Galfom

??

@gioni thank you very much for the reply. I was just assuming WordPress would have a sort of download handler built in but since it is WordPress I guess it makes sense that it hasn’t.

That obviously complicates this feature but maybe still wouldn’t make it impossible (though I really don’t know WordPress well enough to tell for sure). We would need to create a new download handler with that logic and forward all /uploads/ requests to it. But now next to the actual hardening feature logic we also would need to keep performance and security regarding file traversal in mind ourselves and also need to think about the best way to forward the requests (when we would rely on .htaccess it’s not compatible to nginx out of the box).

Probably that is too much trouble just for a feature like that, though it would also allow more download monitoring and access control for it.

Anyways, thanks for your effort with WP Cerber in general ??

Hmmm, pretty much like stated above. So it should be easy to reproduce: Enabling the option Anonymize IP Addresses will cause all IPv6 visits while this option is active to be tracked as a single .0-IP (while the IPv4 show up as 255.255.255.0) and no other IPv6 are tracked. What I would expect from that option is that IPv6 are reduced to something like ffff:ffff:ffff:ffff:0 instead.

If it’s not so easy to reproduce I fear I cannot help much further since it may be something specific for our installation in that case (though I would guess that in this case only plugin logic is involved).

• This reply was modified 3 years, 2 months ago by Galfom. Reason: mardown

@vmarko I assume this fix introduced the problem stated in https://www.ads-software.com/support/topic/blocked-cache-directory-from-google-bots-triggering-mobile-friendliness-issue/ as well as a lot of other bugs.

Speaking from a bit more experience my advice would be to stay away from robots.txt unless you really know what you are doing. There is a reason why the robots.txt on bigger sites (even those with WordPress) often has a complexity of some hundreds of lines.
If you absolutely must touch it, you at least should allow users to customize easily what is added by your plugin and just give a default.

But that’s just my two cent and no complain since your plugin still does a great job with a fair pricing model ??

See https://www.ads-software.com/support/topic/robots-txt-cache-directory/ for a quick fix (basically chmod 444 robots.txt).

For a temporary fix you can write protect the file (see https://www.ads-software.com/support/topic/blocked-cache-directory-from-google-bots-triggering-mobile-friendliness-issue/). That worked in our case. So chmod 444 robots.txt after you changed it manually to your needs. The W3C Dashboard will now give you an error that it couldn’t complete actions but in this case this actually tells you that the wirte protection is working ??

This is heavy. Over the last two days we got the mobile unfriendly red flag from Google for everything there is on our multi site network (so hundreds of thousands of pages). Not sure about the actual rating impact but I assume it will not be lightly ??

The problem was easy to trace back. The robots.txt now has a

# BEGIN W3TC ROBOTS
User-agent: *
Disallow: /wp-content/cache/
# END W3TC ROBOTS

statement. That effectively blocks most .css (including the important files from wp-content/cache/minify).

In our case the statement was added on 2021-09-03 00:06:10 (I assume somewhen around this time there was a plugin update?).

Quickfix obviously is to change that back from hand, write protect it and bulk inform Google via the Search Console that the issues have been fixed. (I couldn’t find a way to change/fix it via plugin settings but I haven’t looked long.)

If you convert all images similarly, only the new images are converted. Therefore, I do not see any possibility for such a process to take several hours.

Ohhh, indeed! I was “scared” to hit the button since I expected it to take at least as long as the first time but I didn’t actually try it. I just did now and it really seemed that it only went through the new sites and images in just one or two minutes ?? (Though the ones in question where not included, so I guess this means the author has to do manual optimization here since WebP can’t help.)

So, this makes this feature next to irrelevant. If anything you might change the statement “This operation should be performed only once after installing the plugin.” since mainly that was keeping me from using the button ??

I am amazed by the non existent quality of OP’s report on the one hand and the seriousness the OP seems to have on the other hand.

We did not know and possibly will never know how many sales lost due to customer being blocked out

Let me rephrase this for the OP:
> I did not know that when you sell stuff on the internet at least some very basic technical knowledge could be useful. Possibly I will never acquire any such knowledge. I demand that you make it so that I don’t need it and I can keep my few hundert bucks sales on a daily basis (this is a big and mighty e-commerce site, no?) up without a headache!!!1

Comedy gold.

