Google login not working with Comments Plus

Users cannot comment using their google account.

  • Timothy Bowers

    Hey again.

    Ya I see that, when looking at your site I see a number of errors. (see screenshot).

    Can you let me know if it works in the default Twenty Eleven theme?

    I wonder if there is a conflict there.

    I also note there are a number of plugins running there as well including a facebook one.

    Can you quickly test by deactivating all plugins and testing again. If it works then re-enable one at a time until the issue happens again. This will let us know where the conflict might lay.

    Let me know what you find.


  • zimbruluk

    Hi Timothy,

    I was going to get back to you because the plugin is not working with Google sign-up! Honestly, I was trying on several WP installation, some of them bare bone installations with no other plugins installed and on ALL of them the Google commenting module fails.
    Would you be able to issue me with a refund? I'm really sad this is not working and I cannot figure why is that. I had my eyes on this Comments Plus plugin and I've decided to buy to find out it's not working as expected.
    To only use Facebook and Twitter I can use different free plugin.
    I'm really sorry I have to ask for a refund but this is no use for me if the Google commenting tab is behaving like that.

  • Timothy Bowers

    You would need to address any account questions here:

    There is also a new version of this plugin 1.5.1

    - Added Facebook Locale add-on.
    - Fixed object access issue.
    - Fixed Google refresh issue.

    If that doesn't work then please let me know.

    As I said it works for me but I've seen a few people reporting issues now so I'd like to also involve our developer on this plugin so he take a look and see if he can figure why it works for some but not others.


  • PC

    Hello Zimbrul,

    I still see that you are running the old version of the plugin and not the latest one.

    Could you please upgrade the install to the latest plugin version, switch to the default theme and ping me so that I can have a look at that ?

    or as you said that you have tried it on a bare install, can you please send me the login credentials of the new install where you have tried the plugin and it did not work ?

    Please use our contact form and mark the email to my attention.


  • PC

    Hiya @zimbruluk

    I tested, searched and looked around and consulted our lead developer Ve and we came to a conclusion that it's the host which is causing this issue.

    I would like to quote Ve's response from thread ""

    Let me try to explain what I think the issue is and how we're getting there: in the last authentication step, Google redirects to your page with quite a bit of data in query string (including some URLs) which is then used by the plugin to confirm and further manage your identity. This happens in the popup window and it's not something the users sees, as the window is auto-closed when it reaches the original domain, but that's what happens.

    Now, the issue. Web server can be configured to block URLs in query strings, which would prevent the plugin from working properly. Unfortunately, this is how your server appears to be set up (to test, you can try this URL and check response headers: For further info on such issues in scenarios similar to yours, you may want to check e.g.

    As for the solution, I'd recommend contacting your host and asking them to whitelist your domain(s), so the url blocking in query string rule isn't applied anymore.

    If you read the whole post, I am sure you will know what to tell to your host and they are the only one who can fix this problem.

    I would be on standby while you consult your host, which I am 100% sure is Hostgator and I am also sure that they would be able to fix it.


  • zimbruluk

    I've contacted Hostgator and they said they've fixed the problem but when checking the site at I see the problem still exist.
    If this is the way the plugin works I think would be too much of a trouble to ask the hosting company to white-list the domain I'm installing the plugin on every time and I would prefer to get a refund (or a voucher) for the plugin.

    Thanks for your help so far.

  • zimbruluk

    This is the answer from Hostgator:

    Thank you for writing back to us regarding this issue. It is my pleasure to assist you today.

    I do apologize for the continued issues you are having. You are correct in that we have mod_security rules which will block URL based queries. In order to whitelist those queries we need to know what domain is triggering this rule.

    Could you provide us with the domain you are having and one of the URL's that shows this error or a way to reproduce it? That will allow us to locate the rule and ensure that it is properly whitelisted.

    We look forward to hearing back from you soon and working with you to resolve this issue. Thanks!


    Daniel G.
    Linux Systems Administrator LLC

    Regarding the Comments Plus plugin issue: I was using tons of plugins across my sites and did not have this problem before. I'd like to use a plugin that does not require asking my host to whitelist the domain I'm putting the plugin on every time.
    For this reason I'm asking for a refund because the plugin does not work as expected in my case.


    ps. It also seems that the plugin won't update the Hooks injection so no mater of what you delete comment_form_before or comment_form_after the fields still remain populated with the above two values!!

  • PC

    So here is how I will explain it.

    First of all, special thanks to Ve for his great advice.. he is amazing :slight_smile:

    I tried to do a lot of tests on my hosting account ( by @aecnu ) to replicate it but couldn't as its just the best :slight_smile:

    So I thought that the best way to reproduce the issue is to get an account with Hostgator and see it myself.

    But before that I contacted them about the domain Zimbrul is facing issues with and after all the troubleshooting they confirmed that there is some change required on the server and they can only do it with him online and chatting with them or emailing them.

    So, I got a domain and hosted it on the new HostGator account I bought for this test.

    I just installed the Comments Plus plugin on the WP site and checked if the issue was there or not, and I was not surprised when I was successfully able to replicate the same behavior as Ve told me about it already that it can be fixed by whitelisting a mod_security rule

    I had a word with Raymond M. at HG support who was really helpful and helped me find out where the issue is. I really can't thank him enough for the professionalism and efficiency he showed while working on the issue and sorting it out.

    I explained that it's a problem with OpenID authentication with Google login and after asking for the details, its kicking us out and he was able to see the same behavior and once he validated my account, he was able to fix that within minutes.

    So, in order to explain that is not a problem with the plugin, I would like to paste the chat transcript here with only the specific questions and their answers.

    (6:43 am) [Pranaya Chaudhary]:

    1 : Can you please tell me how you fixed it ? 2: Can the users fix it themselves ? If yes, how, if no why ?

    3: If they host 10 domains with you, can it be done in one go ? ( Which I think you have already answered but I would still like a technical answer :wink: )

    4: Will you consider this as a problem with our plugin or just a security setting on your hosting ? If it's a security setting, why is it there for just open ID authenticaion

    5: If you have to describe this issue, how would you do that and what will be your approach

    And the answers are as below

    (6:43 am) [Raymond M.] It's no trouble at all, Pranaya. I'll answer the best I can.

    (6:44 am) [Raymond M.] It was fixed by whitelisting a mod_security rule, this is a change that needs to be made by us, as it's a server-side setting.

    (6:45 am) [Raymond M.] The best method to have several domains whitelisted at once, would be to submit a ticket to us, or come into chat so we can open the ticket for you. You can open a ticket from your billing portal at or by sending mail to .

    (6:45 am) [Raymond M.] It's not a problem so much as it's a security feature we keep enabled by default, as most sites don't require it. I've seen similar mod_security rules affect several things, just in this case it was your OpenID authentication.

    (6:46 am) [Raymond M.] It's a change we can make rather quickly though, as you saw in this case it only took me a few minutes to get yours up and running.

    (6:47 am) [Raymond M.] I hope that helps clarify for you, Pranaya.

    I have not posted my rest of the chat with him as it was a long conversation and we discussed a lot of things off topic too... :slight_smile:

    Now, if you visit my domain and click on a post and try to make a comment using Google, it will work like charm...

    so @zimbruluk : I suggest you to please give the list of all the domains you are hosting with hostgator to them in a single ticket and point them to this conversation and they will fix it for you.

    I hope that helped.


  • zimbruluk

    Too complicated, to "whitelist" all the domains I'm using the plugin on...come on, it should work out of the box or it should have been tested before being offered for sale in Marketplace.
    The answer from Hotsagor (God bless them, they are a bunch of knowledgeable and dedicated people) is that :

    I have looked into this issue and found that the site is no longer hitting any mod_security blogs. We can also trace the openid access request to Google and the resulting post once they've verified the login.

    Unfortunately, this no longer appears to be an issue with the server but the plugin itself. A basic analysis could not reveal any information about what may be going on other than confirming that the plugin receives an oauth token from Google.

    Please let us know if anything further is needed.


    Daniel G.

    Linux Systems Administrator LLC

    You say it's Hostgator fault, they say it's the plugin fault and I, the customer I'm in the middle looking left and right to see the outcome.
    I'd like a refund so I can go and look somewhere else.


  • PC

    Hello @zimbruluk,

    You say it's Hostgator fault

    I never said that it's their fault. But it's a security feature they use on their hosting accounts. Just to prove that, I have added another domain on the same hosting account I purchased for testing and I did not contact them to whitelist the second domain so as I can compare the difference.

    If you visit the first site and try to make a comment using google, it works fine

    If you visit the second site and try to make a comment using google, it does not work

    The only reason is that the first domain is whitelisted by them to use openid auth and the second domain is not.

