Search the Community

This week we have ProcessWire 3.0.259 which includes several improvements, but my favorite is the addition of a new module type called "CliModule" which is short for "Command Line Interface Module". CliModules are those that provide the option for running from the command line. To list the available actions from command line modules, you can type "php index.php" in ProcessWire's installation directory. If "php" is not in your path, you'll have to type "/path/to/php index.php" instead, or add it to your path. Here's example output on my installation: As you can see above, I've got AgentTools, WireTests and an example "Hello World" CliModule showing the available command line options. If I want to execute one of the commands, then I just type what it indicates. For example, here I will run `php index.php test FieldtypeText` and here's the output: Here's a simple example of a CliModule: <?php namespace ProcessWire; class HelloWorldCli extends WireData implements Module, CliModule { public static function getModuleInfo() { return [ 'title' => 'Hello World CLI module', 'description' => 'Just an example', 'version' => 1, 'cli' => 'hello', // Example: php index.php hello ]; } public function executeCli(array $args) { $command = $args[0] ?? ''; $name = isset($args[1]) ? $args[1] : 'friend'; if($command === 'hi') { echo "Hello there $name!"; } else if($command === 'bye') { echo "Goodbye $name, see you later!"; } else { echo "Specify 'hi' or 'bye' optionally followed by a name"; } } public function getCliCommands() { return [ 'hi' => 'Say hello', 'bye' => 'Say goodbye', ]; } } For more details on the CliModule format, see wire/core/CliModule.php Improvements have continued with the AgentTools module. This week we added: New multi-model support: You can now configure multiple different agents in the module, and choose which one you'd like to use from the Engineer screen. Details New agent-memory support: Now when you make a request of the Engineer, it remembers it for follow-up questions and changes. It keeps a conversation history for context of what you are working on. Details New support for subagents: This enables any of the agents to launch additional agents when/where it helps to do so. For instance, specialist agents, or lower cost agents for simple jobs, and who knows what else. Claude requested the feature and also implemented it, so I'll be interested to see how it gets used. Details New agents configuration screen where you can define up to 10 agents (that's plenty, right?). Details Also new this week is a new WireTests module testing suite for ProcessWire. This first version focuses on testing all of ProcessWire's Fieldtype modules (including a few ProFields ones as well), but it's easy to add tests for any kind of module type. So we'll be adding more tests and improving existing tests as this module moves forward. For details head on over to: WireTests Thanks for reading and have a great weekend!

@zilli I'm kind of just getting started too, as a couple of months ago I knew nothing about Claude Code or Codex or any of the other tools. I also felt overwhelmed which led me to avoid the AI stuff for awhile. Too much noise. But my client started using Claude Code and I started getting interested in it. Start with Claude Code or Codex, they are basically identical. Codex is a better value overall IMO, but Claude might be slightly easier to start with. To get started, install Claude or Codex (use instructions on their site). If using Claude, and you have a choice of "model" choose "Sonnet". Claude's premium model is "Opus" but they don't give you enough usage of it on the $20/month plan. Whereas Sonnet is still very smart and lasts for quite awhile on the $20/month plan. If using Codex, you'll get GPT 5.5 which is their latest model and you get plenty of usage on the $20 plan. That's why I say Codex is a better value. The best way to get started is just start asking Claude or Codex questions about how to do things. Create a hello-world/ directory somewhere on your localhost. If you are comfortable with the terminal, go to the directory and type "claude" (or "codex"). It will ask you to login to your Claude or OpenAI account. Then you are ready to go. If not comfortable with the terminal, then stick to the Claude or Codex desktop apps, which can do just as much and maybe more. Ask Claude or Codex to do something like "create a hello-world.html file" just to get a feel for how it works. Ask it to continue making edits to it just for fun. Once you feel comfortable with this, then you are ready to use it in ProcessWire. No need to start creating any .md files at first. Once you get going, ask Claude when/if you should create a CLAUDE.md file (or AGENTS.md for Codex and others, same thing). These files are really only useful once you are working on an actual project and want to provide instructions in a file that gets read every time, rather than pasting them into a prompt. But technically there's very little difference between providing something in an .md file and just providing it in a prompt, at least until it comes time to /compact or /clear (but you can learn about that later). Both Claude and Codex are already well trained on ProcessWire, and they don't need to read the codebase unless they want to. But I do think it's beneficial to run the latest dev branch version of ProcessWire, which includes documentation for AI agents built in. Installing the AgentTools module will be worthwhile for Claude or Codex to be able to most effectively use ProcessWire's API and use built-in tools for pulling documentation, site/schema maps and booting ProcessWire on its own. You don't need to configure any agents in AgentTools for this kind of usage. Just install the module and tell Claude/Codex to go read the /site/modules/AgentTools/AGENTS.md file, and it will be ready to do anything in ProcessWire. If you later want to add agents in AgentTools, that will let you use Claude/Codex inside of the ProcessWire admin for making edits, creating migrations, etc. But you don't need that to get started. I haven't yet even tried any tools other than just plan Claude and Codex (and AgentTools)--so far I haven't felt like I need anything more. I'm also not using any MCP servers. The others here can better speak to those tools and such. Every morning while making and eating breakfast, I do watch YouTube videos on using Claude and Codex though. It's become part of my boot up sequence. 🙂

