Post View 2.01 Causes Security Check error in WP

@dipakparmar443
While I know you have the best of intentions, it’s forum policy that you not ask users for admin or server access. Users on the forums aren’t your customers, they’re your open source collaborators, and requesting that kind of access can put you and them at high risk.

If they are paying customers (such as people who bought a premium service/product from you) then by all means, direct them to your official customer support system. But in all other cases, you need to help them here on the forums.

Thankfully are other ways to get information you need:


Ask the user to install the Health Check plugin and get the data that way.
Ask for a link to the https://pastebin.com/ or https://gist.github.com log of the user’s web server error log.
Ask the user to create and post a link to their phpinfo(); output.
Walk the user through enabling WP_DEBUG and how to log that output to a file and how to share that file.
Walk the user through basic troubleshooting steps such and disabling all other plugins, clear their cache and cookies and try again (the Health Check plugin can do this without impacting any site vistors).
Ask the user for the step-by-step directions on how they can reproduce the problem.


You get the idea.

We know volunteer support is not easy, and this guideline can feel needlessly restrictive. It’s actually there to protect you as much as end users. Should their site be hacked or have any issues after you accessed it, you could be held legally liable for damages. In addition, it’s difficult for end users to know the difference between helpful developers and people with malicious intentions. Because of that, we rely on plugin developers and long-standing volunteers (like you) to help us and uphold this particular guideline.

When you help users here and in public, you also help the next person with the same problem. They’ll be able to read the debugging and solution and educate themselves. That’s how we get the next generation of developers.

Hello @dipakparmar443,

I have the same problem on the websites I use the plugin on. I had a peek at the code and I think I found what could be the issue.

The website displays “Security check” as a message, just like if the execution had ended in a die("Security check"); instruction.

This could come from different places in the code, but the most probable is the ngd_hits_column_orderby function in the add-post-column.php file. This is called on the request hook, which is used even on public pages. In this function, the plugin makes a check for the current user to have manage_options privileges (which obviously the user does not have if they’re not even logged in), resulting in “Security check” message for unauthorized users.

I tried altering the code on my test website, changing :

if ( !current_user_can('manage_options'))
{
  die( __( 'Security check.', 'wp-simple-post-view' ) );
  return;
}

To :

if (!current_user_can( 'manage_options'))
{
  return $vars;
}

Seems like it did the trick for me.

Other possible sources of this message are the wp-simple-post-view.php file and the uninstall.php, the last one being very unlikely in this case.

Hope this helps, have a nice one !

Hello @maelimhof @jyllstuart,

Issue fixed please update the plugin 2.0.2.

Thanks !!!

• This reply was modified 9 months, 3 weeks ago by Dipak Parmar.

@maelimhof – thank you for your troubleshooting!

@dipakparmar443 thank you for your quick fix!

Loving this plugin!

Thank you ??