Compatibility: Subscribe To Comments Reloaded

I’m having trouble figuring out what triggers the 403 error. This forum topic mentions what/where the 403 error is occurring > https://forum.ait-pro.com/forums/topic/erroe-403-with-the-plugin-subscribe-to-comments-reloaded/. Is this what is occurring for you too? Where do I find this to test it? I’m having a lot of trouble figuring out what is what. ??

Hi, I installed the Subscribe to Comments Reloaded extension but I have a 403 error when users have to confirm their email address to subscribe to the notification of the comments of an article.

I am unable to find any option settings that have users confirm their email address. Waiting on your reply with steps to check what is what???

I am unable to find any option settings that have users confirm their email address.

@aitpro, To enable that option you have to:

1. Go to the options panel of the plugin.
2. Then enable the Enable double check Option. This will send an email notifications to any user when subscribe to a comment in a post.
3. Try to leave a comment in your dev environment and check subscribe checkbox under the comment form. You should receive the notification.

Great! Thanks for letting me know where to find that option. Did not see any mention of “email notifications” when looking at the Options page. ?? Now I see what needs to be checked/tested. Thanks.

Ok I have finished testing the Subscribe to Comments Reloaded plugin and the RFI fix I posted in this forum topic works for me without having to do any other fixes. The only logical explanations I can think of for why this fix did not work for you are these: Mod Security is enabled in your web host control panel, which is known to cause BPS Forms not to work correctly (ie clicking Save appears to do something, but nothing actually saves/happens). You have some additional things in your URL link like single quote code characters/apostrophes.

Forward one of the emails/email links sent from the Subscribe to Comments Reloaded plugin that is being blocked so I can check the HTML or any other potential issues in the email. You can use our Contact Form here to get our email address > https://www.ait-pro.com/contact/

• This reply was modified 7 years ago by AITpro.

@aitpro thanks for all your help. I decided I’m just going to uninstall Subscribe to Comments Reloaded plugin.

But I’m curious about Mod Security that you mentioned. I didn’t know what it is so I did a little research and saw that people mentioned it’s important to have it enabled.

According to BPS system info Mod Security is not loaded or enabled.
200: mod_security Module is not Loaded|Enabled

Now that I’ve read those articles, I’m thinking about installing and enabling it. Do you recommend?

Mod Security is a good thing to install. Mod Security uses pattern matching security rules that are generally the same thing as BPS htaccess security rules. Mod Security security rules are called SecRules and SecFilters. So if you add a new SecRule or SecFilter and it is blocking something legitimate then you would need to edit/modify or delete that particular SecRule or SecFilter.

@aitpro thanks again. I found out that I can’t use Mod Security it will cause to many other issues.

Anyways, I’ve reversed BPS codes back to the way it was. I was just about to uninstall Subscribe to Comments Reloaded so I give it one last test. Surprised! It’s working now. I have no idea what happened.

I will keep a close monitor of this to see any future issue. Wish I knew what did happened so I can be more confident in using this.

Well that’s great! win – win. ?? What might have happened is that the whitelisting code modifications were done/saved in Custom Code since you saw the 3 security rules commented out, BUT for some reason Root BulletProof Mode had not been Activated yet so the 3 security rules that were whitelisted/commented out were not actually applied to your Live Root htaccess file. Seems like a logical possibility anyway. ??

I had 403 errors as well. Both for the double opt-in confirmation link and the Manage Subscriptions link.

One of the earlier responses to this thread mentioned something about special characters, which got me thinking about security plugins.

And indeed, after deselecting two of iThemes Security’s settings (“Filter Suspicious Query Strings in the URL” & “Filter Long URL Strings”) the 403’s are gone! ??