Registration form conflict with Wordfence plugin
This topic contains 13 replies, has 4 voices, and was last updated by Paolo 9 years, 10 months ago.
We have moved to a support ticketing system and our forums are now closed.
Open Support TicketTagged: captcha, registration form, Wordfence
-
AuthorPosts
-
August 6, 2014 at 6:12 pm #11184
I am setting up a new local directory site using GD, and have come across an apparent incompatibility with Wordfence – which I like to use for site security.
In brief, when attempting to submit the GD registration signup form for a new user, I get an error indicating that there are missing arguments:
Warning: Missing argument 2 for wordfence::registrationFilter() in /public_html/wp-content/plugins/wordfence/lib/wordfenceClass.php on line 756
Warning: Missing argument 3 for wordfence::registrationFilter() in /public_html/wp-content/plugins/wordfence/lib/wordfenceClass.php on line 756
Warning: Cannot modify header information – headers already sent by (output started at /public_html/wp-content/plugins/wordfence/lib/wordfenceClass.php:756) in /public_html/wp-includes/pluggable.php on line 861
Warning: Cannot modify header information – headers already sent by (output started at /public_html/wp-content/plugins/wordfence/lib/wordfenceClass.php:756) in /public_html/wp-includes/pluggable.php on line 862
Warning: Cannot modify header information – headers already sent by (output started at /public_html/wp-content/plugins/wordfence/lib/wordfenceClass.php:756) in /public_html/wp-includes/pluggable.php on line 863
Warning: Cannot modify header information – headers already sent by (output started at /public_html/wp-content/plugins/wordfence/lib/wordfenceClass.php:756) in /public_html/wp-includes/pluggable.php on line 1121
A similar thread in the support forum of a different directory plugin developer indicated that Wordfence “uses more function arguments than are currently enabled in the theme” – which I take to mean that the organic WP registration form provides more arguments than the custom form being used by that particular directory plugin at that time, and that Wordfence does not like them to be missing.
In that thread, users were indicating that the problem was also affecting various CAPTCHA plugins.
I like Wordfence and don’t relish the idea of running a site without it some sort of form CAPTCHA. Is there truth to the above diagnosis that also applies to GD and will it be possible to provide a fix?
August 6, 2014 at 6:32 pm #11188Personally I hate wordfence and would never use it, so I’m not really the right person to reply about this.
I’ve flagged it for Stiofan, who will let you know asap.
Thx
August 6, 2014 at 6:37 pm #11191Thanks – I hear you. Is there an alternative providing the same kind of security functionality as Wordfence, that would be compatible with GD?
It sounded in that particular thread like the issue also affected other security plugins (captcha) not just WF, so if it’s an issue of not providing all of the arguments as the organic registration form it might still need to be addressed for better compatibility.
It sounds like the issue popped up originally after a WP update and subsequent WF update in 2013.
August 6, 2014 at 8:51 pm #11215Hi again,
I use none of them… so I wouldn’t really know.
From my personal experience (and I don’t say it is not questionable) they only take away precious server resources and slow down your website.
Major down point is that they are extremely strict, while one of the things I like most about wordpress is that is very flexible.
Thx
August 6, 2014 at 9:01 pm #11219Ok Thanks – I had looked at a different one some time ago that a website developer liked to use, although I think he ended up liking Wordfence.
Good point on the server load. Right now I use a pretty low-end shared host but I’m guessing the possible volumes and search activity of a directory site might need a more exclusive and faster environment eventually anyway.
I saw a thread elsewhere here addressing the use of a captcha plugin for the GD reg and login form. I’ll take more of a look at that too. I presume Askimet will work decently with GD to control the comment spam.
Thanks again!
August 6, 2014 at 9:05 pm #11221We do use both reCaptcha from google (free user of this forum can’t post without entering a captcha) and askimet. So far, we delt with zero spam.
Thx
August 7, 2014 at 9:32 am #11279I hate wordfence too lol, i just would not recommend it. My best advice is if you start having any problems such as spam just let us know and we will best advise how to tackle it or even work in a solution to our products.
Thanks,
Stiofan
August 7, 2014 at 2:24 pm #11303Thanks Stiofan — I’m going to look into integrating the recaptcha into the registration form, and implementing Askimet for comments.
I noted in a different thread back in May someone listed Wordfence as being currently compatible with GD, so I’m not sure why my install kicked out the error as other threads elsewhere have suggested that it was an update to the core WP and a subsequent WF update back in 2013 that started the problem of the missing arguments from a custom registration form.
Perhaps there is a setting in WF to disable the reg form scan. I’ll look into that also.
Other threads I found seemed to indicate a similar error occurring with various captcha plugins which would expand the scope of the compatibility problem beyond WF to potentially include any component that interacts with custom reg forms.
Would it make sense to modify the custom form in some way so that the arguments WF is missing get supplied by the form, even if they are not strictly necessary for the creation of users by GD?
Paolo made a good point about the performance load of security plugins like WF, but WF does a lot more to monitor, scan, and block attacks than just registration and comment spam, and I’m uncomfortable not using it or something very similar.
August 7, 2014 at 3:19 pm #11318OK, you can try this…
The PHP output you are seeing is not PHP errors it is PHP warnings, these are very different and until PHP 5.4 they were not shown for most things.
Try adding this to your child theme functions.php (near the top but after the PHP opening tag)
error_reporting(E_ERROR);
Hopefully this fixes it for you, let us know.
Stiofan
August 8, 2014 at 10:24 pm #11431Excellent! That seems to have resolved the issue. I can now successfully register new users with Wordfence enabled.
I am also going to look more into adding the recaptcha to the reg form, and will enable Askimet for the comments.
August 9, 2014 at 1:24 am #11458Admittedly I have little experience so far with WordPress…mostly converted a couple of my sites over awhile back and now starting up a new one with GD.
I have both Wordfence and iThemes Security on sites. I’m also no expert on either of these and really need to take some time to look over all of the configuration options, but so far have not had any issue from these with any of my sites.
What I have been able to do though is rely on them to help further secure my sites, alert me and even automatically block hacking attempts, and these are on sites that most likely float well below the radar…purely automated, bot crawler scripts, so it gives me a real appreciation what a site with any strong authority and notoriety goes through.
As always, it’s rarely a black and white answer, but somewhere along a line of 256 shades of gray.
Cheers,
BrianAugust 9, 2014 at 1:51 am #11459As Stiofan suggested, it appears that it was indeed an issue related to changes in the latest PHP version – so absence of an issue might either mean that the host has not upgraded to php 5.4, has not forced the non-affected account to use 5.4 instead of an earlier version, or has done something different with their configuration that did the same thing as the code Stiofan recommended adding to the functions.php file.
I’m glad for the simple fix!
I’ve seen in the past with the reporting provided by Wordfence, just how often sites get probed. I’ve particularly seen a real surge right after I put up the domain. It seems to trickle off for the most part once the bots figure out that it’s not a soft target.
August 9, 2014 at 10:09 am #11473Thanks for the feedback!
Stiofan
January 10, 2015 at 5:33 pm #26920Just FYI, the new add we released: GD reCAPTCHA kills 100% of spam registrations, comments and any type of bot activity, it’s super lightweight for your website and friendly for website visitors.
Guaranteed!
-
AuthorPosts
We have moved to a support ticketing system and our forums are now closed.
Open Support Ticket