SSL Bug in Plugin and Question

I have a a feedback and a question on this plugin:

1) I am adding it to a site that uses SSL throughout. This plugin appears to have 1 hardcoded URL that disrupt and break SSL on browsers. The URL is http://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800 and it's found in this file: wp-content/plugins/jobs-plus/assets/main.min.css?ver=1.0.2.0

You should instead use https://fonts.googleapis.......

2) I only want to use the Jobs. I don't need the Experts section. Is there a way to gracefully remove all the Expert part of the plugin's functionality?

Thank you~

  • Predrag Dubajic
    • Support

    Hey @paperweight,

    Hope you're doing well today :slight_smile:

    1) I am adding it to a site that uses SSL throughout. This plugin appears to have 1 hardcoded URL that disrupt and break SSL on browsers. The URL is http://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800 and it's found in this file: wp-content/plugins/jobs-plus/assets/main.min.css?ver=1.0.2.0

    Thanks for reporting this in, I have flagged a bug report for this.

    2) I only want to use the Jobs. I don't need the Experts section. Is there a way to gracefully remove all the Expert part of the plugin's functionality?

    You can use this CSS buttons to hide experts buttons from front end:

    body .jbp-browse-pro, body .jbp-add-pro {
        display: none;
    }

    If you want to hide it from admin section as well you can use plugin as this one:
    https://wordpress.org/plugins/admin-menu-editor/

    Best regards,
    Predrag

  • paperweight
    • The Incredible Code Injector

    Thanks for your help. The CSS solution is not a safe or secure solution because it only obfuscates the information. It should instead remove totally from the user's area. Is there a way to do that so the plugin has forward compatibility?

    Also, I want to block access to the plugin to only logged users. I am able to change the permissions for https://www.DOMAIN.com/jobs-experts/ because that is in the Pages area of the WP admin. But I can't find where these Pages are located:
    /job/add-a-job/
    /jobs/

    How can I lockdown the entire plugin easily?

  • paperweight
    • The Incredible Code Injector

    I just found wp-content/plugins/jobs-plus/assets/main.css also lacks https...... I think I'm not going to look any further, and I can probably assume more files lack https... so can you just have the developer run through everything and change all http to https? https can degrade to http easily, but it doesn;t work the other way around on browsers. Thank you~

  • Rupok
    • Support Ninja

    Hi paperweight

    I hope you had a wonderful day.

    Also, I want to block access to the plugin to only logged users.

    You can easily do this with our Membership 2 Pro plugin: https://premium.wpmudev.org/project/membership/

    With membership plugin, you can easily create a free membership and then lock the contents only for logged in users from "WordPress Dashboard > Membership 2 > Protection Rules" section.

    And thanks for letting us know about the ssl issue. I can see that @Predrag Dubajic has already flagged our developer and the job is already added in our task list. Please keep in mind that our developers work round the clock and they have to deal with lots of critical issues. So it may take a little while before they solve this issue.

    Have a nice day. Cheers!
    Rupok

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.