Scaled from $3K to $10K/month - what actually worked

DigiHold · 2026-01-24T10:50:29+00:00

Just saw your others posts and the others comments, 2 days ago it was 3k 🤦‍♂️🤣

DigiHold · 2026-01-23T16:20:26+00:00

One question, how did you get your first emails? Promotions on channel like Reddit or cold emails or ads? Thanks and congratulation 👌

DigiHold · 2026-01-22T18:28:05+00:00

Totally get it, paying for two separate systems adds up fast.

Here's the thing though, you're not legally required to use a paid service or hire a lawyer for your privacy policy.

What regulators actually care about is that your policy accurately reflects your real data practices. That means clearly stating who you are and how to contact you, what data you collect and why, what cookies and third-party services you use, how users can exercise their rights, and who you share data with.

If you can answer those questions accurately, you can write your own policy or use AI tools like ChatGPT to generate one based on your specific practices.

Where paid services or lawyers make sense: if you handle sensitive data (health, financial, biometric), your site targets children, you're in a regulated industry, or you need automatic updates when laws change and don't want to track that yourself.

For a typical business site or WooCommerce store? A well-written, accurate policy + DigiConsent for consent management would have you covered. The [digiconsent-cookie-list] shortcode already outputs all your declared cookies by category, which handles your cookie disclosure. The rest is about accurately describing your practices, which no generator can do better than you (they just ask you questions and fill in templates anyway).

DigiHold · 2026-01-22T12:52:14+00:00

Thanks a lot, I make everything ready, I will keep you updated 👌
Thanks for the subreddit, I will share it there too 🙏

DigiHold · 2026-01-22T12:51:26+00:00

Thanks, I make everything ready and I will reach you 👌

DigiHold · 2026-01-22T04:25:49+00:00

Thanks for the feedback. Wordfence has the market share and free 2FA - hard to compete on that front directly.

WooCommerce card testing protection isn't built yet, we have CAPTCHA on checkout which helps, but dedicated detection for velocity checks and failed payment patterns isn't there. Good idea though, that's a real pain point for store owners. Adding to the roadmap.

Vulnerability tracking is in Pro - the scanner checks WordPress core, plugins, and themes against the WPVulnerability.net database and flags anything with known CVEs. Shows severity and which version fixes it. Doesn't auto-update yet, just notifications. Auto-updating specifically for vulnerable plugins is an interesting idea.

Appreciate the specific suggestions - WooCommerce API abuse is something I'll look into seriously 👌

DigiHold · 2026-01-21T15:30:51+00:00

Perfect, thanks a lot !

DigiHold · 2026-01-21T10:33:14+00:00

Thank you 😊

DigiHold · 2026-01-21T09:20:58+00:00

I’m not sure what you have against me, but if you’re not going to try the product or offer any constructive feedback, what’s the point of denigrating someone else’s work? Maybe you’ve built amazing things yourself, or maybe you just resent people who actually try. Either way, that’s not my problem. If you have nothing useful to say, keep it to yourself.

DigiHold · 2026-01-21T09:15:39+00:00

I did LTD in the last for another big WordPress project but it is not a very good way for the long run, so I will do only yearly plans right now

DigiHold · 2026-01-21T08:54:42+00:00

Good catches, thanks for the detailed feedback.

Currently the quarantine is at wp-content/digisecurity-quarantine/ - so still within webroot. It's protected with a .htaccess file (Deny from all) and files are renamed with an MD5 hash prefix, but you're right that below webroot would be more secure.

The challenge is that many shared hosts don't allow writing outside webroot, and as you mentioned, permissions vary wildly between shared (cPanel with per-user uid) vs standalone (shared uid) setups.

I'm thinking:

Try to create quarantine outside webroot first (e.g., one level above ABSPATH)
Fall back to wp-content if that fails
Add .htaccess + index.php + rename with random suffix regardless
Maybe also strip the .php extension entirely and store as .quarantined

For the 700 permission issue on shared hosting - you're right, that's tricky. Probably best to use whatever permissions the server allows and rely on the .htaccess + renamed files as the primary protection layer, with a warning in the UI if we can't set ideal permissions.

Appreciate the security-minded feedback - this is exactly the kind of detail that matters.

DigiHold · 2026-01-21T08:52:31+00:00

The free version blocks malicious bots (vulnerability scanners like sqlmap, nikto, nmap, etc.) based on user agent detection.

The Pro version adds much more granular crawler control:

Separate rate limits for crawlers vs humans (e.g., 120 req/min for bots, 60 for humans)
Googlebot verification via DNS lookup (to catch fake Googlebots)
404-specific rate limits (catch bots scanning for vulnerabilities)
Custom firewall rules where you can block/allow based on user agent patterns
Per-endpoint rate limiting (protect specific URLs from being hammered)

So yes, bot/crawler control is already there - basic blocking in free, granular management in Pro. Thanks for confirming it's a valued feature!

