Breaks site

[barkgj]

We get support questions on our theme because of an issue in the plugin. Your plugin breaks this site while serving cached ouput; http://www.highpointfarmhudson.com/events/ Video showing the issue; https://www.youtube.com/watch?v=Abgaplg4lmk

[MikeHansenMe]

Thank you for the video showing the issue. This is due to a single line comment in the javascript.

// background page decorator

I have removed the minification from the plugin and that should correct the issue. https://github.com/bluehost/endurance-page-cache/commit/9e090cb03ac352af7c5e62792d894800a09de115

Please let me know if you see any additional issues.

[cleyda]

This plugin is also breaking our website. Apparently, Bluehost installed it on customer servers, and our nonprofit was very unfortunate to be a customer.

When our website was disrupted, I contacted customer support and logged into my cpanel account, to review the server situation. I identified a few of the resources for this project and alerted the Bluehost tech, pointing how out this seems to be a Bluehost installed plugin. The tech informed me that Bluehost does not install these kinds of plugins.

Since this plugin overwrites the .htaccess files as well as the wp-config file, it looks a great deal like a hack job. In fact, Bluehost's Wordpress Tool suggests this very thing. The several Bluehost techs who attempted to resolve my issue were completely unaware of the plugin, causing further concern and making it more difficult to figure out which files had been affected by the plugin. (They seemed to think it was some dumb mistake I made).

If we had been properly alerted to the install --or given an explanation or choice about it-- I would have done preparatory backups and stood guard in case of problems. Instead, I wasted an entire day with tech support while my website was a mess.

Is there a way I can be alerted when any of these types of applications might be installed on my Bluehost server?

I do not know how much bandwith or performance you expect to win with this plugin. But Bluehost needs to stop rolling out applications in this manner.

[MikeHansenMe]

Hi @cleyda currently the only reason your site would have received the plugin is if we saw the site experiencing a spike of traffic. In an effort to help you keep your site online and not effect others on your server we add this plugin and have seen substantial performance improvements. Not sure what about it looks like a hack job but if you would like to provide some specifics, including a domain, I would be happy to look into the issue and see what exactly was breaking about your site. As for the WP Tools suggesting your site looks hacked, I know there is a bug where error_logs are showing as hacked files. When you provide your domain, I will look into the specific error WP Tools is giving as well.

[cleyda]

Can we discuss the website over PM? I'm happy for the plugin to be on our server, assuming it works properly. The system reinstalled the plugin this morning, and once again it messed up our website.

[knighthawk0811]

to re-iterate @cleyda, I too would really like some kind of notice when something like this is placed on one of the sites I manage. I manage over 30 websites on multiple servers including BlueHost and it is quite annoying to find BH uploading MU plugins without my knowledge and changing my .htaccess file as well. Only to have me make some updates for one of my clients while I am on the phone with them and then the updates don't show live on the website because there is a cached version which I don't know about and I have to do some kind of magic dance so that my client doesn't get the idea that I don't know what's going on the with website that I built them and manage for them.

When you change the normal function of a website without the knowledge of the people who run the website you are breaching an ethical code. While your intentions may indeed be good, the effects are that you create mistrust between yourself and those you are supposed to be helping. As far as I'm concerned, you did hack into my website and insert a virus without my knowledge. A virus by definition as it is software which performs a function that I do not want and was not asked if I wanted and was not informed about it in any way. Perhaps this may be noted in your ToS and you feel "covered", that's great, but I don't feel covered at all. I feel betrayed. Now If I want to continue using your service (which is otherwise great aside from this and the auto-updates...ugh) I have to weigh the pro and cons of not being able to ever know if I am fully in control my own website.

TLDR: we do not want to be surprised with code that we have to opt-out of, instead why not surprise us with code that we get to opt-in to so that we do not feel violated and lose trust in BH.

[emgorman]

Truth.

[sr3d]

+1 this is very annoying.

I needed to update a certain WP site and the changes were randomly refreshed and thus causing me a lot of surprises, until I found out that the whole page was cached by endurance-page-cache (found at the bottom of the page).

At least the plugin should show up in the Installed Plugins list with a clear description like "This plugin was installed automatically by BlueHost to help with your Wordpress performance"

Not cool and it makes debugging and developing a WP site on BlueHost very annoying.

[hanasazi]

I had a problem with a site that was so messed up by EPC that any browser was trying to download my client's site rather than display it. Naturally, hours on the phone/chat with support, so many that I couldn't charge for the time with a clear conscience, no mention of the plugin or how to clear its cache, and nearly two weeks of downtime for my client's business website. That was a hideous, horribly embarrassing situation that I NEVER want to go through again. I'm a Bluehost affiliate and hate to talk bad about them since in so many ways they are a very good host, but installing a caching plugin without the site owner's knowledge or consent, without any information about how to clear the VERY STICKY CACHE is beyond the pale and totally unacceptable. Especially when there is already a caching plugin and additional caching code in htaccess. Why couldn't you have made it so EPC updated the cached files when things change on the site, and let customers know how to clear that cache when it is affecting their site's display? As site owners, designers and managers, we need to know this stuff!! If we were informed, no one would have a problem and Bluehost would still be able to better manage server load, but we hear from support all the timer that they never add anything to a customer's site, so it really is devious and deceptive not to make it clear that if one's site causes a server load issue that this extremely sticky caching plugin that could affect your site's display and performance will be installed. I'm getting upset all over again, the experience was so traumatic for me as the designer, feeling like an assand having to apologize and try to explain myself over and over to my client for two weeks because I couldn't find the source of the problem. Ha! Never thought of looking in the MU plugins to see what someone had installed on the site without the client's or my permission or knowledge. So not cool. So much money and time lost on the part of myself and my client.

[Johan333g]

@MikeHansenMe -"Not sure what about it looks like a hack job"... well "we add this plugin" without consent, without the ability to delete the plugin through the dashboard.

So you maliciously injected code into a website that you don't own without permission, for your own or affiliate benefit.. that's hacking.

You have admitted to the creation of the software that hacks into sites you don't own bypassing login and changing server access files upon activation. Then WP Tools is not in error at all.. the sites have been hacked.

DO NOT ACTIVATE THIS PLUGIN delete the file mu-plugins/endurance-page-cache.php from your install using an FTP manager.. Then install a real caching plugin.

[keylength]

Trash!

[earnjam]

This was resolved in 9e090cb, so I'm going to close this issue. If you identify other problems with the plugin, please feel free to open a new issue.