owenw

Thanks for the suggestions.

These attacks aren’t even DDOS attacks, they come from 1 or 2 ip’s (that do change occasionally). It works to bring down just about any WordPress site with ease. Could this be a bug that needs reporting? (I’ve run into this a few times with different sites I manage. All on Linode VPS’s.)

I’ll try disabling xmlrpc! I think I can get away without its benefits. But i was hoping I’d been doing something wrong, given how easy this attack is to bring down WordPress on a vps..

solved…

Solved. Was getting all confused working inside ajax.php when I should have been messing with public.js. Now the redirect happens at javascript level based on a success response from the ajax.

Note that i changed the form field “custom-field” to be a checkbox (in emailpetition.php). And then I added this statement (inside public.js) to see if the checkbox has been ticked:

if ( $( ‘#dk-speakup-custom-field-‘ + id ).attr( ‘checked’ ) ) {
window.location.href = “https://new.url”;
}

Just adding this in case someone else tries to redirect a user based on a field value in the petition…

Still working on this. Seems adding a value to the checkbox works to carry that value over into $signature->custom_field, regardless of if the box is checked… so getting somewhere… sorta

I ended up editing ajax.php and adding a javascript redirect to the success message.

An option for a landing page might be helpful to others someday down the road however!

Thanks.
Owen.