This topic contains 4 replies, has 2 voices, and was last updated by 
- Posts
Hiya Ernest,
I have “Minimal character count to trigger search” set to 4, but it turned out that the plugin won’t ignore subsequent space characters.
I assume this option should also automatically set the minimum search query length, e.g. I should be able to search for “life” or “lif ” (one space), but not “li ” (two spaces).So I can type “li ” and this will trigger search.
I can also type “a ” (3 spaces) and it’ll also trigger search, however search results are somewhat weird in this case – they start with Z.
You can confirm this on my site I provided access credentials to above.Looks like I found two bugs in row here? 🙂
Hey!
Indeed, I’ve actually fixed this, but forgot to implement, since it was good for testing purposes 🙂
On the server side the phrase is trimmed and escaped, so no matter how many spaces appear at the end or the front (or more than one inbetween), it’s always removed before searching.
I will note this to be fixed, it might not get included in the next release though.
Best,
Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)
It would be great to have this fix included in the release sooner than later because I can see the current behavior as a potential abuse magnet.
Someone or something (bot) bombarding a bigger website with 1-2 letters search queries. Doesn’t sound good to me 😉
And yes, I realize that it will eventually hit the results limit, but in some cases it’s necessary to have really high limits (a different subject indeed, I’ll come back with this in a separate topic).I started looking for some ways to prevent search abuse (e.g cap speed at X search queries per minute per user) or actually have a ‘real’ hard limit on the minimal character count that will ignore spaces, commas and so on.
Not meaning to push you with this in any way, but the thing may become a real problem for big and competitive websites. I’ll share any valuable info I find on this.It won’t stop bots from search abuse, as they usually don’t use the actual form to make an ajax call. Almost all of them work from a command line or as a tool, and (pre-recorded) requests are made as a GET or POST command, with fake headers. They can repeat it a billion times if they want, without visiting your site. This is unpreventable and undetectable with a front-end script, as it’s not even executed.
Client site script limits only stop regular users (unfortunately they are not the ones abusing), it’s more of a cosmetic/usability issue – as it is very easy to lift these limits from the console, if an advanced user wants to be abusive.
The best thing to do is to have a firewall of some sort to filter abusive bot IPs. I can recommend cloudflare, so far in 5 years I have not experienced any kind of abuse whatsoever.
Best,
Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)
Yep, you’re right. Definitely some food for thoughts here, thanks.
Will definitely check CloudFlare in depth too.
You must be logged in to reply to this topic.