Simple Comments Changelog

2017.1.9 – Version 1.3.8.4

  • Fix: PHP Notice with Contact Form 7 version 4.6. “wpcf7_add_shortcode is deprecated since Contact Form 7 version 4.6! Use wpcf7_add_form_tag instead.”

2015.9.4 – Version 1.3.8.3

  • Fix: WSOD on uninstall.

2015.6.23 – Version 1.3.8.2

  • Fix: Updated Contact Form 7 tag generator. CF7 4.2 and above now required due to major changes in CF7.

2015.6.7 – Version 1.3.8.1

  • Tweak: Abandon Block UI while securing login form in favor of inline login form messages.
  • Tweak: Eliminate autocomplete login detection until it can be evaluated in greater detail.
  • Tweak: Improved login experience.

2015.6.3 – Version 1.3.8

  • Tweak: Replace wp_remote_get with wp_safe_remote_get
  • Fix: Autocompleted login forms were not always automatically detected properly when securing the form.
  • Fix: Pasting a username into a login form is now detected when securing the form.

2015.5.28 – Version 1.3.7.9.2

  • Tweak: Use scheme, such as http or https for JavaScript file URL rather than using a relative URL, so CDNs can properly serve the JavaScript files.
  • Tweak: Wrap Gravity Forms form security error messages in div tag with class name gf-sc-sec-error-msg so it can be styled.
  • Tweak: Replace some backend .png icons with Dashicons.
  • Enhancement: Block UI and display a message for 3 seconds when securing login and registration forms to give slow servers time to handle AJAX tasks.

2015.4.21 – Version 1.3.7.9.1

  • Fix: Autocompleted username and password on WP login form are now detected properly. Manually typing in username no longer required. Test on iPhone and Android, as well as all web browsers.
  • Fix: Popup dialog added to remind users with blank username and password fields to type in their username.
  • Fix: Outgoing API Key and Software Update request URLs are now escaped to prevent possible XSS attack vector.

2014.6.14 – Version 1.3.7.9

  • A few server environments with PHP 5.3.x or older had the following errors.
  • Fix: Fatal error: Can’t use method return value in write context, on plugin activation.
  • Fix: Fatal error: Cannot redeclare class, on plugin uninstall.

2014.6.14 – Version 1.3.7.8

  • Waiting: Added support for AffiliateWP to protect the registration and login forms from hackbots and spambots. Still waiting for the code and hooks to be added to AffiliateWP.
  • Feature: API License Key is now encrypted in the database, so unauthorized clients, and unauthorized staff, cannot view the API key, or use it on unauthorized blogs.
  • Fix: Automatically deactivate Spam Free WordPress if active, rather than display a warning.
  • Fix: NextGEN Gallery incorrectly loads a persist.js on the WordPress login and registration pages breaking Simple Comments. Simple Comments now loads earlier to eliminate this issue.
  • Refactor: Improved AJAX responses.
  • Refactor: Improved AJAX, JavaScript, and CSS now load relative to the scheme.
  • Refactor: Load shared classes as singular on-demand instances.
  • Tweak: Check if WP_HTTP_BLOCK_EXTERNAL is defined and set to true.

2014.4.30 – Version 1.3.7.7

  • * Feature: Added ability to make 30% off the sale of Simple Comments using an affiliate ID.

2014.4.3 – Version 1.3.7.6

  • Feature: Disable WordPress XML-RPC completely, to prevent DDOS attacks against any XML-RPC service. Disabling XML-RPC can break some plugins.

2014.3.14 – Version 1.3.7.5

  • Feature: Disable XML-RPC pingback service, when Close Pingbacks option is selected, to prevent DDOS attacks against the pingback service.

2014.1.24 – Version 1.3.7.4

  • Tweak: Security class instantiates only once now.
  • Tweak: Added more capability to provide security for comment forms even when the theme is broken.
  • Tweak: Moved bl_keys array element from simple_comments array to its own sc_bl_keys option database entry.

2014.1.7 – Version 1.3.7.3

  • Tweak: Changed when jQuery scripts are ready.

2013.12.31 – Version 1.3.7.2

  • Fix: Removed the update timer as it caused the plugin to disable itself under certain conditions.

2013.12.30 – Version 1.3.7.1

  • Feature: WordPress does not always display a notice for software updates when they become available, so an update timer was added to ensure timely notice of software updates.
  • Feature: Added hackbot protection for WooCommerce 2.1 and above login forms.

2013.12.18 – Version 1.3.6

  • Fix: Contact Form 7 security shortcode hook was calling function too early, causing it to display the shortcode tag on the page, when it should not be visible.
  • Fix: Deactivation message now displays a single message.
  • Fix: Fixed some text localization.
  • Fix: Improved Nonce behavior for some rare edge cases.
  • Fix: Tightened security in the plugin code.
  • Tweak: Classes can now only be instantiated once. Saves memory, and prevents the need to use globals.

2013.9.26 – Version 1.3.5

  • Added new Subscription error message sent from the WooCommerce API Manager

2013.9.22 – Version 1.3.4

  • License Key class now using new WooCommerce API Manager for API license keys.

2013.8.29 – Version 1.3.3

  • Fixed: A function was not being called correctly in the uninstall routine.

2013.8.25 – Version 1.3.2

  • Added instructions to WordPress login form, and WordPress User Registration form, to physically type into the form fields for human detection security.
  • Enhanced JavaScript to remove autofilled form field information to allow for human detection security on WordPress login form and WordPress User Registration form.

2013.8.25 – Version 1.3.1

  • WordPress login form, and WooCommerce registration form, security is disabled if WooCommerce is active. This is due to an authentication problem related to a lack of hooks for Simple Comments on the WooCommerce login form.
  • Bypass security checks for Gravity Forms and Contact Form 7 if user is logged in.

2013.8.23 – Version 1.3

  • New feature: Added option to save comment spam to spam folder for manual review.
  • New feature: Added spam blocking support for Gravity Forms.
  • New feature: Added spam blocking support for Contact Form 7.
  • Added support for the Jetpack Contact form, and the WooCommerce login, but cannot implement until hooks are availble to turn these features on.
  • New feature: Added hackbot security for the WordPress login form.
  • New feature: Added hackbot security for the WordPress user registration form.
  • Tweak: Added support for the Twenty Thirteen theme.
  • Code refactoring completed. Plugin is now 100% Object Oriented.
  • Setup new classes to load on-demand to only consume memory when needed.

2013.7.30 – Version 1.2.6

  • Multisite compatibility added.
  • New feature: Added spam blocking support for WooCommerce Product Enquiry Form extension.
  • Fixed: Sometimes install information was missing, causing invalid license error.
  • Updated language files.
  • Code refactoring to move towards all Object Oriented.

Version 1.2.5

  • Removed legacy function call. Obsolete.

Version 1.2.4

  • Removed old legacy password fields. Obsolete.

Version 1.2.3

  • Fixed: Broken plugins or themes throwing jQuery or JavaScript errors would break jQuery event listener.
  • Fixed: PHP errors would break jQuery event listener when WordPress in debug mode.

Version 1.2.2

  • Moved cron events into their own class.

Version 1.2.1

  • Minor fixes.

Version 1.2

  • Fixed: each comment is now authenticated, rather than allowing all comments from one commenter in 20 minutes time frame.
  • Support added for WooCommerce product review comment form.

Version 1.1

  • Updated troubleshooting URL