ecdltf

PS:

To answer my own question, in the meantime I could achieve it by simply commenting the add_filter('the_content' … 999); stuff and adding a new shortcode instead

add_shortcode( 'placenotes', array($this, 'easy_footnote_after_content') );

It seems to work fine now. It places the footnotes at the [placenotes] location and, as a side effect, the problem with the orphaned heading is also solved.

I’m stuck on the same problem, as I wanted to create a new group today, for a better structure.

• Can’t find a way to assign a group when creating a new redirect
• Can’t find a way to transfer redirects from one group to another

I’m sure (or at least I hope) I’m missing something obvious because without these two operations groups would be pretty pointless, no?

Thanks for any hints

Thanks, havn’t seen that one. Replaced both with Rewrite rules, everything fine.

One more? ??

That’s great, thanks.

Best,
Tom

[resolved]

maybe your application is using/expecting HTTP Basic authentication ?

Yes, probably. (Besides that, it seems that this feature never really worked.)

Thanks again for the good support.

Best wishes

Thanks for the fast and thorough reply!

Otherwise, WordPress would load (as well as its plugins), would send dozens of queries to the database

OK, I understand. (And that’s exactly why I like this plugin: it doesn’t seem to slow down my site. So, you’re right, we absolutely don’t want to trade in this advantage! (Go figure, before this, I’ve tried another firewall plugin which increased my page load time by 1.1s!))

You may want to lower to 10s or increase to 10 POST requests.

Yes, thanks, with 10 request per 15 seconds it goes through. According to the log it makes 1?request per 1.68?seconds.

8req/12s or 6req/9s works also. I guess the shortest one is the most sensible and thus preferable(?)

A strange thing I noticed:

When my desktop editor gets blocked it shows me a HTTP authentication dialog, saying that there is a second level protection. But it doesn’t accept the ID/PW (the one from Ninja).

Yes, the PW is correct; I made a test with the web browser (with the Login Protection forced to “Always”) and there the HTTP authentication (from Ninja) is accepted.

PS: Thanks, I know gtmetrix; for this kind of tests I prefer webpagetest.org

Ehm, please re-read my post above. I just reported you the results from P3.

I made different tests, manual and auto. (I use to check every plugin with P3 before regularly using it!)

I said:

I’m gonna try some other security plugins in the next days. Didn’t yet make big research but it seems that ‘WP Simple Firewall’ is a pure application level firewall, and with a similar feature set like AIOWPS. I’ll report back how it goes…

1st Test finished: While ‘WP Simple Firewall’ has indeed a very nice feature set, this thing increases my page load time by ~1.1?seconds, according to P3 Profiler. This is more than all my other plugins together, Jetpack included! WTH… , this thing is either extremely poorly written or this is just the price for a server-independent firewall. Completely ruled out!

For comparison: AIOWPS increased the load time by very modest ~0.12 seconds. Congrats!

OK, thanks.

I’m indeed using a fairly minimal setup consisting of WP 4.1 with the standard Twenty Fifteen theme, and a everyday set of rather standard-ish plugins (Add Meta Tags, Akismet, Autoptimize, Compress PNG, Duplicator, Google XML Sitemaps, Jetpack, ONet Regenerate Thumbnails, P3, Prepare New Version, Rewrite Rules Inspector, WP-Piwik, WP Super Cache).

As far as I can judge AIOWPS seems to be the first plugin not fully supported by my host’s server config. Of course, there are maybe other issues with the other plugins that I’m not yet aware of. (This is my first WP installation and it’s only 4 weeks old now ??

Most Host nowadays know about WordPress and they know what is required in the server settings to allow WordPress to function correctly.

Do you mean that WP (without plugins) won’t work properly if the Deny, Allow, Order directives are disabled?

Thanks for your swift reply.

Yes, just to be sure I will ask my hosting provider, which directives are allowed exactly.

But I think you misunderstood my post. The problem is not the Apache config (which, at the end of the day, is always out of your control), the main issue is that AIOWPS blindly reports something as working, which in reality isn’t working. That’s why I said, if an option (e.g. blacklist) depends on a specific server config, then label it accordingly in the UI with “Please verify if it really works!” or so.

Or even better, be flexible: If Deny isn’t allowed, then switch to Rewrite.

For example, I’ve simply rewritten AIOWPS’ deny directives (from the blacklist) to compatible rewrite rules, like this:

RewriteCond %{REMOTE_ADDR} ^27\.14[8-9]\. [OR]
RewriteCond %{REMOTE_ADDR} ^27\.15[0-1]\.
RewriteRule ^(.*)$ - [F,L]

This works flawlessly here. And if I can do it manually, I’m sure AIOWPS could do it also ??

If you don’t want to take server settings into account (or at least test for server settings), then it would probably be more secure to make the firewall an application level firewall.

I’m gonna try some other security plugins in the next days. Didn’t yet make big research but it seems that ‘WP Simple Firewall’ is a pure application level firewall, and with a similar feature set like AIOWPS. I’ll report back how it goes…

cheers,
Tom

Just for the info, I noticed the issue, too. (WP 4.1, Twenty Fifteen theme)

Thanks for your swift reply.

If you would look at them page by page

I repeated a couple of manual scans (visiting my page with another browser, w/o caching, logged-out) and could confirm the previous results: In absolute numbers EWWW’s impact goes down, compared to Auto Scan, but so do the impacts of the other plugins (except W3TC).

So, it’s certainly not justified to call it ‘resource hog’, but it’s still consuming 8%. (WP-Piwik 4%, Akismet 4%). I don’t think this is tremendous and I probably will continue using it;-) but I rather expected something between 0% and 2% …

Don’t get me wrong, I’m not really worried, I’m curious.