Oauth, the upload of pics,

First off I wish that there was a board for non technically proficient folks like myself that have used Elgg from off the Cpanel and have bare minimal (if that) technical knowledge. Of course I suppose that someone with my lack of technical expertise should probably be hiring folks who develop rather than begging for free advice. However I am a very poor guy so there is that.

Now my questions.
I have a home gardening site ( homegardenbook.com) for folks to keep an online garden journal. No monetization anticipated or sought. Most of the site is built with a Wordpress template. I want folks to be able to sign up as a user on Wordpress and then access my elgg portion at the same domain by signing in with their wordpress id. I installed a plugin to that end and installed an Oauth plugin on the Wordpress side. One of the questions on the Wordpress plug in is for the "Authorized Redirect URI" I have no idea what that is. Every url I type in and save results in a "That website can not be found" error after I test the sign in with WOrdpress option. In the Elgg plugin there is no mention of an "Authorized Redirect URI" . they just ask for the WordPress Consumer and Secret Key (which the Wordpress Oauth app supplied). Can anyone help me figure out what should go in the "Authorized Redirect URI" box?

I want folks to be able to upload pics of their garden, The landscape icon in the blog post menu bar requires a link to a photo. The embed content feature is very hit and miss and regardless of the size of the pic says that it exceeds the 5mb max (but ultimately does upload the pic although it is immovable in the box with no wrap around or positioning) Are there any plugins that might add an easier pic upload and handling AND while at it, is there a way to change the 5mb cap on file uploads?

Thank you for hearing me out/

  • There is https://wordpress.org/plugins/elgg-bridge/

    You must use Web services bundled plugin and API Admin plugin.

    Try these plugins first and then clarify your questions.

  • Thanks! I have installed the elgg-bridge on WP. It asks for the Elgg API. I do not know ehere such is generated and found. I have installed and activated the API Admin plugin and Elgg Connect. Web_services is active. I am still lost where to find the API.

    Sorry to be so imprecise. It is a foreign language to me.

  • Actually I found the API Key Admin under utilities. It asks for a reference to generate a 'new keypair'. I have no idea what that means.

  • Since I followed the instructions I was swamped with spam users and mailchannels now has me blocked and I guess my site is finished. I was naïve to post here

  • I very much doubt that your postings here have anything to do with any spam on your site. Unfortunately, spammers come across any site and post there sooner or later (or at least try to).

    By default, Elgg does not provide much in terms of keeping spammers out. To improve the situation I would suggest to install the Spam Login Filter plugin (https://elgg.org/plugins/774755) at least to block spammers from already suspicous IP addresses from registering on your site.

    But let me ask you: are the spammers registering to your Elgg site or are they registering to your Wordpress site and then post on the Elgg part? If they come from the Wordpress part, you would have to secure this side, too. I never used Wordpress so I can't give any advice how to deal with spam there but I'm sure there are be Wordpress modules available for this purpose.

    If you don't want people to register on your Elgg site but only use their Wordpress account it might work to disable the account registering in the site settings of your Elgg site. Then you wouldn't need any Elgg plugins to keep the spammers out either. If the spammers come from Wordpress and you can't stop them, it might be necessary to disable to Elgg Brigde plugin again. If they can't login with their Wordpress account they can't post spam either.

    What exactly is blocked by mailchannels? Can't you ask them to unblock you?

  • Everything was blocked by mailchannels as over 500 user registrations were attempted in about 2 hours. No the Word Press site doesn't have the ability to allow a word press user to log in using their wp id. I was trying to create that ability when this occurred. In fact I am the only user in my wp site. They all did the email validation route through elgg. After the first couple dozen mailchannels shut down sending out the validations. I went through about 500 of the mails blocked from mailchannels and reported those dealing with normal user notifications as not spam.I installed Spam login filter. Deactivated everything I had installed trying to create the API key and deactivated web services. The hits started within 1 minute after I had installed and activated a suggested API Admin plugin. 

    Those spammers that got in mostly posted bookmark links to gambling sites and travel sites. I have them all cleared out although for the longest time the delete user tab wasn't working. Now the number of spammers has slowed to a few an hour.Despite having the User Validation By Admin plugin activated a few still somehow still are validated.

    I have 3 different sites going. Two of them use Elgg. Only this one has had such an attack. wp sites gt the usual comment spammers which are easily dealt with. This is far more problematic.

  • I should add that I don't at all believe that there was any ill intent by the author of the API Admin pluggin although you might think I did from my statements. I think that maybe my generating an API code somehow allowed some other weakness to be exploited due to my own lack of knowledge.OR it may have just been an unhappy coincidence that the spam attack occurred at the same time I activate the plugin.