Support Forum
Support Forum
Offline
On Jan-05 I discovered trashed Posts, Users, and Featured Images on our site.
These deletions occur daily. As of today 2,000+ posts – and many associated users and images -- have been trashed.
To clarify: When I refer to “posts” I’m referring to the articles on the site. I am not referring to SimplePress posts, though some SimplePress posts could be missing as well. Growthtrac.com is not only a SimplePress forum -– our site contains thousands of articles (posts). SimplePress is only a secondary, very minor piece of our site.
The last 3 days, we’ve worked with our host -– WPEngine -– and our developers to determine the cause. Admin accounts were checked, passwords changed, and a Sucuri Scan was run. The scan came back clean.
Last night we tracked content changes on the site. Sure enough, 100+ new deletions occurred and they originated from a cron.
The sph_cron_user cron is deleting content daily at 04:17am
This is of course a SimplePress cron.
So, I located these (enabled) SimplePress settings:
--Enable auto removal of member accounts
--Remove inactive members (if auto removal enabled)
--Remove members who have not posted (if auto removal enabled)
Here’s what’s been happening: Instead of only removing inactive SimplePress members, SimplePress is also deleting non-SimplePress users (authors, etc.) and associated content.
SimplePress should only be impacting SimplePress data.
We’re running 5.5.1
Can you shed light on this?
Offline
The problem really is that you are mistaking the concept of users.
Simple:Press is a plugin for WordPress not a standalone forum application. There is no such thing as a 'Simple:Press' user as distinct from a user on your site. Simple:Press does not create, maintain or have it's own users. They are all users on your website, controlled by the WordPress user sub-system.
So if you have those options turned on it is working on your site user-base.
And it uses the standard WordPress core function wp_delete_user() which will remove that user and any 'baggage' that belongs to them.
For most websites - which are run by one or two people who control all of the content then this is a useful tool to make use of. Clearly with lots of people who have in the past, contributed items but have since gone and now fall into the terms of the option settings it is, perhaps, not so useful. And one of ther reasons, of course, we install Simple:Press with those options turned off.
 |
YELLOW
SWORDFISH
|
Offline
Yellow Swordfish, have you ever thought of separating WordPress users and Simple:Press users?
My forum is for ISV customers and interested parties, a bit like this support forum. I understand the thinking behind integration, but I wonder how many forum customers actually want/need their users to have WordPress integration into their site.
Offline
As predicted: it's "my fault" Oh, and thanks for the empathetic response.
The forums utilize the "WP user sub-system" ... Sure, everyone knows that! How intuitive. Maybe I should have enrolled in the "Simple:Press Architecture 201" class ... Sorry, my fault.
Why would a "feature" that deletes post content be "useful" ?
And, why, on such a "feature" where a misconfiguration could cause such catastrophic results, would you not provide a 'warning' or 'validation' to safeguard against such actions?
<< ... And one of the reasons, of course, we install Simple:Press with those options turned off.
And, no -- these configs were not "turned off" by default.
Unbelievable ... I'm done with you guys.
PS You're now on the WPEngine "Blacklisted Plugin" list.
Offline
are you joking? I'm on wp-engine, when does this go in affect?
Offline
May not be on the "list' yet, but no, I'm not joking. I guess after investing 3 days on the issue and paying for a 3rd-party security scan, they didn't want this to reoccur on any of their sites. Good Luck.
Offline
I'm waiting on the help desk now for clarification, if they do I guess I will have to move my site,
Instead of only removing inactive SimplePress members, SimplePress is also deleting non-SimplePress users (authors, etc.) and associated content.
Yellow was pretty clear a year ago that WP and SP users are one and the same
Offline
well, just got done talking to wp-engine, they have no plans as of right now for disallowing it, they said it would be a 30 day notice if they do, unless it is a security or malware issue which this is not, might still be worth looking into site ground
James, it sucks that this happened, I really feel for you, we went through something similar but to a much lesser extent a couple years ago, since your join date is the second and you say you noticed it only a few days ago, have you had many blog posts the last couple days? Is your nightly backup still available for the first of January so you can revert to that and then disable that cron job and delete the plug in if you don't want it any more?
Offline
The correct forum join date is roughly 15 months ago.
We've deleted Simple:Press.
These deletions go back as far as 28-Nov-2014; WPEngine only saves backups 30-60 days, so I cannot go back any further. My guess is the trashed posts began early 2014; there are some posts we will not be able to recover. We have a lot of work ahead of us.
And, as stated, it's not as simple as 'restoring' trashed posts -- Simple:Press removes users and associated posts, images, etc.
BTW The WPEngine team I was working with was quite pissed about the situation; you (obviously) spoke with someone unfamiliar with the issue.
Offline
yeah, but the backup should restore everything, posts, users and pictures, I believe the default setting for auto removal is 365 days, so at the worst it would have happened a year from your go live date with simplepress, which would be close to your 15 months ago join date and the Nov 28th date
I just checked my dashboard and I'm showing the earliest nightly back up as Dec 8th, so you may be able to restore with just the missing 10 days from 2014, 2013 and anything from the 8th
I agree with you, I'm sure you were talking to someone way further up the totem pole than I was, good luck
All RSS1 Guest(s)