barthat
Forum Replies Created
-
Forum: Plugins
In reply to: [Cloudflare] Too many redirects with 1.3.20I fixed the redirect issue by changing the site url from https to http.
However I still have problem with RSS feeds that are used in site widgets. The error I get is
RSS Error: WP HTTP Error: name lookup timed outI just noticed a typo in my original post
My site is not accessed via https:\\mydomain.com
should be
My site is accessed via https:\\mydomain.com
Oh, and previously my site was at www so it indeed could be some kind of caching related issue.
Yes, by the way re caching I have /had Cloudflare caching disabled on the wp-admin pages just in case you were wondering.
I did notice that the WP-Piwik connection wasn’t working normally e.g. I’d got into the tab to check the tracking code and there was none there. But if I went to another tab in WP-Piwik and back again the tracking code appeared. I never thought to check the auth token.
I think I may have found the problem. Your mention of auth token led me to it. I have recently moved webhost (at same time I started using Cloudflare) and it seems that in the process the auth token has changed. WP-Piwik was showing that I was connected even though the auth token in WP-Piwik was different to what was now displayed in Piwik / API.
When I check the url using the correct auth token the tracking code returned does not contain www. I have just tested from a browser with DNT disabled from an unknown IP (to Piwik) and it seems to working ok now.
Thanks for your help.
Forum: Plugins
In reply to: [Cloudflare] Problems with FS Contact Form and BPS PluginsI am please to report that my problem 1 above is now fixed. I noticed others were also reporting problems with the WP-SMTP mail plugin that I was using and after I installed and configured the Postman SMTP plugin instead mail is now sent ok.
Postman SMTP is an extremely well designed plugin that supports OAuth 2.0.
https://ww.wp.xz.cn/plugins/postman-smtp/(I have no connection with this plugin – I was just very impressed).
Forum: Plugins
In reply to: [Connect Matomo - Analytics Dashboard for WordPress] 'idSite=' is missingWhen I disable caching in WP-Piwik the tracking code window shows the tracking code correctly. However the ID is still “-“. Apart from that as far as I can see WP-Piwik is working correctly now.
By the way I am also using Autoptimize and WP Super Cache (with Preload).
Thanks.
Forum: Plugins
In reply to: [Connect Matomo - Analytics Dashboard for WordPress] 'idSite=' is missingHere it is…
ID Title URL Site ID (Piwik) - Site http://www.site.com 1Thanks!
Forum: Plugins
In reply to: [Connect Matomo - Analytics Dashboard for WordPress] Content Security PolicyThe idea behind CSP is to prevent content injection attacks such as XSS. I think it will become more important for security concious web sites to implement as the main stream browsers now support it.
I get two inline violations in relation to Piwik
1) script-src related
– I don’t know how your plugin inserts the tracking code, but the end result is inline script which is not allowed with Content-Security-Policy (without unsafe-eval which defeats the whole purpose) (see http://www.w3.org/TR/CSP11/#directive-script-src )2) style-src related
For Piwik users that use the image tracking method there is also inline style violation<noscript><p><img src="http://www.mypiwik.mydomain.com/js/?idsite=1" style="border:0;" alt="" /></p></noscript>For further background http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
I am not a developer but I see three options to fix the violations
1) load the relevant code using src= from a location which can be white listed in the script-src source-list e.g. the piwik install domain or the website domain.
2) add a nonce http://www.w3.org/TR/CSP11/#script-src-nonce-usage to the inlined script
3) add a hash http://www.w3.org/TR/CSP11/#script-src-hash-usage to the inlined script
I imagine option 1 is the easiest but then again I am not a developer. 🙂
Forum: Plugins
In reply to: [WP DB Driver] Character set wrongI was also having the same problem and the latest GitHub version fixes it.
Forum: Plugins
In reply to: PHP Warning – how to find cause?Unfortunately WP Super Cache debug did not reveal anything suspicious.
Forum: Plugins
In reply to: PHP Warning – how to find cause?It looks like this warning is caused by wp-super-cache.
When I inititate a cache preload I can see these warnings in the php log.
I will see what I can find with wp-super-cache debig enabled.
Forum: Plugins
In reply to: [Autoptimize] JavaScript Debugging Statements in js?Hi Frank,
It seems to be jquery.migrate.min
This was the url flagged by zoompf once I had disabled javascript optimization in Autoptimize.
mydomain.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
From what I have read it looks like this was included in WP3.6 to help developers debug their code. I don’t quite understand why it’s still being called in WP3.7.1 but then again I am not a developer.
Is this something Autoptimize can help with e.g. an option to remove jquery.migrate altogether?
Or is this something I should flag elsewhere?
Thanks.
Forum: Plugins
In reply to: [Autoptimize] Expires/Max Age compatibility with SuperCacheI wasn’t sure where to post this comment, but I just came across the issue that both you and the OP identified with Super Cache.
I don’t know if you noticed it but there is also a 3 second ExpoiresByType at the end of the htaccess generated in the Super Cache cache folder.
# BEGIN supercache <IfModule mod_mime.c> <FilesMatch "\.html\.gz$"> ForceType text/html FileETag None </FilesMatch> AddEncoding gzip .gz AddType text/html .gz </IfModule> <IfModule mod_deflate.c> SetEnvIfNoCase Request_URI \.gz$ no-gzip </IfModule> <IfModule mod_headers.c> Header set Vary "Accept-Encoding, Cookie" Header set Cache-Control 'max-age=3, must-revalidate' </IfModule> <IfModule mod_expires.c> ExpiresActive On ExpiresByType text/html A3 </IfModule> # END supercacheShouldn’t that be changed to 3600 also?
Forum: Plugins
In reply to: [Autoptimize] JavaScript Debugging Statements in js?Hi Frank,
OK – I’ll check that. I have very little js in use so hopefully that should be easy to track down.
Cheers.
Forum: Plugins
In reply to: [Google Authenticator] Is action on failed login safe?Yes, given that WP have the failed login ‘shake’ they don’t seem to think this is a security issue which is baffling to me.
Would it be difficult for you to make this as an option so they people can choose for themselves?
Thanks.