Paul
Forum Replies Created
-
Can you try deleting and reinstalling the plugin, perhaps all the files didn’t copy over during install…
I’d need to know the plugin and what changes were made.
Also, we primarily provide technical support to our premium members, so while you can provide these details of the changes, we make no committments to if/when any changes will be made.
This is our final response to this review post – please post any further technical questions to the wp.org forums and we’ll address questions there.
Great, glad you found the problem! ??
Thanks for sharing this, we’ll take a look for our next release.
Shield doesn’t have any direct mitigations for scrapers like you’re describing, but if you notice anything similar about the requests, such as their user-agents, for example, you could create custom security rules for them.
If you don’t want to go down that route, you could try implementing some rate limiting on the site to slow them down and when they exceed the limits, ultimately they’ll be blocked.
These are all premium features, however and not available/supported in the free version at this time. We can’t discuss ShieldPRO here on these forum, but if you’d like to consider supporting our work, you can do this here.
Page caching caches output of content from the site. If you cache the output of content from the site, then it doesn’t matter what other plugins, like Shield, do. The content is cached, so you get the cached output. This is the problem with page caching, not Shield. Shield uses directives to prevent pages being cached… some caching systems honour it, some don’t.
Over the longer term this will become less of an issue. As you use Shield more, you’ll monitor the Activity Log and see why IP addresses are being blocked – particularly if visitors report this to you. You can see what exactly is being triggered in the plugin and tweak/adjust the Shield settings to reduce the likelihood of this happening. The Activity Log will show you everything you need to know about why a visitor is blocked. We’ve made the Log very comprehensive to ensure admins have all the information they need.
If you upgrade, for example, you’ll be able to offer legitimate visitors & users the ability to automatically unblock themselves. We cannot discuss ShieldPRO or upgrading options on the wp.org forums, however. If you want to reach out to us to discuss that further and get more information, a good place to start would be our Facebook group.
this plugin has no known issues with PHP up to 8.3
The only way you’ll know what is really going on is if you look at the errors in your PHP error log. If you can find those and report them to us we can help.
If you wanted to report a bug, you’d report a bug first. If you wanted to publicly denigrate a perfectly good product you’d leave a 1 star review before engaging with the developer.
We also don’t fix or address bug reports with the threat/reward of 1/5-star reviews.
Best of luck with finding a solution out there that meets your needs, sorry that Shield isn’t it.
To anyone reading this review, this is not a “review”. This is a malicious attempt to denegrate our security plugin by somebody who has no intention of making the world of WordPress a better place.
They take a plugin that is 100% free, try to “test” it, encounter what they think is a bug and immedately leave a 1-star review.
They then then state, disingenuously, that “Too bad there is no way to write a direct message as only pro users support is available which limits such reporting with screenshots” – this reveals their underlying malicious intent to do nothing other than leave a negative review (otherwise they’d have left a post in the forums).
Anyone that looks at the www.ads-software.com support forum for our plugin will immediately see that we answer nearly all support questions that are posted there – especially those that report bugs, as this review purports to be doing. So to say that you can’t leave us a message about a “bug” is a plain falsehood.
I wish that these sorts of people would try plugins on the repository, and if they don’t appear to work as they expect, leave a question in the forums, or just remove the plugin and move on. Instead they feel justified, somehow, to instantly resort to a 1-star review. This behaviour speaks far more to their character than of our plugin and the hard work that our team does to provide a powerful security plugin for free.
We welcome anyone to try Shield Security and if you spot a bug, please leave us a post in the forums, we’re always on-hand to help out.
I laid out the reason why you’re getting the wrong IP at the start of my previous post. Please have a re-read of that and the helpdesk article I provided.
The problem is how Shield is detecting IP addresses. Webhosts are often not configured optimally to provide the correct visitor IP address to the PHP subsystem.
Shield offers ways to manual set this as well as automated methods to do this for you, wherever possible. It looks like you’ll need manual intervention for your server.
Please see the helpdesk article here that explains this:
https://help.getshieldsecurity.com/article/391-understanding-visitor-ip-address-detectionUse the forceoff technique to regain access.
However, if you’re using Page Caching, everything that I’ve just said might be invalid and what you’re in-fact seeing are cached pages for people/bots who have been blocked.
If that’s the case, forceoff probably won’t work for you. You’ll want to disable your page caching plugin (rename the caching plugin folder if you don’t have wp-cli).
Shield setups up directives to not cache pages when an IP address is blocked, though these aren’t standardised in WordPress. But not all caching plugins adhere to that. Perhaphs try other page caching plugins.
Thanks for letting us know! We’ll see if we can mitigate this for a future release – it won’t cause any issues for your normal site visitors.
You are correct that login attempts blocking isn’t part of the blocks that fall under the “firewall module“. Please look under Config > Firewall for details of options that pertain directly to the firewall module.
Please search for event
Firewall Block
on the Activity Log table using the event search filter.It’s completely wasteful and impractical to send emails every time something like a failed login occurs on a site.
If you need any further support for Shield Security, please consider upgrading your membership here. We offer priority support to members that support our work.
If you don’t want to do that, you can search our helpdesk for more information.
I think from what you’re saying there is some confusion. Shield doesn’t send an email when an IP address is blocked. Emails are only sent when Firewall block is enforced. This is explained here:
https://help.getshieldsecurity.com/article/334-firewall-block-response-options-explanations
Emails are only sent for very specific events. This is an option within Shield that goes back many years, so we’ve left it as is because some members like it. But we don’t send emails when IP addresses are added to the blocklist and the user sees a block page.
This is why I asked you to check the Activity Log. Please send us a screenshot of your activity log for a Firewall event.