TheVink

It’s a Dreamhost shared IP install, but the IP is my home IP, not the server/site.

Only running IP2Location Country Blocker, Wordfence and Sucuri free versions on plugins right now.

Using the Extras Divi theme.

Yeah, none of the 3 comments show anything related to or mentioning WordPress.

These 3 comments are unapproved so they stand out with the rusty orange vertical line on the left and the orange-tinted background. All the other comments that I assume are with the defaults don’t have the line or tinted background.

Is there a list of the most popular caching plugins and which ones this plugin does and doesn’t work with? I didn’t realize different ones handled different types of caching.

This plugin hasn’t been updated for at least 2 years, and you really expect it to work correctly – much less be SAFE enough to be anywhere near your website?

[snark removed by moderator.] [There is] the potential problems a single compromised website can have on untold numbers of other unknowing people?

There are a variety of other free and paid solutions available that work quite well. Take IP Geo block and just let it go…it was good while it lasted, but it’s been a risk factor within months of it no longer being supported.

• This reply was modified 4 years, 6 months ago by Steven Stern (sterndata).

Forget what?
That IP Geo Block hasn’t been updated in 9 months?
Forget what?
Potential security issues on an abandoned plugin?

Before you get too excited about ANY WP plugin, check to see when it was last updated and what, if any, support issues there are.

This plugin hasn’t been updated in 6 months and the developer does not respond to inquiries.

A number of us users have tried to reach him/her through various contact points to no avail.

An unsupported plugin is a security risk – no matter how great it is and no matter how badly we want it.

Yes, it makes no sense to not have at least sold this plugin to a different developer or hand it over to someone who would continue carrying the torch. There’s clearly a huge investment of time put into to it that doesn’t make sense to just let it go.

Question staying with a plugin that is no longer being actively supported and updated by the creator. Without active and/or ongoing support/development you have no idea what the security issues are.

It’s a pity that such great work is rotting on the vine, but what can you do? I know a number of us have tried to reach tokkonopapa, but there’s no response I know of so far.

As much as I love the plugin and truly HATE losing it (really, really hate losing it), I’m in the process of removing it from my sites. I can’t risk potential security breaches due to an unsupported plugin.

But what if you’re using WP 5.2, not using any contact form plugin? Could it be that our WP theme (Divi) has a compromised form mailer built in?

We’re getting some spam messages from “Eric”…

X-PHP-Originating-Script: 30768:class-phpmailer.php
Date: Wed, 8 May 2019 13:10:37 +0000
From: Eric <[email protected]>
Reply-To: “\”Eric\”” <[email protected]>
Message-ID: <[email protected]>
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When we test the contact form on our site (it came as part of the theme) it sends the below format which is what we expect. A test email from our contact form goes to our [email protected] email acct…

Tester <[email protected]> via gator4156.hostgator.com
reply-to: Tester <[email protected]>
to: [email protected]
date: May 10, 2019, 9:38 PM
subject: New Message From Our Site
mailed-by: gator4156.hostgator.com
security: Standard encryption (TLS) Learn more

Does running an old version of php allow the php mailer to be compromised? Is that a stupid question with an “of course does” answer?

Sometimes we log into one of our sites and see that contact 7 has been added to plugins, when we don’t even use it. Might a hacker add to a site to take advantage of an older version of php being used?

Sadly our sites at HostGator don’t seem to get the auto-updates our other hosting provides.

I log into WP to see that WP Statistics needs a database update. Thinking it’s safe, I do it.

Afterwards, I see the confirmation message:

“Please don’t close the browser window until the database operation was completed.”

As the use of “was” is blatantly incorrect English, should I assume this is still a valid update and not a malware install?

There’s a point where you have to ask what’s up with the developer.

Is the developer still running this plugin or is it abandoned?

There’s a certain amount of time that is wasted in trying to figure out software that is more and more outdated and potentially broken the longer it goes unsupported.

I think the plugin is great and somewhat impressive, but it’s also in dire need of ongoing support.

What’s THAT status?

Same here, but has been going on for what seems at least a month or so.

How do I get each answer to determine the next question to be asked?

Is it possible to get the person taking the quiz into MailChimp as part of the sequence so it’s easier to segment a follow up after the quiz?