Fernando Tellado
Forum Replies Created
-
Forum: Reviews
In reply to: [Widget Visibility Control] Good pluginThanks for the feedback @themico, you’re absolutely right. On WooCommerce sites with lots of product attributes, finding the right term in that single dropdown is painful.
I’m adding a cascading selector for the next release so when you choose Taxonomy, a second dropdown will appear to pick the specific taxonomy (e.g., Product Category, Color, Size), and only then will the terms for that taxonomy load in the third dropdown.
This should make things much faster to navigate. Stay tuned! 🙂
About the firewall events showing in the audit log, this is actually by design. Firewall blocks, security events and settings changes are always logged regardless of the “Events to Log” checkboxes, because they’re critical security data that shouldn’t be silenced accidentally. There’s a note below the checkboxes explaining this, but I agree it’s easy to miss. I’ll make it more prominent in the next update.
Regarding seeing who’s currently blocked, login lockouts already show blocked IPs in the Login Security tab, but there’s no equivalent view for firewall rate-limit blocks. I’m adding a “Currently Blocked IPs” section to the Firewall tab for v1.13.0, with the ability to manually unblock.
And yes, progressive blocking for the firewall rate limiter is a great suggestion. We already have incremental lockouts in Login Security, so extending that logic to the firewall makes total sense too 🙂
So, coming in 1.13.0: first block = configured duration, then it doubles each time (5 min → 10 min → 20 min → etc.) up to a configurable maximum.
Thanks again for taking the time, this kind of feedback makes the plugin better for everyone.
Hello again @pdjp
I’ve just updated the plugin to v1.12.2 that fixes the issue
Thank you again for the feedback 🙂
Hi @pdjp , thanks for reporting this, you’ve found a real issue worth fixing.
What’s happening: The rate limit block is working correctly (the IP gets a 429 response), but the problem is that each subsequent request from an already-blocked IP is still being logged. So if a bot keeps hitting your site after being blocked (which bots do, they don’t care about 429 responses), every single request generates a new log entry.
Temporary workaround: You can reduce the noise right now by lowering the log retention in Security Audit settings (e.g., set retention to 7 days and max entries to 5,000). You can also clear the current logs from the Security Audit tab. This won’t stop the duplicate logging but will keep your database under control.
I’ve already identified the exact method that needs improvement: blocked IPs from rate limiting should only be logged once, not on every request. I’ll include this fix in the next update asap.
Thanks again for catching this, really appreciate the feedback!​​​​​​​​​​​​​​​​Fernando
Forum: Themes and Templates
In reply to: [Astra] Duplicated command palette in WordPress 7.xWorked fine, thank you!
Do you plan to remove the loupe when WordPress 7.x arrive?
De nada, gracias por apreciar el plugin 🙂
Pues ya lo tienes @chemabz. Disponible desde la versión 1.10.0
Pues eso no está bien del todo, me pongo ya con ello. Cuánto antes lanzo una actualización para poder definir destinatarios, que ya lo tenÃa pensado pero lo tenÃa por ahà en la hoja de ruta apartado.
Lo meto ya, seguramente añada una subsección de ajustes de emails para definir ahà los administrativos, por defecto el de los ajustes generales de WordPress como ahora pero pudiendo quitarlo y añadir otros, que es como lo tengo en otros plugins como el limpiadir de Action Scheduler
No tardaré 🙂
Hola @chemabz
Ahora mismo todos los correos son opcionales y activables/desactivables excepto el de desactivación, que me parecÃa como un básico. Luego, activos por defecto solo están los de integridad de archivos, pero puedes cambiarlos de frecuencia diaria a semanal o desactivarlos, lo tienes en su pestaña.
Luego hay otros que puedes activar, sobre actividad de admins, usuarios y más, pero están todos inactivos por defecto.
Lo que sà tengo pensado es añadir un resumen periódico, configurable, y opcional, a modo de informe de seguridad, pero aún no tengo claro qué incluir o no.
En cuanto a personalización, claro, se pueden personalizar mediante hooks pero no lo he documentado en el readme porque se me iba un poco de madre de demasiado largo, pero si quieres que te comente como hacerlo dime qué habÃas pensado. Ya te digo que tampoco quiero añadir un diseñador de emails o similar, que luego el plugin se sale de su objetivo, pero sà me puedo plantear facilitar algo la personalización, algo que dicho sea de paso ningún plugin de este tipo tiene 😀
Forum: Plugins
In reply to: [Twenty20 Image Before-After] Security update for plugin?I’ve posted a fix in this other thread
I don’t know, the author hasn’t update the plugin 1 year ago and doesn’t answer in the forum. His only active profile is at LinkedIN :/
It would be fine if the author could ask for help.
Forum: Plugins
In reply to: [AI Share & Summarize] Separator via buttonsBitte schön
Forum: Plugins
In reply to: [AI Share & Summarize] Separator via buttonsHi @welliathome
You can hide it with this little CSS snippet in the Customizer or Additional CSS if you use a block theme:
.ayudawp-share-buttons {
border-top: none;
}If you want to hide top and bottom border lines, the CSS would be like this:
.ayudawp-share-buttons {
border-top: none;
border-bottom: none;
}Or you can use your own style, i.e.:
.ayudawp-share-buttons {
border-top: 2px dashed #ccc; //Custom top border line
border-bottom: none; //Hide bottom border line
}Forum: Plugins
In reply to: [Lightbox Images for Divi Enhanced] Divi 5 Ready yet?Great news!
This one was easy 😀
Forum: Plugins
In reply to: [Lightbox Images for Divi Enhanced] Divi 5 Ready yet?Version bumped to 2.2.3 and now it should support Classic Editor