• Resolved nicolaottomano

    (@nicolaottomano)


    Hi,
    I installed the WebP plugin on my website and it works fine.
    It only needs a little tune up to make it compatible with some security plugins such as AIOWPSEC
    If the 6G Firewall Rules are enabled, the WebP plugin does not works anymore (receives a 403 Forbidden Access error).

    Best,

    Nicola

    The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 23 total)
  • Plugin Author rosell.dk

    (@roselldk)

    Hi Nicola,

    Thanks. I will look into it.

    Plugin Author rosell.dk

    (@roselldk)

    I’m btw using github for issue tracking.
    https://github.com/rosell-dk/webp-express/issues

    Plugin Author rosell.dk

    (@roselldk)

    Tested the 6G Firewall Rules with WebP Express, and found no problems. Also tested all the other Firewall options – it still works!

    Perhaps something else was causing the trouble.
    I have fixed some mishabs in the new 0.4.0 release. Could you please try if it works there?
    ALso, does the “test” buttons work on the individual converters?
    Does appending “?debug” after an image produce a textual report?

    Plugin Author rosell.dk

    (@roselldk)

    Is it the image requests that generates the 403 Forbidden Access error?

    It sure sounds like the requests are blocked by the .htaccess rules generated by the security plugin, reason being that they look suspicious.
    Strange that I cannot reproduce it, then.
    I will test on some more installations

    Plugin Author rosell.dk

    (@roselldk)

    I tested it on another installation.
    Again 6G Firewall rules works fine.

    However!
    I got the 403 when “Bad Query Strings” in “Additional Firewall Rules”

    In the info field to this setting, it warns about this setting may break stuff:

    This feature will write rules in your .htaccess file to prevent malicious string attacks on your site using XSS.
    NOTE: Some of these strings might be used for plugins or themes and hence this might break some functionality.
    You are therefore strongly advised to take a backup of your active .htaccess file before applying this feature.

    Plugin Author rosell.dk

    (@roselldk)

    Going to someimage.jpg?reconvert (with “Bad Query Strings” rule enabled), I get 403 along with this message:
    You don’t have permission to access /wp-content/plugins/webp-express/webp-on-demand.php on this server.

    Thread Starter nicolaottomano

    (@nicolaottomano)

    Hi @roselldk
    thanks for your kind reply.

    Unfortunately at the moment I’m on holiday with very limited access to the Internet.
    The 403 issue happens to the users of my website. I do not get errors while I’m connected ad administrator. But if I logoff, I get the error while the WebP image is not already in cache, so I think it could be related to the conversion routines.

    I’m using GD as first choice (because of better speed in encoding) and cwebp as fallback (second option). The others (wpc, imagik, ewww) don’t work on my website and the test fails.

    The version I’m using is 0.3.0 and I will update as soon as I can connect to the admin area of my blog.

    Hope it helps.

    Best,

    Nicola

    Thread Starter nicolaottomano

    (@nicolaottomano)

    Please see https://imgur.com/a/W36oH6L

    Best

    Nicola

    Thread Starter nicolaottomano

    (@nicolaottomano)

    Ok, I upgraded to 0.4.0 but broke website (even with 6G firewall rules disabled). I got lot of 404 errors on images.
    Uninstalled it and reverted back to 0.3.1. Now it works again.

    Best,

    Nicola

    Plugin Author rosell.dk

    (@roselldk)

    Hi Nicola,

    Broken site. Not good! ?? That explains why active installations dropped from 30+ to less than 10. I’m surprised though, because I tested on about 5 sites before uploading. Well. I must focus on that issue first, then.

    Anyway, I have done some thought and research regarding security plugins. I’m realizing that I more than a tweak to the plugin to avoid problems with security plugins. WebP Express currently saves its options to the .htaccess file, so images are routed to a script, WITH THE OPTIONS APPENDED as a querystring. WPC has a URL option, so if using that converter, the querystring will contain “http”, which security plugins don’t like. But even the path to the image, which is also put in the querystring, may contain something a security plugin don’t like. That depends on the filenames and paths of the images.

    So, I need to pass the options in another way. I’m considering to save them in a php file, which then gets included by the image converter. I see that Wordfence uses that method of saving and loading settings (so it cannot be entirely off)

    Thanks for staying in this conversation ??

    Best,
    Bj?rn

    Plugin Author rosell.dk

    (@roselldk)

    And in order to get the image path of the original image that was redirected to the converter, it seems I can use $_SERVER[‘REDIRECT_URL’] ??

    Thread Starter nicolaottomano

    (@nicolaottomano)

    Hi Bjorn,
    thank you for your kind support.
    I really believe that your pluging could become one of the most downloaded on WordPress market, since it is really standalone and has no API/license/crap to enable or pay for.

    Tell me if I can help in some way.

    Nicola

    Plugin Author rosell.dk

    (@roselldk)

    Thanks ??

    I have been installing different test setups in order to find out what went wrong with the 0.4.0. But I cannot find any issues. Could you give me some server details? Such as PHP version, WordPress version, whether WordPress is installed in root or in a folder, Server (Apache or Litespeed).

    You are very welcome to browse the issues on the github repository and give some feedback. It could be as simple as a +1 on the issues you think would be most valuable. I have been completely discussing with myself there…
    https://github.com/rosell-dk/webp-express/issues

    Thread Starter nicolaottomano

    (@nicolaottomano)

    “I have been completely discussing with myself there…”

    Ahahaha ?? I see the point.

    Unfortunately I don’t use Github but I can give the info here.

    I use WordPress 4.9.8, PHP 7.2.8 on Apache server.
    The website is hosted on a shared hosting provider and is installed on the ABSPATH /web/htdocs/www.mywebsiteaddress.xxx/home/

    I’m using Sucuri WAF as Web Application Firewall and CDN along with AIOWPS as security plugin.

    Best,

    Nicola

    Thread Starter nicolaottomano

    (@nicolaottomano)

    I found an error in the php-errors.log of yesterday morning (I don’t remember if it occurred before or after upgrading to 0.4.0)

    [22-Aug-2018 08:35:22 UTC] PHP Warning: Invalid argument supplied for foreach() in /web/htdocs/www.mywebsite.com/home/wp-content/plugins/webp-express/lib/helpers.php on line 84
    [22-Aug-2018 08:35:22 UTC] PHP Warning: implode(): Invalid arguments passed in /web/htdocs/www.mywebsite.com/home/wp-content/plugins/webp-express/lib/helpers.php on line 93

Viewing 15 replies - 1 through 15 (of 23 total)
  • The topic ‘Great plugin. Needs little tune up’ is closed to new replies.