Btw, my post has no added value what so ever. I just hope @gioni and other possible contributors to this plugin also have some fun time with reviews like this and don’t get discouraged from a 1-star rating >D

@mailpoet thanks for the decent answer that suits a thread ranking #1 on Google for this topic already better than the previous ones.

Regarding your first point: This is true and never was in disputed. Still my client in question is/was working at the subscriber limit of MailPoet and reached a total amount of outbound mails per week where I prohibit him from further sending mails which are not conform to common bulk guidelines. I guess this is logical for everybody who cares about the reputation of his sending infrastructure.

As these guidelines are not too hard to meet I don’t really see a problem here even if you only have a small team if you know what you are doing. If you are trying to improve things in v3 I’d like to encourage you to also add the Precedence: bulk and List-ID: ID header (if you haven’t already), again it’s really not that hard.

Regarding the general topic on Freemium models and me being a little salty in this conversation. I totally see the benefits of this concept and there are a lot of good products which use it. However I sometimes have the feeling they lack a certain quality as their development process seems to me like this: 1) Some guys who can code a little meet and want to do a yet-another-software project but better. 2) As they cannot compete with the professional solutions on the market they start of as free software. 3) Because they are free and really do things better (most times regarding UX) they get users. 4) They now want to earn something as well and start to offer premium models ranging in the same price range as the previous available professional solutions but are still somewhat stuck on the technical niveau from step 1) of “can code a little”.
And now the evil consultant / system house guy comes and tells his client to switch to another solution as even the pro version of the client’s beloved free software will not do.

But at least I tried and from the looks of it you are trying, too, so maybe future users will get happy.

PS: And obviously my client’s requirements cannot be met anymore with “really cheap, if not free” solutions and if clients would listen to me in the beginning they wouldn’t even start with Freemium if it’s likely they exceed the limits within one year – with one exception in the newsletter segment which I will not call to at least keep this free of competitor advertisement ??

@wysija I don’t but one of my clients – who will now obviously not get the pro version of your plugin.
And interesting that you now resort to sarcastic comments instead of staying on topic… I hope this works out for you.

@wysija (and @sleepbear @leopard-lady @galfom fyi)

the whole List-Unsubscribe thing is way more complex than just adding the unsubscribe URL to the email header

…

This should be implemented on the sender level.

No it’s not and the List-Unsubscribe header has nothing to do with the sender level (how should the technical sender know the unsub link or list id?). What has to be done on sender level is DKIM signing and having a DNS setup with valid SPF, DKIM pub key and DMARC records so that the mails pass all these test. But every decent third party mail provider (and even really cheap webspace provider) have this nowadays.

If you are saying otherwise and are even so bold to claim it would only be possible with your own sending service than this is a really cheap marketing scheme to get people to pay even more for your already expensive plugin. Not to mention that it really shows the low expertise you seem to have which disqualifies MailPoet for professional use.

Oh and by the way, I was able to make MailPoet mails compliant to all guidelines mentioned here https://support.google.com/mail/answer/81126#unsub (you should read it too, maybe you’ll learn something) in under 5 minutes by just hacking in about 3 lines around line 970 in wysija-newsletters/inc/phpmailer/class.phpmailer.php. If you wanted to and gave it a little more time I’m sure you could do it nicely in your code without modding PHPMailer directly.

@wysija @sleepbear and @leopard-lady this is far from beeing a false positive. Just look at the full source code of any e-mail from Mailpoet.

The List-Unsubscribe: <<em>Unsubscribe-URL</em>> header is simply not existent!

This makes mailings from Mailpoet not compliant with the bulk sender guidelines from Google or any other big provider and effectively reduces the acceptance rate as well as reducing the sending mail servers reputation.
Considering this guidelines are around for over 10 years or so and even the most real spam complies with them this is a really bad habit for a plugin that also has an extremely high priced pro version suggest the people maintaining it at least know the basics about their field of work ??

And speaking of it a Precedence: bulk header is missing as well…

@homerecords your review is useless. Please make a point.