SmoothSpan Blog

For Executives, Entrepreneurs, and other Digerati who need to know about SaaS and Web 2.0.

Archive for June 1st, 2017

Major Data Loss Bug in WPEngine and Yoast SEO Plugin

Posted by Bob Warfield on June 1, 2017


What would you think if I told you that while using the most popular WordPress SEO plugin on one of the most popular WordPress hosting platforms you’d lose a blog post approximately every 30 days and be locked out of your account?  It’ll cost you the time it took to write the blog post plus the time to unsnarl things with the hoster each time.

Pretty ugly, right?

Well that’s exactly what can happen if you use WPEngine as your host and the Yoast SEO Plugin.  I’ve been around this track twice in the last 30 days.  Both times WordPress froze while I was editing a blog post.  Both times I lost the entire post with no backup.  I’m not sure why the normal incremental saves failed.  Both times I was completely locked out of my site–my IP address was blocked.  And both times I had to have my IP address white listed to get back in.

Guess what?

It’s just going to keep happening too.  The folks at WPEngine are completely adamant that what they’re doing is right and the only way to keep their platform secure.  There’s just one problem–I use multiple platforms for my WordPress blogs and I use Yoast on all of them (it’s the most popular SEO plugin there is) and only WPEngine has these problems.

Worse, WPEngine recommends and endorses Yoast.  If it’s such a bad actor, why wouldn’t they be blocking me from even installing it?

Every time my ISP gives me a new IP Address, I will get this all over again.  Another blog post trashed.  More hours wasted.  And all of it should be tragically avoidable.

During my second go-round with their tech support, I was told that what’s happening is Yoast is sending links with unsafe characters.  They indicated this was somehow my problem.  So, I asked them to help me reconfigure to avoid the problem.  After tracking down a senior tech, here’s the list of URL’s containing unsafe characters they gave me:


Gobbledigook to be sure, but more importantly, it’s nothing I’ve typed in as a link.  And after some back and forth I confirmed, it’s nothing we can configure Yoast to stop doing.

You see, it’s tracking the prominent words in the article as I type them.  You can see I was writing an article about “copyblogger”.  It’s one of my Top 15 Marketing Masters profiles where I go through and analyze the marketing tactics of the Top 15 online marketers I follow.

Presumably, if I type enough of the right things fast enough, WPEngine’s security bots are triggered and my IP is frozen out.  Of course, WPEngine is adamant that this is sound practice and that really it must be Yoast that’s at fault.  As a software developer, I look at this and call BS.

This is all innocuous stuff.  If they were going to have a problem with this stuff at all, they should not be locking out IPs that they’ve authenticated as the site owners.  Maybe others, but not a properly logged in administrator.

In fact, I would submit that there should be no case where they cause data loss based on anything I can type into a blog post.  Yes, perhaps if I misconfigure some serious system level setting, MAYBE.  But not just because I’m writing a blog post.

There are so many ways the WPEngine folks could work around this and prevent data loss.  I have a hard time believing I’m the only one it happens to.  Certainly the tech support rep knew exactly what was going on when I got in touch.  But, for whatever reason, it continues.  I couldn’t even get the rep to escalate me to his supervisor.

It may be time for me to find a better hoster.  This is just silly to keep losing data so frequently.

Posted in cloud, customer service, platforms, service | Leave a Comment »

%d bloggers like this: