Bruce

Thank you for your inquiry.

We appreciate your interest in s2Member. :-)

1. I need to be able to deliver files securely from both the S2 folder and my Amazon S3 account. The reason for this is that S3 has all of the Video and large files where smaller files can be delivered from the membership site.

Yes. This will need to be specified in your Download URL. If you have Amazon S3 set up, s2Member will (by default) get the file from Amazon. If you have Cloudfront it will default to Cloufront. If you’d like to have a User download a local file when you have S3 + Cloudfront, or just S3 set up, you’ll need to set s2member-file-storage to local for the links to these files.

You can find out all the information on this when you install s2Member under: Dashboard -› s2Member® -› Download Options -› Shortcode Attributes & API Functions

2. Does S2 handle members being suspended by Paypal?

3. Once a user re-activates his paypal account will S2 handle this?

No, s2Member only cares if payments are failed or cancelled, or if they succeed. I’m actually unaware of any notifications that s2Member would receive from PayPal regarding an account suspension, but I’ll have our development team look into it.

4. Does S2 allow me to give coupon codes to reduce the membership rate, not just for the first month but for all months?

Yes. From the docs:

By default, s2Member will apply the discount to ALL amounts, including any Regular/Recurring fees.
* However, you may configure Coupon Codes that will ONLY apply to (ta) Trial Amounts, or (ra) Regular Amounts.
SAVE-10|10%||ta-only (10% off an Initial/Trial Amount; the ta=”” attribute in your Shortcode)
SAVE-15|15%||ra-only (15% off the Regular Amount(s); the ra=”” attribute in your Shortcode)
XMAS|5.00|12/31/2021|ra-only ( $5 off Regular Amount(s); the ra=”” attribute in your Shortcode )
5PER|5%|12/31/2021|all ( 5% off All Amounts; this is the default behavior “all” )

Let us know if you have any further questions/concerns. :-)

Thank you for the information.

I’ll have our development team look into this. I’m unable to recreate this issue, but perhaps we can figure out what’s causing it.

@CC SHambres

would you mind providing a Dashboard Login so we can take a look at your site’s setup? It could provide some insight. :-)

See: s2Member® » Private Contact Form

Okay. Thanks for the information. I’ll ask our development team if they’re heard of anything like this happening in the past.

Thanks for the follow-up.

The link you’re referring to is something that s2Member isn’t controlling, that’s a WordPress thing. You can stop that from happening like this:

Put this into a Must-Use plugin:

http://jobs.wordpress.net, or another freelance web site where WordPress® experts are offering their expertise through a bid on your project.
[/note_box]

Thanks for the follow-up.

Thanks for the info. Do you mind if we take a look? You can send us a Dashboard login via Private Contact Form.

See: s2Member® » Private Contact Form

Thank you for your inquiry.

s2Member doesn’t currently support uploads from the frontend. You’ll need to have another plugin to handle this.

Could you please tell me where a parser is? I’ll try to add another rule for phone nembers like +xxx(xx)xxx-xx-xx where country code can be 1, 2 or 3 digits. I think, a lot of people needed this rule.

You’re looking for /s2member/includes/s2member.js, I believe.

As a possible suggestion for future releases of S2member, might there be a way to lock an IP address from even accessing the wp-login form during the lockout period? If you fail the login and reach the limit, have S2member block that IP from accessing the wp-login area of the site. That would prevent not only brute force attacks, but any resulting server resource consumption that would cause issues on the server end by attempting logins even when already locked out.

I’m sure this is possible. However this really would not help because the idea here is that the connections are still going through and PHP is still running causing s2Member to load, so really this wouldn’t help very much at all.

This needs to be dealt with at the server level.

s2Member’s limits (as far as members go) is something that WordPress is in control of. According to some sources I’ve found online, you could theoretically have up to 18446744073709551615 members. However you’d need some seriously powerful servers to handle that :-).

50,000 Users will use up a lot of memory through SQL on your server. Could s2Member deal with that many members? Sure. Could your server? That’s something you’ll have to find out.

As far as importing members goes, you’ll need to split them up into chunks of no more than 999 at a time. s2Member Pro supports Importing members. You can find information on how these Imports work here:

Knowledge Base » Import (or Mass Update) Users

Thank-you very much for the information.

I have notified our development team and site moderators about this. We’ll get this fixed ASAP.

What questions do you recommend I ask? Should I be asking about the safeguards they have in place for brute force as well as denial of service?

I’m not very experienced in this aspect of site security, it seems like the only way to keep this from happening would be for your hosting company to be able to track when multiple connections are going on from one source very fast and stop that from happening from the server level. As far as Brute Force hacking goes, s2Member has you covered here. There’s no way someone could try more than 5 (or in your case, 3) passwords and not get locked out from trying more for awhile.

I’d recommend asking if there are any options you have with firewalls protecting your site from multiple fast connections like the hackers were attempting today. That’s the only thing I know of that could stop this.

And why does it ask ME to approve the comments?! I’m not an Admin at s2Member.

This is a WordPress thing, we’re not really sure why it’s happening, and we thought we had fixed the issue by disabling pingbacks/trackbacks, but from what you’re saying it’s still sending you these spammy emails.

When did you last receive an email like this?

So new question, is it possible that S2member was working perfectly, and locked the hacker out, but his continued attempts to submit password and username combos was putting stress on the server? The login form is still available, you can still submit a user/pw combo even when locked out, might that have been what was bogging down the server?

Yes, that sounds like what the problem was. Many servers will provide a firewall to keep that from happening. I believe the term you’re looking for her is Denial of Service (DoS, also sometimes called DDoS). They were doing a DoS in conjunction with trying to hack in through Brute Force. s2Member stopped the hacker from hacking your installation, but your server still maxed out memory/CPU.

See: http://en.wikipedia.org/wiki/Denial-of-service_attack

If this happens again I’d strongly recommend talking to your hosting company about setting up a firewall (or if they have one, a better one). If they do not have that available, you may think about switching hosting companies. We recommend FireHost.