Sonja London
Forum Replies Created
-
Prior to ES 4.2.3, ES was accessible to everyone.
Not completely true. Prior to 4.0 it could be controlled. In 4.0, control was moved to the “ES Premium” in a “bait and switch” manner. Two mistakes. As they say, “two wrongs to do not make a right”.
It should have been attached to a capability, not an Administrator. I recommend you rethink this very risky approach.
- This reply was modified 4 years, 11 months ago by Sonja London.
“Yes, we have premium plans and those who want premium feature they need to pay it.”
I have no objection to that. To be clear – my objection is the “bait and switch” – removing features from the free version and putting them in the paid version. In the retail industry in the US, “bait and switch” is illegal. Sadly, that law does not appear to apply here.
- This reply was modified 4 years, 11 months ago by Sonja London.
Forcing users to use the Administrator role just to send an email is dangerous. It does exactly the opposite of “provide security by default”. If this were attached to another role, like an editor or even a capability like “es_send_email”, rather than a role, I would have applauded you and made changes.
- This reply was modified 4 years, 11 months ago by Sonja London.
Found the changelog. Rolled back.
It seems like a very bad idea to force people to use the administrator role for sending an email. This seems inconsistent with good security practices.
- This reply was modified 4 years, 11 months ago by Sonja London.
- This reply was modified 4 years, 11 months ago by Sonja London.
These are 2 problems. If I can solve at least the first one, it would allow us to get some work done.
The Email Subscribers menu is completely missing from the dashboard for all except Admins.
What role should be able to send? Editors used to be able to and now they cannot.
User Roles tab is missing from Settings even for the Administrator role.
I have begun digging through the code. It looks like all control over roles may have been intentionally removed from the free version. This despite the fact that it is listed as a feature of the free version on the front page “Ability to control user access (Roles and Capabilities).”
It would be nice to hear from the author(s) on this. We will temporarily deactivate the plugin pending a suitable response. If none is forthcoming in a reasonable timeframe, we will replace the plugin.
Forum: Plugins
In reply to: [Hide Plugins] Just curious if this plugin will be updated?Seems odd. @brianmiyaji is active on wp.org, but seems to be ignoring this plugin of his.
@brianmiyaji – Would be nice to know if you intend to update it to keep it working or formally abandon it so someone else can fork or take it over.
Would be nice if he would allow someone to jump in and help at least.
Forum: Plugins
In reply to: [WP Help] WP Help abandoned plugin ?Has anyone tried to reach out to Mark ( @markjaquith )? Perhaps he could use help or ???
Forum: Reviews
In reply to: [Admin Menu Editor] top tables in my wp-optionsAre you saying that this plugin added too many rows in wp_options or something else?
Forum: Plugins
In reply to: [Adminimize] The Adminimize plugin needs improvements to work with PHP7.2@bueltge – Perhaps you would get more support if you pinned a notice that you want people to test the dev version and give us feedback, with the link to the zip?
Forum: Everything else WordPress
In reply to: Constantly “held for moderation”Thanks.
Forum: Plugins
In reply to: [WP Go Maps (formerly WP Google Maps)] Very Slow – triples page load timeSure. Can I do it without posting publicly? Email?
BTW – we found it using GTmetrix.
@mountainguy2 – are the plugins you refer to changing WordFence functioning (fixing a shrtcoming) or adding to it (like another security plugin?
I already enhance Wordfence with a couple of third party plugins
Forgot to mention – if we are successful in creating the plugin we will make it available to others. And our early proof of concept seems to work.
@mountainguy2 – I think there are many reasons to change the messaging. While thwarting hacking attempts is an important one, there are others. Some of our clients have very large numbers of users and serve specific demographics. Some clients have as many as 60,000 users.
As you can imagine, the current messaging confuses them greatly and wastes a great deal of staff time. Adding a few tag lines at the bottom is not adequate. Especially when it appears to not allow any HTML (links?).
We are investigating 2 options:
- Creating a plugin that does not require modification to WordFence code, so that it is maintainable.
- Replacing WordFence with one or more alternate security plugins.
And of course updating our old 5 star review to reflect this problem and some others.
- This reply was modified 6 years, 3 months ago by Sonja London.