Some issues with WPDiscuz

  • Resolved gamerwithadegree

    (@gamerwithadegree)


    4 years, 6 months ago

    Hi,

    I have just installed this plugin on my live site but have noticed a couple of issues, so I have had to deactivate the plugin for now. I am hoping you can solve these problems soon.

    1. I have disabled the show login button, but it still shows on the comment form.
    I use the WPS hide login plugin to rename the admin login page. The login link on wpdiscuz form exposes this renamed login URL, so this is a major security issue.

    Thanks

Viewing 7 replies - 1 through 7 (of 7 total)

  • Same here. I agree with @gamerwithadegree. Please mask the login link. It’s a potential security hole. Thank you!

    Plugin Author gVectors Team

    (@gvectors-team)

    Hi @gamerwithadegree and @jetxpert,
    This issue is already fixed in upcoming 7.0.3 version. We’re planning to release it tomorrow.

    Just wanted to add that this is a concern from my end also.

    Version 7 of wpDiscuz brought with it a number of complexities/problems, and I was willing to overlook those.

    However, creating a security hole, declaring it would be patched “tomorrow” – and then almost 2 weeks later, still no update, is worrying from my perspective as a user.

    Trust is important for users. I want a better WordPress comments experience on all my sites. I’m happy to pay money for it. However, if I can’t trust the plugin to be secure and not break stuff, that’s a deal breaker.

    I would request that in future, security updates are prioritized and pushed live ASAP. Rather than bundled in with non-security updates, which delays the release.

    For now I’ve had to stop running wpDiscuz.

    Plugin Author gVectors Team

    (@gvectors-team)

    Hi @aph5,
    The update comes 1-2 days.
    Please note, that showing the login link is not a critical security issue. Almost all plugins which requires to login and which doesn’t have custom login page displays the login link. In any case we still do an active improvement and update it within 1-2 weeks. And this is still fast.

    wpDiscuz 7 brings tons of nice and very useful features. You’ve got an awesome plugin and I don’t think it’s fair to just say “Version 7 of wpDiscuz brought with it a number of complexities/problems”. A small “thank you” before such phrases would be more thankful attitude to the hard work we do for you.

    If you check my comment history, it shows the 3 or so prior posts I’ve written on your support page have contained the phrase “thanks”.

    I don’t think there’s any need to be snarky about not saying it a fourth time. However, for clarity, I will say thanks once again for the plugin. Thank you.

    With regards to v7 bringing complexities/problems, I will elucidate further:

    – New features were turned on by default, meaning that it couldn’t be updated easily. Essentially you had to install it in staging, figure out how to get it back to a state that you enjoyed previously. Then deploy it live and make those adjustments.

    – The CSS files now add extra size to the plugin – last time I checked it was around 200KB.

    – Whilst you may not consider the exposure of a private wp-admin login page as “critical” – for me this is nevertheless a security hole that I don’t want exposed.

    Plugin Author gVectors Team

    (@gvectors-team)

    @aph5,
    Ok, thank you.

    – The CSS files now add extra size to the plugin – last time I checked it was around 200KB.

    There is no more such issue, at least in upcoming version. The minified wpDiscuz CSS file is about 50KB. The FA lib is also customized and reduced to 10KB.

    • This reply was modified 4 years, 5 months ago by gVectors Team.

    That’s great news about the CSS and fontsawesome files being smaller.

    Thanks for the reply and the good news ?? Your hard work is appreciated.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Some issues with WPDiscuz’ is closed to new replies.