    So, I will still standby the fact that its not a fault with the plugin but the rules which they set to be true by default

    It can be fixed by whitelisting a mod_security rule

    If you want, you can contact them, point them to this thread and ask them to fix it as its not an issue with the plugin. Had it been a fault with the plugin, it would have not worked for me too.

    The best I can offer you is that I can contact them on your behalf and ask them to make the necessary changes so that it can be fixed, but if they are not, then there is nothing we can do about it I am afraid.


  • zimbruluk

    Hi PC,

    It seems that Hostgator done something to fix the problem with the plugin.

    "The best I can offer you is that I can contact them on your behalf and ask them to make the necessary changes so that it can be fixed, but if they are not, then there is nothing we can do about it I am afraid."

    Good to know the above. This will make me avoid your Marketplace in the future.
    All the best guys :wink:


  • zimbruluk

    That's correct: Hostgator has done something to fix the problem with the plugin because the plugin was written in such way it was interfering with the server settings. A good plugin has to work taking into account that. None of the plugin I got for free or paid has got this problem.
    Also, the plugin does not update the "injection" option as I've mentioned before (you can see this here ). It's hardly to believe I'm the first buyer that flagged up these problems with Comment Plus plugin here at WPMUDEV...

  • aecnu

    Greetings Zimbrul,

    That is by far the most ridiculous statement I have ever heard of regarding servers and you have this skewed to be the exact opposite of the truth.

    There is no server setting that blocks the call from the application/plugin that Host Gator is not instituting themselves via Mod Security module which is completely empty when activated and THEY go in and manually fill in the rules.

    It is easy to confirm that Mod Security is indeed empty when activated and one must configure the rules manually:

    Being Global Network Administrator for two companies on both sides of the big pond I am certainly in the know and qualified to make that statement.

    However, I have also seen that you have not bothered to update your version of the plugin that our Lead Developer has coded around Host Gators Mod Security setting, have you?

    Please advise.

    Cheers, Joe

  • zimbruluk

    Man, not sure where you were looking but the plugin is at version 1.5.1 indeed on my site here at look again (and it's been there since advice by your support staff).
    Bottom line the Comments Plus plugin for Wordpress is flawed (see problems encountered by users in Forum) and I have to seek professional advice before using it on a production site.
    The plugin is appealing at the beginning but if it's coded to NOT work on such big hosting provider like Hostgator it's not good mate, I tell you: a WP plugin should work out of the box and yo should know that if you say are an "Global Network Administrator for two companies on both sides of the big pond". As far as a pond goes in my opinion it's got more that two sides :wink:...
    On the other hand it doesn't look to me too professional to have the plugin on the marketplace for such a long time and not being able to know why the Google authorisation not working. Only after I've told you the problem you went to the plugin author and he tried to fix it in version 1.5.1.
    By not offering a full refund to a product you sell and it's not working on a client site because the way the plugin is coded it looks bad. When I've purchased a plugin from Codecanyon and it didn't work I've been refunded straight away. This say a lot about the way you do business here at WPMUDEV. Good to know...and I usually don't keep my knowledge only for myself.
    And the last observation I want to make: how comes that a user of the plugin cannot rate the plugin? Hmmmm...yeah.
    Anyway, I'll thank you guys for struggling to make this work eventually but as I said before I have to consult with a WP code guru to see if the plugin can be used on a production site.

    Florin aka Zimbrul

  • aecnu

    Greetings Florin,

    Thank you for your kind and considerate reply, it is appreciated and I mean that without sarcasm, I truly appreciate it.

    Bottom line the Comments Plus plugin for Wordpress is flawed (see problems encountered by users in Forum)

    There are 8000+ members here and those that do not have problems do not post for obvious reasons. Maybe that is the common link between all of those having trouble - Host Gator.

    If it is flawed and does not work how come it works without incident on my production servers:

    In my honest opinion Host Gator is the Yugo of hosting companies and only second in this rating to Go Daddy which is by far worse with there non local host database servers causing lag between the web servers and the database servers.

    You mentioned big like Host Gator, yepper they are big but honestly, when was the biggest at anything the best or even moderately good?

    And yes our lead developer did indeed at least try to adjust the program to go around there mod_security setting and kudos to him.

    In any event Florin, I wish you the best with your projects and your internet adventures.

    Sincerely, Joe

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.