poppydev

I assume this not that important or anything to worry about? Just seems odd its been misplaced as an issue, or that someone can help me remove it if possible.

• This reply was modified 1 week, 4 days ago by poppydev.

Hi @hjogiupdraftplus,

Just thought I would update you. Changing this to 5 seemed to have worked. Something I should have tried before. Cannot think what would have caused it to stop working.

If it happens again will come back and share any log files, or what I changed to trigger it.

Regards

Hi @hjogiupdraftplus,

Sorry for the late reply. I have only one other plugin ‘Solid Security’ which has always been installed at the side of AIOS since first used on my sites. Even then I have had no issues. This plugin has the basic setups to allow two-step authentication by email and a few basic security setting that your plugin doesn’t offer out of the box.

I have changed the logout time to 5 minutes to see if it is triggered. I cannot think of anything else that would be causing this to stop.

Other sites with the same plugin setup work. I can only assume my .htaccess is playing up. Might delete it and allow all plugins to re-instate a clean one when I save permalinks. see if that helps.

Regards

I tried all that when updating the plugin to the latest version, and reverting back to the version before 5.0.0. I have disabled the plugin, purged cache in Cloudflare, then activated the plugin, connected it again and purged with no effect at all. I can only assume the plugin cache is conflicting with Cloudflare’s now that you have made it independent.

I will do some digging on a local build and leave the live as it is for now on v4.7.13 as it seems to be working fine on the back and front end when checking.

It might be I reset it and start again. Clean slate and just copy (rather then import) my setting to see if this helps.

Regards

Nope still getting issues. Had to revert back to v4.7.13. The only issue I am facing now is this when testing the plugin: I get a green tick followed with “undefined”. close.

The new version was causing issues with WP text editor and making it invisible (as others have reported).

I still get:

Unchecked runtime.lastError: The page keeping the extension port is moved into back/forward cache, so the message channel is closed (Possibly related. Doesn’t appear when using v.4.7.13).

and

background-redux-new.js:1
Uncaught (in promise) Error: No tab with id: 1278742656 (Which is another plugin that is probably conflicting somehow).

I am going to test on a local build first and leave the live on the version above (That seems to be working for now) and get back to you. Hopefully some bugs others are reporting are ironed out by then.

Regards

Hi @optimole and @frenchomatic, thank you for the feedback and a possible fix for the Cloudflare integration issue. I might wait on the plugin update.

@optimole is the issue with the js already been shared, or is this a new issue/bug that needs resolving?

Thanks.

Hi @hjogiupdraftplus just to add. I am still having issues with Firewall I.P’s as well. Is this fix now released in the latest version of the plugin or is their a time scale to when this fix will be pushed live?

Thanks

Hi @hjogiupdraftplus I haven’t yet updated the plugin from the attached above. Did we find a resolution in the end? it looks like another user has had a similar issue above but also had another error flagged after it fixed the Turnstile duplication. Is this something I need to amend based on my original fix that I shared?

Also if this hasn’t been released yet, is there a time scale to when this will be pushed in the next plugin update?

Thanks

Also having issues with Cloudflare intergration:

Getting this when testing:

Status

• Cloudflare integration has an issue.
• Disk Page Caching is functional.

All setting are the same and have been working fine since update.

I did notice the ‘Enable’ button stays in the ‘Disabled’ state when trying to activate. Maybe this is the cause.

• This reply was modified 2 months, 3 weeks ago by poppydev.

Hi @hjogiupdraftplus fantastic news. Glad you resolved it and look forward to the update to patch this small bug.

Regards

Hi @qilin2000 look at the fix I have put in place above. Tested now on five different websites and it removes any duplicate Turnstile captcha’s both on WP form plugins and WooCommerce forms etc, all working as expected.

Hopefully the developers will acknowledge my findings and assume its not Cloudflare on a global level and assume its how they call the API through their plugin. Others have fixed this issue by following Cloudflare’s API integration correctly, or at least through Cloudflare’s community, who have the knowledge to identify the issue and share how to resolve this simple fix.

Give it a go on a staging site first and test. If you are happy do this with your live site. In time the developers of the plugin will push this fix, or just wait on Cloudflare’s response into how to resolve it.

Either way it works for me and I am happy my customers can return to certain parts of the site with the confidence of security measures put into place that work. Never rely on Googles captcha v3 as its outdated and other methods are out there that do a better job, one being Cloudflare’s Tunrstile.

• This reply was modified 3 months, 1 week ago by poppydev.

Hi Team,

Ok there has been no real resolution from Cloudflare now for over a month, but the community that are reporting their issues with duplicate turnstile captchas have come up with a few solutions to fix this based on individual setups.

Because I didn’t want to move back to Google’s (outdated) captcha system, I looked at your code where the API is called here: plugins: all-in-one-wp-security-and-firewall: classes: wp-security-captcha.php and on line 320 you are using the onload=onloadCallback, where a user flags this as being the wrong way to call the API, and to fix it, use the following method: window.onloadTurnstileCallback. Or in your case window.onloadCallback based on your plugin setup.

So to narrow it down I changed this on line 320:

<script src='https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadCallback' async defer></script>

to

<script src='https://challenges.cloudflare.com/turnstile/v0/api.js?window.onloadCallback' async defer></script>

Which has fixed my issue on the WooCommerce login/signup form. Now it only shows one Turnstile captcha for each form, rather then having two.

The strange thing with this is all other forms i.e. WP login, plugin contact forms had one Turnstile Captcha. It was only the WooCommerce forms (that show the login/signup on the same page) that was showing four of them. Two for each form.

My change above has resolved this. Please do test on your side and push this if you are happy with the changes I have made. This (possible fix) was from this user on Cloudflare community: https://community.cloudflare.com/t/turnstile-ready-firing-twice/690171/15?u=darren22

• This reply was modified 3 months, 1 week ago by poppydev. Reason: updated the code to reflect the plugins call back functions
• This reply was modified 3 months, 1 week ago by poppydev.
• This reply was modified 3 months, 1 week ago by poppydev.

You’re welcome.

I can add one I.P for now which works fine and will wait on the fix.

Regards

Just to add to this, its doing it on other sites I have setup with the same I.P wildcards.

When checking both sites I noticed when trying to save that this error appears on search console:

TypeError: t.trigger is not a function
at f (jquery.blockUI.min.js:14:9083)

Which is a file that belongs to Woocommerce: /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js

This error in search console doesn’t appear anywhere else when adding/updating settings inside your plugin. It only appears when I try to add the I.P.s to Advance Settings under Firewall.

Now both of these sites have WooCommerce on them. I haven’t tried another site without the plugin but will update here if its this that is the cause.

EDIT: I have now tried on the third website that had locked me out due to IP range change. This one doesn’t have WooCommerce and still cannot add multiple I.P’s to the Firewall: Advance Settings section. Still get the pop-up saying is not a valid IP address format etc.

Not sure what could be the cause. Will keep going through all my sites to see if one of them allows me to add the I.P’s

• This reply was modified 3 months, 2 weeks ago by poppydev.
• This reply was modified 3 months, 2 weeks ago by poppydev.

This is what I have used : https://pastebin.com/Ae8MmzJV

Works fine else where except this section. It only allows me to add one, even though they are both on separate lines.

Regards