Alleged conflict between Clearfy remove comments function and JTC AntiSpam

[GdS87]

Hello AIT-pro,

I’m a self-taught WordPress user with limited coding skills. I am new to Bulletproof and I am really glad it makes security via htaccess so easy that even I can make it work in a few clicks (thank you).

While playing in a Laragon staging site, I may have found a conflict between: BPS-PRO JTC AntiSpam and Webcraftic Clearfy Remove HTML Comments function.

When “Remove HTML Comments” is active, JTC’s tooltip doesn’t display properly. Instead, the hint message appears as a sliding text in the bottom-left side of the screen. The issue is almost as described in #post-19510 but with no tooltip at all (I have an almost identical screenshot, but I can’t figure out how to post it). No errors recorded in BPS or debug logs. I could stage it in a fresh WordPress install featuring only both plugins’ settings active at the same time.

It seems to me that Clearfy is preventing JTC’s output from showing properly by accidentally removing some required lines of code. So, the quick fix (for BPS users who might need it) is to disable Clearfy’s remove HTML comments functionality. JTC’s tooltip immediately starts working again as expected.

I chose to report this issue because the alleged conflicting functionality seems quite popular in optimization, minification and caching plugins. My concern is that JTC may be targeted by set-and-forget plugins, but I haven’t tried it yet and I’m not clever enough to find out why. Clearfy functionality hints state that it doesn’t target “special comments”. If this was true for other similar plugins, there may be a way to prevent JTC’s Tooltip from breaking in a similar scenario.

I hope it makes sense,

Kindest Regards, GdS.

[AITpro Admin]

Thank for reporting this.  We will test the Clearfy plugin to see what is going on.

[AITpro Admin]

Testing will begin shortly.  I will post the results after testing.  I noticed the Clearfy plugin does these things below, which you never want to do because Query Strings are cached by Browsers.  If you remove the Query Strings file versions then Google and other Browsers will display the old js, CSS code and not refresh your website cache based on the new Query String version #.

• Remove Style Files Version — complicates the process if someone wants to hack your site.
• Remove Javascript Files Version — it is more difficult to determine the version of installed plugins and hack the site.
• Remove Querystrings — helps with the caching of JS and CSS and increase the speed of website load.

You also never want to disable the WordPress Heartbeat API since most plugins and themes use WordPress Crons. Disabling the WordPress Heartbeat API will break all WordPress Crons in all plugins and themes.

• Disable WordPress Heartbeat API — completely disables the Heartbeat API WordPress function.

[AITpro Admin]

Testing completed – Results are below:

The Clearfy plugin is not compatible with BPS Pro, but is compatible with BPS free. The Clearfy plugin tries to interfere with BPS Pro functionality and by doing so it makes its own Clearfy options settings page display blank. Now that is ironic.

Notes: In general the Clearfy plugin disables or turns off a lot standard WordPress features and functionality.
There are potentially many problems that could occur for anyone who uses this plugin. It has the potential to break many plugins and themes and worse it does not include debugging tools.
This is the type of plugin that you need to pay extra attention to for each option setting that is used. ie test, test, retest and test again all of your other plugins and your theme when you enable each of the Clearfy plugin option settings.

CAUTION: The Clearfy plugin compresses/minifies js scripts, which is known to break things in many plugins and themes.

The Remove HTML Comments option setting is under the Defence menu:
The Clearfy plugin does not remove the inline jQuery code for BPS JTC, but does remove the JTC CSS code. JTC does not display correctly due to Clearfy removing the inline JTC CSS code.
Workaround or Permanent Solution: None. The JTC CSS code MUST be loaded inline. The Clearfy Remove HTML Comments option setting cannot be used with BPS JTC.

[GdS87]

@AITpro_Admin , excellent explanation!

Thank You for your dedication and precious advice.

[AITpro Admin]

Email Question:
I use some of the features of Clearfy which on a few sites works okay with BPS.
On some other sites though I can’t make changes to the Clearfy settings without first disabling “Root Folder BulletProof Mode (RBM)”, which then seems to jack up the .htaccess file after I re-enable RBM.

Email Response/Answer:
I am in the process of retesting the Clearfy plugin. This plugin comes with a lot of options that have the potential to cause lots of problems for other plugins and themes.

I installed the Clearfy plugin and used the setup wizard and chose the default settings. I am not experiencing the same problem you are describing. Here is what I have documented below so far in my Clearfy plugin retest. Maybe you have some additional custom htaccess code that is causing problems for the Clearfy plugin? Send me your Root htaccess file so I can take a look at it.

Clearfy Plugin Retest: 9-16-2020:
The Clearfy plugin is now compatible with BPS 4.3 and BPS Pro 14.8 even with the Remove html comments Clearfy plugin option setting enabled/turned On. I checked the Clearfy Remove html comments code and all it is doing is stripping out any code between SGML comment delimiters.  So I will just remove the SGML comment delimiters for the style tags in BPS JTC-Lite and BPS Pro JTC Anti-Spam|Anti-Hacker.

Clearfy plugin problems:

IMPORTANT Note: This plugin has the potential to create a lot of problems for other plugins and themes.
Use EXTREME CAUTION when choosing some option settings in this plugin.
Be sure to test everything on your website after enabling any options in this plugin.

Used the Clearfy Setup Wizard and chose all the default Wizard options.

Hide Admin Notices – Do NOT enable or hide BPS or BPS Pro Admin Notices.
To fix this problem go to the Clearfy > Advanced tab > choose Don’t Hide for the Hide admin notices option setting.
If you do that then you will not know when an error or problem occurs.
BPS Pro comes with a feature called S-Monitor that allows you to choose which alerts/error messages/Notices you do or do not want to see.

BPS Pro JTC Anti-Spam|Anti-Hacker is working correctly by default.
As of BPS 4.3 and BPS Pro 14.8 – Remove html comments Clearfy option: enabling this option no longer breaks the BPS and BPS Pro JTC tooltip code.

The Clearfy plugin options settings page is no longer being broken by the Clearfy plugin itself and displaying blank after running the Clearfy setup wizard.
Note: enabling some other option setting in the Clearfy plugin may cause the Clearfy plugin to break its own option settings page.

Debugging/Error Logging: The Clearfy plugin still does not have any sort of debugging or error logging capability to detect problems that it creates for other plugins and themes.

Remove query strings from static resources option setting: This option setting is not enabled by default. It is highly recommended that you do not enable this option setting.

Disable Heartbeat option setting: This option setting is not enabled by default. It is highly recommended that you do not enable this option setting.

Optimize JavaScript Code option setting: This option setting is enabled by default. It is highly recommended that you disable/turn off this option setting.

[Author]

Posts