Elena Chavdarova

Hello @negapo,

2FA is applied only on administrators and editor user roles by default. Could you please confirm if you are using any custom user roles on the website and if they are set to use 2FA as well.

As you are a SiteGround client, you can open a technical support ticket, so we can take a closer look on the setup.

Thank you for your cooperation!

Elena

Hello @tnolte,

I am sorry to hear you are having such troubles with the latest update. We will do our best to assist you.

In the latest update of the plugin we have improved the 2FA security with encryption. It requires all users 2FA secret codes to be encrypted, once the update passes, we store the encrypted values, so reverting to previous version will not fix the issue reported. There is an encryption file which will be generated by the service called sgs_encrypt_key.php and stored under wp-content directory of the application.

Usually if there are issues with the encryption file we reset all users 2FA and disable the service automatically.

Still you can use 2FA reset command for all users to have a fresh start. This way all users will be forced to setup their 2FA once again and all data should be stored as expected.

The command which can be used is:

wp sg 2fa reset all

Let us know of the results.

Best Regards,
Elena

• This reply was modified 2 years ago by Elena Chavdarova.

Hello @woodardmc,

We have added rules for resetpass action in todays plugin release.

You can verify the results on your end.

Best Regards,
Elena

You are most welcome, @dimitrisv!

You can drop a quick review for the plugin if you have the time, that would be highly appreciated ??

Have a great rest of your day.

Elena

Hello @dimitrisv,

I am glad to inform you that we have implemented the suggested option into the SG Security plugin.

You can disable the Activity Log from SG Security -> Activity Log -> Log Settings -> Enable Activity Log section.

Best Regards,
Elena

Hello @kamakshyap2,

The draft might be deleted by a plugin or a theme which have a schedule to clean such records from the database.

As per example the SG Optimizer plugin have an option “Delete all automatically created post and page drafts” which will perform the operaion once a week and it will be logged into the SG Security activity log.

You can check your active plugins or the theme for such optimization options.

In order to be on the safe side, you can check the IP Address from which the request was made. If this is either the server IP Address or the IP Address of your website it means it is done by the software installed on it.

Best Regards,
Elena

Hi @remcotolsma,

We have included a filter to the plugin which you can use to exclude all inline scripts of type module from combination.

The filter you can use is:

add_filter( 'sgo_javascript_combine_exclude_all_inline_modules', '__return_true' );

Additionally there is a filter which will exclude all inline scripts no matter of their type as well:

add_filter( 'sgo_javascript_combine_exclude_all_inline', '__return_true' );

I hope this will be of help!

Best Regards,
Elena

Thank you for the report and sorry for the inconvenience, @samuelashbrook!

We have just released SG Optimizer version 7.2.4 with a fix.

Best Regards,
Elena

Thank you for your update, @sean-h!

We have just released a new version of the plugin which fixes the above mentioned issue without need of disabling the plugin.

I am glad you like the update in the feature.

Best Regards,
Elena

Hi @sean-h,

Could you please try to disable and re-enable Memcached service and confirm if the issue is resolved?

It appears there is a cache service which is interfering with the update process. Quick fix is to disable the SG Optimizer plugin and re-enable it. Still if you can provide us with an URL to a website where the problem is still present it will be of help.

Thank you for your cooperation!

Best Regards,
Elena

Hello @aejhart,

I am sorry to hear you have faced such difficulties using the plugin.

If there is an issue with the migration the plugin will report the exact reason for it. We have several articles in our knowledge base with common errors reported by the plugin and how to proceed. You can check them here: https://www.siteground.com/kb/category/wordpress/upgrades-migrations/.

Note that the plugin will not change the website in the origin server (BlueHost) in any way, so you will not lose your website setup or URLs.

In case you are still facing difficulties we will be glad to help. Just provide more information about the exact error you are receiving. Alternatively you can open a support thread directly in your SiteGround User Area.

Best Regards,
Elena

Thank you for your update, @efquintana.

As you have noted – there are abnormally high numbers of cookies which can require cache to be skipped. However in WordPress there are also many cookies used for functionalities which are not cache dependent.

So having a huge list of excluded cookies is not the best approach in this case.

Usually the plugin/theme which functionality requires to have cache disabled for specific pages sends the appropriate headers. This way the cache is automatically skipped for the page.

Additionally there is a functionality in the plugin which you can use to exclude an URL or specific post types from caching. This can be done from wp-admin -> SG Optimizer -> Caching section.

Best Regards,
Elena

• This reply was modified 2 years, 2 months ago by Elena Chavdarova.

Hello @efquintana,

I am sorry to hear you had issues with the plugin and thank you for your feedback.

We have always tried to keep it both simple and efficient, that is why there are many exclude options included in the plugin and additional filters available for more specific cases.

Dynamic caching is excluding the most used cookies from cache per example:

wordpress_logged_in_
woocommerce_items_in_cart

You can find more information about all of them in the following https://www.siteground.com/kb/siteground-dynamic-caching-configuration/#Cookies

In case there are other cookies used by the website which are not excluded from the Dynamic caching you can use headers to manage cache control. We support all the standard Cache-control header values that all CMS apps support:

cache-control: no-cache – passing this header tells our system not to cache this request
cache-control: max-age – this header tells our system to cache this request for X amount of seconds

Still if there is anything specific we can assist you with we will be glad to help.

Hope this information was useful for you!

Best Regards,
Elena

Hi @generosus and @johnbillion,

Thank you for the report and information provided.

In the plugin we do recommend disabling heartbeat for admin pages as this will drastically reduce the account CPU usage and requests spawned by the website while admin pages are opened. This is explained in the description on the WordPress Heartbeat Optimization section:

The WordPress Heartbeat API checks your post edit pages every 15 seconds and your dashboard and front end every 60 seconds, even in the absence of scheduled tasks. This can generate high CPU usage if you leave browser tabs in which you’re logged to WordPress opened for a longer period of time. You can modify these settings to reduce load.

When the heartbeat is disabled for admin pages all scripts depending on it there will not be able to triger it in order to reduce the load.

Still it is up to the end user to deside wheather if the heartbeat will be disabled or it’s execution time frame will be changed.

Now about the suggested solution above. First of all, thanks to @generosus for the report and that a solution was suggested as well.

The solution applied in the the WP Rocket plugin – they are replacing the heartbeat script with an empty JS file. The depending scripts still can not use heartbeat functionality and simply the big red warning is being hidden by this.

It is normal that if I disable the WordPress Heartbeat for admin pages this will prevent some scripts of using it. That is why it is being disabled. And it is also normal that QM will report there is a dependency which is not available. So it is up to the user to decide wheather to leave it enabled or not.

Best Regards,
Elena

You are most welcome, @eurotunes!

You can drop a quick review for the plugin if you have the time, that would be highly appreciated ??

Best Regards,
Elena