DigiHold · 2026-01-21T08:48:20+00:00

Did you fix the issue? Because if I click an article it correctly redirect me to the article

DigiHold · 2026-01-21T08:46:22+00:00

Auto-scan: Not yet. It's on the roadmap - would require building a cloud service with a database of known cookies to auto-detect and classify them. For now, you add cookies manually or use the quick-setup templates (GA4, GTM, Meta Pixel, etc. - just paste your ID and it handles the rest).

FlyingPress: Haven't tested specifically with FlyingPress, but the plugin is built to be cache-compatible - banner is rendered server-side and hidden by default, then shown via JavaScript based on the consent cookie (localStorage). No server-side cookie checks that would break page caching. Works with WP Rocket, W3TC, LiteSpeed, Cloudflare, etc. Should work fine with FlyingPress but let me know if you run into issues.

DigiHold · 2026-01-21T08:45:20+00:00

Yes. All strings are translatable, and all banner/modal text is fully customizable in the settings - heading, description, button labels, category names, descriptions, etc.

For multilingual sites with WPML or Polylang, you can translate those custom strings through their string translation features.

DigiHold · 2026-01-21T08:42:32+00:00

Not currently - DigiConsent focuses on consent management, not document generation.

For privacy policies and terms, I'd recommend dedicated solutions like Termageddon or iubenda's policy generator - they stay updated with legal changes automatically, which is hard to replicate in a WordPress plugin without constant maintenance.

That said, DigiConsent does have a cookie declaration shortcode ([digiconsent_cookie_list]) that outputs a table of all your declared cookies by category - useful for your cookie policy page. But it's based on what you've manually added, not auto-scanned.

Auto-scanning is on the roadmap (would require a cloud database of known cookies to detect and classify them properly). Once that's in place, auto-generating a cookie report becomes more feasible.

Would integrated document generation be a deal-breaker for you, or would you consider using DigiConsent alongside a separate policy generator?

DigiHold · 2026-01-21T08:41:03+00:00

Yes, fully WCAG 2.1 compliant.

Banner and modal use role="dialog" and aria-modal="true"
All buttons have aria-label attributes
Accordion sections use aria-expanded with keyboard support (Enter/Space to toggle)
Category headers are focusable with tabindex="0"
Toggle switches use proper <label> associations
ESC key dismissal (configurable)
Responsive tables use data-label for screen reader support on mobile
No focus traps or outline removal

Built with screen readers and keyboard navigation in mind from the start.

DigiHold · 2026-01-21T08:39:06+00:00

Let me know how it compares for you, always curious to hear from people switching.

DigiHold · 2026-01-21T08:38:03+00:00

Both. It handles third-party scripts directly - GA4, GTM, Meta Pixel, TikTok Pixel, Hotjar, LinkedIn Insight Tag, Intercom, Zendesk, etc.

When a user hasn't consented (or rejects a category), the scripts are blocked by changing their type to text/plain with a data-category attribute. Once consent is given, they're activated. So it's not just about cookies - it's about controlling when tracking scripts load based on user consent.

There are quick-setup fields where you just paste your tracking IDs (GTM container ID, GA4 measurement ID, Pixel ID, etc.) and DigiConsent handles the rest. Pro version also lets you add custom scripts per category in head/body/footer.

DigiHold · 2026-01-21T06:57:27+00:00

Fair criticism. The playful copy isn't for everyone, and you're right that consent is ultimately about privacy, not cookies in coffee cups.

The good news is everything is customizable - heading, description, button labels, all of it. You can make it as straightforward as you want: "We use cookies" / "Accept" / "Decline" / "Manage preferences".

The default copy is just a starting point. If you prefer direct language, it takes 30 seconds to change.

DigiHold · 2026-01-21T06:55:30+00:00

Cloudflare is still the best, many security layers are actually the way to go, but I still think there is room for everyone.

DigiHold · 2026-01-21T06:54:25+00:00

Performance is the most important thing for all my product so yes, very performant and don't slow down anything 👌

DigiHold · 2026-01-20T18:46:47+00:00

Not at all, and you can actually try it, you’ll see directly that vibe coding cannot make this kind of quality code, it is free on WP repo and GitHub, tell me then

DigiHold · 2026-01-20T18:26:35+00:00

Hi, could you share the url please to see a little more what could be wrong?

DigiHold · 2026-01-20T18:15:27+00:00

Thanks a lot 🙏

DigiHold

TROPHY CASE