After a couple weeks of sitting on a new release, I have pushed out v0.31. This release addresses the ModSecurity problem that I had noted in a post a few weeks ago. After chasing this problem down with the help of several users who were willing to work with debug code and/or give me access to their server, I was able to figure out what was going on.
The simple explanation is that the Apache ModSecurity module can be pretty restrictive and returns 403 errors when a form is submitted. WordPress then does it’s thing and concludes that the page should be displayed again. The net result is that form is never submitted and no feedback is provided to the user. From what I’ve seen, ModSecurity doesn’t like URLs passed as parameters which WordPress Google Form does for the Google Form – it needs it to submit the responses to the form.
With this update two things have changed:
- If a 403 error is returned, the plugin will check for it and show a message if/when it happens.
- The Google Form URL is passed as an encoded parameter so it doesn’t get flagged by ModSecurity.
These changes won’t address all instances when ModSecurity kicks in – if your form includes any input where a user can type a response AND they user submits a URL as a response, there is a pretty good change a 403 error will be issued by the server.
Hopefully this change will help some very odd use cases where users don’t understand why the plugin isn’t working for them. It has worked in four (4) additional situations that users have asked me to look at it plus the two original that I looked at.
You can find the update in the WordPress Plugin Repository.