Plugin works great and has great support!

Hi Lee,

I hope you’re doing well. This is a reply to both this review and the support entry you’ve posted here.

The scenario you’re describing is unprecedented with The SEO Framework; I’ll explain why.

No file writing, ever.
First and foremost, I want to stress that this plugin does not write or modify files in any way directly.
This plugin is written according to the highest PHP coding standards, and even WordPress.com VIP coding standards — which inherently and explicitly forbids file (system) writing.

This plugin is built with WordPress MultiSite, programmers and other professionals in mind: I do not want anything unexpected to happen. This plugin will not leave any notable changes upon deactivation.
Because of this added complexity, all changes to the site are explicitly listed within our API and on the SEO Options page. I also expect the user to know how their site works.

Also, because of great security concerns and my own principles, all modifications for the URL rewrite system are done through solely the WordPress Rewrite functionality.

The scenario you’re explaining is therefore and fortunately impossible with The SEO Framework.

All modifications done anywhere on the file system are either done by WordPress Core, a bad theme (themes may not write) or other plugins.

In fact, the only thing The SEO Framework touches is the front-end HTML header, some admin visuals and admin pages, the virtual robots.txt file and an added rewrite entry for the virtual sitemap.xml file. None of which are achieved through file writing.

Open Source – Peer Reviewed
All the code of The SEO Framework is open source, feel free to check it out to determine if your statements are in fact correct.

Other plugins can and do write
I believe the fact that you’ve disabled Yoast SEO (plus having a bad plugin active) could’ve wiped your .htaccess file.
a) It has an admin-side file editor.
b) Here it is in action.

The key functions are fopen(), fwrite() and fclose().
Please note that Yoast SEO does not wipe or change the file on deactivation; but other plugins might upon detecting its absence.

Protect your files!
Nevertheless, please understand that websites are fragile and very prone to hacking and coding mistakes.
It’s best to keep a daily backup at all times, and if anything out of the ordinary happens it’s best to first ask for (expert) advice and support.

Also, always keep in mind that very important files like .htaccess and wp-config.php should be protected from access through code.
Please see the following WordPress codex entry for more information: Hardening WordPress – File Permissions.

Can you replicate this issue?
When you encounter any bug, please see if you can replicate it by following some steps. This will greatly help the developers and other users seeing if this issue is true; and not by some fluke.

For example:

1. Deactivate The SEO Framework and other plugins under suspicion.
2. Add some stuff to your .htaccess file.
3. Activate The SEO Framework.
4. Fiddle around with some settings, visit some pages, etc.
5. Confirm the bug or issue.

I believe this would yield no results.

I really do understand that you’ve encountered unfortunate issues, and I am sorry to hear that. But I believe the link on this topic laid is incorrect.

I hope this clears things up. And if you need any help in the future, feel free to contact me through a support ticket; I’d be happy to help out ??

Have a wonderful weekend!

Sybre,

Thanks for your detailed response and information. While you describe this scenario as impossible, it is fact that GIT shows the file .htaccess as dirty only when enabling this plugin. I have installed other plugins just fine and WordPress is up to date without any issues.

I have tried this multiple times just to be sure, but if my GIT history is completely clean and up to date with remote, as soon as I enable The SEO Framework, my .htaccess file is dirty with GIT showing that all of my lines outside of the default WordPress .htaccess file are being removed. Therefore, I have to check it out again. When enabling this plugin and deploying to AWS, it wipes the remote htaccess file as well.

I understand what you are saying, but I feel there must be some reason why ONLY THIS PLUGIN is doing that. Even if Core WordPress is doing this when enabling your plugin, I think it’s still an issue with your plugin because WordPress just doesn’t do that with other plugins.

Lee

Hello Lee,

Thank you so much for getting back to me!

The information you gave is clear, and it lead me to this issue:

1. The SEO Framework flushes rewrite rules on plugin (de-)activation.
2. When it does that, it uses this functionality.
3. While doing so, the $hard parameter is used, together with WP_Rewrite::init(). This evidently allows WordPress to rewrite .htaccess with a clean slate.

Luckily, this mistake doesn’t happen as often (as said: unprecedented), because almost always .htaccess is protected against overwriting (as it should be!).

I’ll make sure to fix this mistake in the upcoming update. I’ll keep you posted.

Once more, have a wonderful day! Cheers ??

• This reply was modified 8 years, 3 months ago by Sybre Waaijer.
• This reply was modified 8 years, 3 months ago by Sybre Waaijer. Reason: typo

Hello @romanempiredesign,

I believe 2.7.1 should fix this issue. If this is not the case, please let me know!

Hi Sybre,

Thanks again for the updates. I agree, htaccess should be locked down where applicable, but we do actually need some things to write to htaccess for marketing, such as the SEO guy implementing redirects without technical know-how. Yes, we could implement an .rb file to dynamically write htaccess at the boot of EC2s, but I think it’s overkill for what we’re doing, especially when we could just use a plugin that isn’t the odd man out and overwrites htaccess.

However, I really appreciate you looking into this and acting so quickly about it. I’m going to download the new version and test it out. I’ll let you know how it looks and modify my review accordingly. ??

Thanks,

Lee