Global Author Posts Feed urls are returning 403 errors

Good afternoon,

The feed urls generated by the WPMU Global Author Posts Feed plug-in are returning 403 errors. I have it installed on 3 multisite installs (blogs.duanemorris.com, ercoats.wpengine.com and dmsandbox.wpengine.com) and all 3 are returning 403 errors.
All 3 installs were upgraded to WP 4.7 last week. I'm not sure this breaking coincided with the upgrade. According to your website, the plug-in is compatible with 4.7.

Seems that something regarding permissions has changed. My sites are hosted by WPEngine. Their support was not able to resolve this issue via live chat, so they opened a ticket and also advised me to open a ticket with you as well.

Here are example urls from all 3 installs:
http://blogs.duanemorris.com/feed/globalauthorpostsfeed?author=54
http://dmsandbox.wpengine.com/feed/globalauthorpostsfeed?author=3
http://ercoats.wpengine.com/feed/globalauthorpostsfeed?author=3

I've uninstalled and reinstalled the plugin on ercoats... didn't fix it.

Also, every time I try to access one of these feed urls, it writes an error to error log, e.g.:
[Wed Jan 04 17:06:30.232856 2017] [:error] [pid 18501] [client 12.144.20.254:36320] preventing possible attempt to enumerate users
[Wed Jan 04 17:06:57.952458 2017] [:error] [pid 31845] [client 12.144.20.254:36904] preventing possible attempt to enumerate users, referer: http://blogs.duanemorris.com/wp-admin/network/users.php?s=sinrod

Any help in resolving this issue is greatly appreciated.

thanks,
Denise Tucker

  • Kasia Swiderska
    • Support nomad

    Hello Denise,

    Do you have any security plugins? That error from log leaded me to this article https://perishablepress.com/stop-user-enumeration-wordpress/ - it describes how to block user enumeration in WordPress. So it looks like something is blocking it on your server.
    I tested plugin on my multisite 4.7 and it works well so this is something very specific for your configuration.
    As you can see that can be blocked in htaccess or in a plugin. Maybe WPEngine is adding some security plugins to their sites? Can you check that with them?

    kind regards,
    Kasia

  • Denise
    • WPMU DEV Initiate

    Hi Kasia,
    I have not installed any security plug-ins. Whatever security is on our sites is managed by WPEngine. I will forward your message to them and see if they can check it out. I will let you know what they say.

    thanks,
    Denise

  • Denise
    • WPMU DEV Initiate

    Hello Kasia,

    Turns out that the WPEngine plaform does block enumeration of users, as a security measure. They were able to turn off the block for us, but that did not fix the problem with the author feeds. Instead of returning 403 errors, the author feed urls just redirected to the site home page.

    We decided that the value-ad of the Global Author Posts Feed plug-in was not worth the security risk. So we had WPEngine turn the block back on and we have decided to discontinue use of the plug-in.

    thanks
    Denise

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.