wordcrunch

@cck23 Sweet! Thanks for sharing that ??

But fix them and I’ll be happy to change the review

It isn’t compatible with the visual editor under Appearance -> Customize; making editors aware of this is a significant impediment to smooth and issue-free operation, and when it fails it can fail catastrophically (irretrievable loss of content). These are major core issues that a support thread is not going to address.

The issues exist in the absence of any other plugins.

• This reply was modified 2 years, 3 months ago by wordcrunch.

Oh dear me, I’m so sorry, this was definitely a different “all-in-one” plugin! Changing to 5 stars for patience and so forth

Well if it helps here are some of the items I think need to be addressed:
– list features that are available and more importantly features that are *not* available in the free version versus the paid version on the plugin page so that people don’t have to waste time installing, configuring and testing the plugin just to discover that the needed capabilities are unavailable.
– Add an option for “all/unspecified/default” so that if new roles are created, they can adopt the permissions that have been set up instead of being unrestricted, since it’s highly likely that the dev adding the role will know to even check such a thing.

Yes, I have only reviewed plugins that are defective in some way. This is irrelevant, but if you are suggesting that I only have hate in my heart or something, so be it. Perhaps you might derive some satisfaction from the knowledge that for plugins that are good, instead of wasting time echoing what others have said I use them, recommend them to clients, and pay for the premium versions.

Ok. Perhaps I jumped the gun, it felt like there was no way to get any kind of support – others working on the project have tried in the past to no avail but I don’t have their exact support request history. I’ll remove the review. Thanks for getting back to me!

I’m not getting the error, but is nobody concerned that the authenticity cannot be verified? Why is the authenticity not verifiable. Super sus.

In our use case we don’t need those things. It would be lovely if there were an option that did not require the API key. From the plugin description, it sounded like the purpose was to allow a youtube video to replace the “featured image” in a post.

• This reply was modified 4 years, 6 months ago by wordcrunch.

Could just use the embed uri…

Just a note in case others run into issues with placing this filter in the wp-config.php file – you have to put it at the end (after the line below) for it to work (filters need WordPress loaded first).

require_once( ABSPATH . 'wp-settings.php' );

Thanks again @carike

@carike Spectacular. Thank you!!

I sent this email as soon as I saw your reply… Not sure why you didn’t get it, I didn’t get a bounce notice.

In any case (and for others who encounter this issue) I’ve added a script to replace $_SERVER[“REMOTE_ADDR”] with Cloudflare’s $_SERVER[“HTTP_CF_CONNECTING_IP”] and auto-prepended via .htaccess.

There are other bugs in Wordfence that this issue has revealed:

1. Wordfence should be using the stored home or site_url string rather than the email domain to generate the reset link. This seems like a pretty obvious bug that shouldn’t require any further diagnostic information.

2. Regarding https in the link, maybe checking the request uri protocol and matching that if it is https is the better way. Many sites force upgrade via HSTS or other dns-based techniques and the stored site_url & home options won’t be authoritative in these cases.

Furthermore, the reset email links are all messed up – the link is for a domain that is based on the send domain (different from the actual site domain – we use email.mg.mydomain.com since all email is routed through Mailgun – this is not uncommon, email should never be hosted on the same domain as a website! So the reset link is https://email.mg.mydomain.com/blablabla which is not a location that exists. Also why not https? http is not a protocol that is allowed due to HSTS.

Then, after correcting the link manually it does not work. Instead, I get a Not Found error:

Not Found
The requested URL /c/eJxVTktuwyAQPQ1eIhgYsBcsUrmWuqjUG1QwQLESmyg4inL7kk2lSm_1_tFpb62yw-pAgBAgUSBOCFxyO8_GIL5NYBfzbgTTYvvh7bpSaiVFTnUbihuNJUSfYAxGBk05SwUx54hektbjcHHlOK6NqRODpeNfwYtSy_cjt8zUfN8vlc4n6npjYM7p2UmjbQgBvTCGpLcRRxREMoGKhJOAbsz3nf7in8-Pr-HmHvUWc9opcR-3de_nS62ltuM1-wsKekrZ was not found on this server.

I am currently unable to access the site except by logging in via ssh. Not that this provides a practical path to a solution…

Plz halp! So broken…

• This reply was modified 4 years, 9 months ago by wordcrunch.

Lol OMG of course! Thank you thank you thank you thank you thank you!

# BEGIN WordPress
# The directives (lines) between BEGIN WordPress and END WordPress are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
# END WordPress
# Wordfence WAF
<IfModule mod_php5.c>
php_value auto_prepend_file ‘/path_to_public_html/wordfence-waf.php’
</IfModule>
<IfModule mod_php7.c>
php_value auto_prepend_file ‘/path_to_public_html/wordfence-waf.php’
</IfModule>
<Files “.user.ini”>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF