wigster
Forum Replies Created
-
You’re clueless Bill, sorry. It is this type of dangerous self belief and overestimations of your own abilities that creates issues, as you force your opinionated codebase on unaware downloaders of your plugin.
Any dev worth their salt in security would understand that adding so much bloat, which just creates a massive security risk in itself, to a plugin with a simple task is not a suitable path to take.
I repeat, AGAIN—AND FOR THE LAST TIME, YOU SHOULD NOT BE ADDING SO MUCH (potentially dangeous) CODE TO A PLUGIN WITH A SINGLE PURPOSE. I hope that’s clear this time.
Caio.Hi Bill,
Unfortunately your retorts have only enforced my 1 star review.
This plugin should do one thing only; disable gutenberg widgets.
In fact, to disable gutenberg widgets and enforce classic widgets is a very simple 2 lines of code job:add_filter('gutenberg_use_widgets_block_editor', '__return_false');
add_filter('use_widgets_block_editor', '__return_false');
Your plugin is bordering on bloatware.
Again, whilst I appreciate your attempts at adding your opinionated views of security and “anti hacker” coding—you are not an expert in this field. These kinds of security practices and errors should be left to dedicated plugins.
In fact, you’ve raised further potential security issues in your attempts. I’ve had a quick look over the codebase, and I’m actually quite concerned over the coding used. You’re missing many nonce and administrator privilege checks, you’ve got thousands of lines of spurious code added to a plugin, that should be doing 1 simple job.
I really don’t mean to be harsh, however, your lack of ownership or understanding of my direction is clear to me this plugin is not fit for purpose.
I would like to offer you this quote that’s many years old, when it comes to authoring plugins that seems relevant, by Daniel Auener:
“WordPress plugin best practices no. 3: A plugin does what it has to do, nothing more”
Again, the crux of my review is simple: it is not clear to users that this plugin will be doing a whole lot of more of irrelevant (to the task at hand) extra coding and miscellaneous file installations—bordering on dangerous due to the multitude of files and lines of code added.Thanks for the reply Bill, I understand the intent, and it’s from a well meaning place, but the concern isn’t whether cyber threats exist, it’s scope and responsibility. If every plugin justified adding its own Site Health scanner on the basis that the security landscape is dangerous, the WordPress admin would quickly become unusable. That’s precisely why WordPress has a core Site Health system and why security, performance, and monitoring are typically handled by dedicated tools chosen intentionally by site owners, not bundled into unrelated plugins.
A plugin whose purpose is restoring classic widgets is not a security or site-monitoring plugin. Making such functionality non-optional — especially when it surfaces large red warnings — creates unnecessary confusion and anxiety for users and clients. Opt-in would be reasonable; forced alerts are not. Plugin ethics are as much about restraint as capability, and this still feels like an overstep beyond the plugin’s intended lane.
Forum: Plugins
In reply to: [Visual Website Optimizer] Version 4.6 Causes Debug log to display on WebsiteI too found this to be an issue.
We have VWO set to auto-update, 4.6 resulted in the website showing debug logs which is not ideal.
It seems as though the developers of this plugin left this line of code:ini_set("display_errors",1);
On line 2 of this file:woocommerce-events.phpUpgrading/updating to v4.7 of the VWO plugin correctly removes this line of code.
Hi @clitopwebsite – I’ve added extra functionality, if you know a little bit of code you can now add your own names/email domains to block:
https://ww.wp.xz.cn/plugins/block-specific-spam-woo-orders/#:~:text=How%20to%20Use%20Custom%20FiltersHi @jrevillini – I’ve added those features you requested:
You can now use optional filters to add your own names/email domains:
https://ww.wp.xz.cn/plugins/block-specific-spam-woo-orders/#will%20you%20keep%20this%20plugin%20updated%3F:~:text=How%20to%20Use%20Custom%20FiltersI do plan to add a way to customise / add custom emails in the future.
For the short term the main aim was to keep the plugin as clear and simple as possible, so as long as that aim can still be met, I plan on seeing what options I can code in, as quite a lot of people have requested this feature.Hi @digglikeseo — this plugin was already compatible, I’ve just released a plugin update (0.76) that confirms this, so you will now be able to activate/continue with WooCommercE HPOS after updating the plugin.
Thanks for the kind feedback.
A settings option has been suggested a couple of times. I definitely would like to add it one day, and do plan to, but it’s low priority—as the key focus is keeping the plugin as clean and simple as possible to avoid the main spam bots.
If required it is relatively easy to edit the plugin file to add your own list of emails to block.Hi @clitopwebsite
Thanks for the kind feedback.A settings option has been suggested a couple of times. I definitely would like to add it one day, and do plan to, but it’s low priority—as the key focus is keeping the plugin as clean and simple as possible to avoid the main spam bots.
If required it is relatively easy to edit the plugin file to add your own list of emails to block.Hey @ticubso — I’m seeing a lot of people with the same issues, in that the instructions aren’t super clear. as far as I’m aware there isn’t really a none developer way of fixing it so far.
I wrote up some of my findings/suggestions: https://guwii.com/fix-acf-pro-output-unfiltered-html/
If you managed to fix in a simpler way please let me know and I’ll update my article.Hi @tallmale — at the moment this plugin only blocks a key set of known spammers, there is no configuration to edit.
If they’re not confidential could you share the details of the spam orders? (name and/or email address). Potentially there’s a new string of attacks that this plugin could be updated to tackle.
Hi @catvetbeb,
I have updated the plugin (version 0.6) to now also block
fakemail.comemail addresses:
https://ww.wp.xz.cn/plugins/block-specific-spam-woo-orders/#developersThe plugin is meant to be a simple way to block common threats. I would like to add in the ability for users to add their own in the future—it’s on the to-do list, but would require quite a lot of work to develop.
Regards,
AlexHi @catvetbeb,
I have updated the plugin (version 0.6) to now also block
fakemail.comemail addresses:
https://ww.wp.xz.cn/plugins/block-specific-spam-woo-orders/#developersThe plugin is meant to be a simple way to block common threats. I would like to add in the ability for users to add their own in the future—it’s on the to-do list, but would require quite a lot of work to develop.
Regards,
Alex@all and @anghelemanuel99 – this is a significant issue with the latest version of the plugin. I think the developers of the plugin are already aware of it, I posted a temporary workaround/fix here:
https://ww.wp.xz.cn/support/topic/password-reset-error-10/#post-15954303