Guide:

If this message comes up consistently even after JavaScript and cookies are enabled, then there most likely is an installation problem, site configuration issue, plugin conflict, or JavaScript conflict.

For the rest of the Troubleshooting Guide, please click here to read it.

To answer your other questions:

Many of you out there may, like me, have issues regarding this…

We have over 100,000 active users and very high ratings, and this really isn’t a common problem, so it’s really important to realize that this is likely something specific to your site, not a generalized issue. That’s where using the Troubleshooting Guide, FAQs, and our Support page are really helpful.

…the only way you will know is because nobody can register on your website and most won’t be nice enough to tell you – they just move on and go somewhere else.

With any new plugin, after installing, you should run a quick test to make sure everything is working properly. Here’s how to do it for WP-SpamShield.

Doing this test will tell you if things are working or not. If you have a conflict, it’s not going to work for anyone. (Rare, but easily fixable.) If things are good to go, it will work for everyone.

It’s just a matter of using things within the parameters they were designed for.

I have lost a month of user registration and loss of goodwill because this plugin was denying reasonable IPs from logging in and I wish I had never installed it.

The plugin doesn’t prevent users from logging in, so if that is happening, then there is either a conflict, or something going on that we need to look into.

In my view there is a trade off here – dealing with spam yourself and preventing legitimate users from registering.

We work very hard to make sure that users don’t have problems. We want you to have a flawless experience with this plugin.

We will be happy to help you out. You will need to take the following steps:

1. The Troubleshooting Guide and FAQs are the place to start.
   Please take a few minutes to work through these, as they solve over 90% of issues users have. (Please be sure to follow all the steps, not just read through them.)

   Once you have gone through the Troubleshooting Guide and FAQs, if that doesn’t solve the issue, we’ll need a bit more info from you on the specifics, and we’ll need to email back and forth, so you should move on to the next step.

2. Submit a support request at the WP-SpamShield Support Form, our main support channel for the plugin. We have an excellent diagnostic process.

That will allow us to help you diagnose this, find out what the real issue is, and get things working right for you.

– Scott

Please note that the WP-SpamShield Support page is our main support venue, not the WordPress forums here, so that will always be the best way to get a quick response and resolve any tech support issues.

Yes, my initial response already addressed that.

Nothing to worry about there. Just minor text changes between versions. … That file doesn’t affect how the plugin runs.

We made those changes to the original in the WordPress directory.

What happened is:

1. You updated the plugin right after we released a new version.
2. We made a minor update after this to the readme.txt in order to update the page on WordPress [dot] org. The readme.txt file cannot execute code and does not affect how the plugin runs.
3. If the code on your site doesn’t match the WordPress [dot] org version at the time it is checking, WordFence detects this type of thing as if the plugin had changed on your site even if no code had changed. In essence the original changed, not the code on your site.

If you have any further questions or issues, please use the WP-SpamShield Support page as noted above.