Patron Plugin Pro plugin conflict with WP Security Ninja

Hello.
I need help on my site. I found a Patron Plugin Pro conflict with a firewall that is running on my WP Security Ninja site. There is a spontaneous spike in VDS server CPU load 100% when the Patron Plugin Pro is running. And as a result, my site goes into a deep knockdown as if it was a DDOS attack. I have to go north and rename the Patron Plugin PRO folder so that the site comes to life again.
I tried to find out the reason for a long time and through hypotheses and experiments, I managed to find out that the reason lies in the firewall for WordPress. When I turned it off completely, the load disappeared. So I need help solving a problem or perhaps some advice on how to configure the firewall. Is there a list of IPs for Patreon that I should add to the whitelist or other indications of options to exclude?

My conclusions about the WP Security Ninja firewall turned out to be wrong. In the last experiment, I completely uninstalled WP Security Ninja, completely disabled the CDN by enabling Bypass, completely disabled any caching.
And attention! This didnā€™t solve the problem. The Patron Plugin Pro continues to attack the CPU, rendering the site inoperable and completely paralyzed.
I need an answer, is this a solvable problem or not?

To clarify again - did you try to disable Patron Pro and try if the same thing happened with Patreon WordPress as well?

I completed a new session of compatibility testing. This time I spent more time on the tests, as well as doing a stress test for the site.

The conflict has been identified. It is called by the well-known plugin Complianz | GDPR/CCPA Cookie Consent

Now knowing this, it is possible for you to make any corrections to the Patron Plugin PRO code. As I understand it, this information will allow you to conduct your own compatibility test.

On the one hand, I am glad that the problem has been identified, but on the other hand, I cannot ignore the law on personal data, and this plugin is the most popular and of high quality for solving this problem.

Right now my site works well with the complete set including Patron Plugin PRO, but switch off - Complaints | GDPR/CCPA Cookie Consent. And testing under traffic load is also successful. The CPU load does not increase as it was at the time of the plugin conflict.

A day has already passed with the disabled Complianz plugin and there were no problems. So we can confidently conclude that this combination is causing the problem.

Now knowing this, it is possible for you to make any corrections to the Patron Plugin PRO code. As I understand it, this information will allow you to conduct your own compatibility test.

Its not possible to make all plugins compatible with each other, and even if this is attempted, its not certain how long this would take. Complianz is an extremely complicated plugin.

If you donā€™t have complicated data processing that happens through 3rd parties (Adwords G4A tracking, affiliates or other 3rd party providers etc), WordPress already gives you the necessary tools to sort out most of the GDPR requirements and the equivalent. You need to specifically list all purposes in a cookie banner and get a confirmation, which you can do with a lot of lighter plugins that are similarly popular. For the time being, you can try using one of them in Complianzā€™ place.

Well, I have Google Analytics, so I will have to deal with this issue. I donā€™t know what to do, Iā€™ll try to look for other plugins for this task. But you should probably study this problem and possibly make changes. After all, Complianz is a very common plugin and it has a high priority when it comes to deciding whether to keep only the essentials among plugins. I mean that it also theoretically limits you in sales.
But the worst thing in this story is that this error is very difficult to identify, and it is not immediately clear what is happening at all why the site is subjected to an effect similar to a DDOS attack.

Well, I have Google Analytics, so I will have to deal with this issue

Note that the few existing varieties of Google Analytics are quite different from each other. And even with G4A, if you arenā€™t using certain things (like ad performance tracking etc) and enable any 3rd party processing, then the compliance requirements are reduced greatly and you could do with a much simpler plugin that interferes with the operation of your WP site much less.

We have no advertising at all and do not plan to. The only thing is standard analytics for analyzing the effectiveness of the site and nothing more. Maybe you can recommend something to replace Complianz?

The analytics part is a bit complicated. Because some features of Google Analytics do share data with 3rd parties. As far as I know, Complianz provides a lot of information about that in its wizards. So if you check them out, you could find which analytics features involve 3rd parties. And if you dont use a GA version that involves those or you turned off those features, you could do with a simpler plugin.

As for which plugin, practically any that lists the services that you are using in detail and allows confirmation would do.

  • The Cookie Law does not require that you list cookies one by one, only that you state their type, usage and purpose.

WP already provides GDPR features like downloading of usersā€™ records (to send them) and deletion of userā€™s records.

for the sake of santity, cookie banners and implementation of them and also keep them rightfully implemented is the most non-trivial task for WordPress Admins and because of this the majority of sites have no cookie banner, a cookiebanner which fails the GDPR laws or a misconfigured one. Sites doing this right for a longer time are really in the minority. This stuff is much more complicated than most people realize and can break on so many levels.:::

My tip is really ditch GA, use matomo and also use the server side tracking. This has so many benefits: The implementation is super simple. Generating Reports with the nee GA that normal non big enterprise people can understand is near impossible with a non big enterprise budget. With SST you will have a much faster site loading times, less JS. You can configure it super easy that it is in line with GDPR and no banner needed.

I also still use Complianz on several sites and I really hate it, still havenā€™t found an alternative that works(!) well without breaking the bank.

There are also server-side analytics plugins like Burst Statistics (from the makers of Complianz) that dont track visitors.

1 Like