P3air

Our contributions to open-source are that we risk to test plugins in a LIFE environment and give limited feedback.

By outing us in using certain plugins AND contributing even in the smallest amount of feedback we have a significant increase in hacking attacks towards our main site, i.e yesterday alone we had 60.000+ hits with brute force. In other words: Vicious wp coder are monitoring very closely forums and posts like this to skim off any useful and valuable information. We do not intend to make their ‘trophy list’.

Plugins which we SUCCESSFULLY use over a certain period of time will receive good reviews and donations.

To all who are not satisfied with the details our feedback we are sorry, but that’s all what you get.

We’ve found a free plugin which fits our needs. It is successful implemented since several months. To respect the effort of the author of this particular plugin we won’t mention it here.

Good luck guys

check your wordpress cache (W3TC, Quick Cache, Supercache, …); if installed, you should exclude your docs/files;
check your wordpress theme – certain themes run their elements (and pages) within an ‘internal’ cache

$.02

you need to insert maxsize=”200″ into your shortcode. plugin is obviously restricted to 50MB (by default)

took us days to find THAT out …

nice plugin, but lousy documentation …

it’s a nice little plugin and who’s using it and is happy with it, so be it. BUT: your plugin does NOT protect against BRUTE force attacks – just because you create a Q&A doesn’t make it suitable –

mdSuess we hate to rain on to your parade, but you need to put your Kool-Aid aside and grow up. You have zero understanding what the real problem with this plugin is.

So, to give you guys a quick heads-up: Most of brute force attacks are jQuery driven: every 2 sec. a bounce against login/database. These attacks do not trigger the wp-login.php – they come direct … Unless the hacker is an idiot and types in the password 3256 times into wp-login.php and hits enter – your plugin will not recognize the attack.

That may give you a clue where your fundamental flaw in your plugin is.

As we said in the beginning; It’s a cool little plugin and who’s using it and feels protected with it, great – if you run a serious site, don’t use it. It gives you a false sense of protection.

Our $0.02 – PEACE

no biggie – but also no cigar “:-{

plugin doesn’t show an error message anymore although it isn’t generating pictures either

such a nifty idea, such a bummer

Dropping names doesn’t mean it doesn’t happen. BIG names (a.k.a. Fortune 500) are often the worst offenders.

The fact remains that since we’ve deactivated the plugin our ‘spam-traffic’ has significantly decreased.

excellent find!

we had similar issues in a NGINX environment. We ended up in a ‘death-loop’ (redirect)

sorry – no
it would give any attacker an architectural background of our site.

Despite all settings attacker were still able to bounce off 80+ tries before we had to interfere manually. We think these attacks are cookie/jquery related since timing is very consistent and precise.

we found, that the culprit for this issue is/was the file

jquery-1.6.3.min.js

It didn’t play well with W3TC and GravityForms. Enabling the ‘non-conflict’ mode in GF did the trick for us.

Hope that helps

deactivate ADMINER

that did it for us

actually – NOT

‘gray’ is a no-show

I don’t have the resources to dig in deeper this week. Plugin just stops after downloading and doesn’t make the final jump into ‘installed plugins’ universe.

We run +60 plugins on our site and they all are just doing well, except for this one.

@ Curtis: please don’t give me the run-around. Our installation is just fine. If you want to do some investigation I have disabled site compression so you can have a relative clear php source:

https://www.p3air.com

plugin doesn’t finish to install – it stops after downloading in the installation process.

still broken

We’ve decided to drop the plugin/theme. Functionality and stability is a fraction of what can be achieved with better products for free.

Unfortunately your support is very, very limited and only available to (paid) members. We’ve spent quite an amount of manpower and therefor money into the evaluation of your product. Since your business-model is happening behind closed and PAID doors, we don’t feel comfort to participate and contribute significantly in your development for FREE.

Good luck.