VA1DER

WordPress stored users passwords as

Yes, I’m aware of how modern systems store passwords. I’m also aware that many systems use insecure hashes, and even if secure, the whole system of entering passwords on the web site is vulnerable to attack. It doesn’t matter how they are stored if they are intercepted at the UI stage.

The most common occurance of this is malware or spyware on your PC.

While possible, of course, I don’t assess it as likely. Before I received the email with my www.remarpro.com login information, I myself hadn’t logged into www.remarpro.com for at least two years. If my computer and/or password manager had been breached, there are far juicer things than my www.remarpro.com login to steal that I use daily, and I’m pretty sure there would be evidence of the breach by now. As in a drained bank account.

There has been a breach of some sort here. I suspect it’s known by someone, because when I logged in to post about this, I was notified I had to change my password.

While I appreciate that at least one step was taken to remedy this, it’s irresponsible to have a password breach and not announce it.

BTW, @jdembowski, with respect to moving this topic, this topic s not about “fixing wordpress” the CMS, so please move this back to where it was. It very much belongs in requests and feedback, since it is about www.remarpro.com itself and not the CMS.

Do I have to modify the actual plugin and add the custom validation scripts there?

Thank-you for the reply. Where do the scripts go? I have tried putting them on the extra settings tab but they don’t appear in the form. I have tried putting them on the form tab but then that tab tries to put <p> everywhere.

Thank-you for the detailed reply. The upgrade went smoothly.

I don’t use wp-members, but in doing some customization of WPBruiser I can see that there is already a module for wp-members baked into it. Are you sure it isn’t already supported?

I have further information on the bug. If there are any single quotes (for example an apostrophe) in and fields stored in wppr_review_custom_fields then the plugin fails to be able to parse it.

I see the new review type, and all the schema markings that can be added. This is a great system, but it appears to have some bugs.

I selected a review of type “product”, started filling in new fields. When I saved it and went back, I now cannot expand the new review type fields. Clicking on the header just causes it to expand to one empty line. It is not parsing what was added correctly.

Secondly, I notice that no matter what review type you select, the entire schema is of type “product” and not of type “review”. For a review of a product, I believe the hierarchy needs to have review as the base schema type, and product as as a subtype.

Lastly, even when I do not have a dollar value put in, it is still adding the “offer” schema markings. Is there a way to have it remove offer from the schema markings when there is no offer?

Thanks

Hi Poonam,

Don’t apologize. I appreciate the fact you are working on this. It’s a great plugin. If there is any way I can contribute, let me know.

Thanks

Hi,

Yes, I attempted to edit and create a post and page. It still didn’t work.

This plugin is trying to write to the root wordpress installation using ABSPATH to find it. ABSPATH is not writable for all installations, and writing to it is dangerous, since it can be files shared by multiple wordpress sites. For example, ABSPATH points to /usr/share/wordpress in Debian.

You are better to use WP_CONTENT_DIR instead of ABSPATH and then have the URL be https://site.ca/wp-content/sitemap.xml

That should work on any wordpress installation because WP_CONTENT_DIR must always be a directory that is writeable by WordPress. I tested your plugin with this change and it seems to work.

The plugin was modified in version 1.1 so that it was essentially turned off for the admin user. That is to say, if an admin user is logged in and visits the normal site, then pages will not show up in categories. I don’t know exactly why this change was made – the change log says it was because the plugin broke other plugins.

You have two choices if you want pages to show up in categories. 1) get the older 1.0 version of the plugin, or 2) log out of the admin user when you look at your site

I suspect that question was cleverly worded advertising spam.

Thanks for the tip. This is interesting data, but it lumps all bots together under one category. I admit the way it breaks down all the other categories is useful, it would be nice to know which bots are visiting.

Consider it a request for a future upgrade. Otherwise, the plugin is perfect, and it’s in-house generated data.