Hello Horst, is there an update regarding the OAuth compatibility? We need to connect to an microsoft office mail server which does no longer support basic smtp auth. I saw this issue on your github page: https://github.com/horst-n/WireMailSmtp/issues/22

Hello everyone, We're slowly working through our site and moving things into modules for antarctica.gov.au, in the process we hope to open source some handy things we've built over the years. As we operate in Microsoft heavy corporate environment, we've noticed more and more strange looking links getting pasted into our site. These are Microsoft protected links and are a 'intercept' link that attempts to check the link is legit before letting the user proceed to the original URL. These links get automatically made when a user copies a link from Outlook/Teams/Office. The issue is, these links leak data in the URL parameters, including the email address of who has copied the link! Hence, we wrote two companion modules to find and format these links. First is TextformatterMicrosoftProtectedLinks which formats the links at render time. Second is FormatMicrosoftProtectedLinks which replaces the link with the original URL when saving the page. We provided both modules as it depends on your preference. Some people like to leave the page content as the original (including the protected link), others like to replace this. Let us know if you notice any issues using these modules.

Hello, I have not yet used Codex, but I've been using Claude Code for three weeks, but not yet for ProcessWire projects, but I will surely use it for ProcessWire projects too. I recommend watching some good tutorials first, like: https://youtu.be/uogzSxOw4LU Next, setup the MCP servers you need, I recommend https://context7.com/ and @Peter Knight's PromptWire, and any other MCP servers Context 7 cannot help with. For connecting to systems, I recommend composio.dev Also, do not forget: https://processwire.com/modules/agent-tools/ After you have setup Claude Code in Cursor (for example), just ask Claude whenever you need info on anything. And make full backups regularly, AI can screw things up fast... ;)

Hello, A small utility I built for my own workflow — export any page directly from the editor as a clean Markdown file. Useful for documentation, content migration, and feeding page content to AI tools. GitHub: https://github.com/mxmsmnv/PageMarkdown What it does: Adds an Export to Markdown button to the page edit form Smart HTML conversion — CKEditor content (tables, lists, headings, links, bold/italic) → standard Markdown Supports ProFields: Table, Combo, Repeater Matrix (with type labels and nested structure) Images and files render as Markdown image/link syntax Page references render as links or titles MapMarker, Email, URL, Color fields all handled Configurable: toggle field labels as headings, ignore lists per field/type, datetime format, empty HTML cleanup Requirements: ProcessWire 3.0+, PHP 8.0+ MIT License.

Hello, I need some advice on what is the best option to set permissions for Repeater Matrix. I am using a Repeater Matrix with multiple Repeater Matrix types in a template. The main Repeater_matrix_field consists of around 10 items with image, text fields and various layouts. What I am trying to do is to limit permissions and prevent a user role from editing. How can I restrict access to certain Repeater Matrix types so that all fields are locked except 2 Repeater Matrix types? Is that possible? Repeater_matrix_field structure: 1. Repeater Matrix item: Full size image field 2. Repeater Matrix Item Two Column text fields 3. and 4. Repeater Matrix Item. The only field that the user should be allowed to edit 5. Repeater Matrix Item: Text Teaser fields 6. Repeater Matrix Item: Full size image field 7. Repeater Matrix Item: Two Column text fields What is the most elegant way to set the permissions? Option A. I have looked into RestrictRepeaterMatrix module. However it still possible to modify and delete existing Repeater Matrix types. Option B. Usually I would add a separate field with individual permissions, but adding 2 more Repeater Matrix duplicates seems to be overkill. Also both fields are located in the middle of the Repeater Matrix field. The option to change the item order is essential. I hope this makes sense. I really appreciate any reply.

Version 3.0.161 on the dev branch continues with the updates optimizing our support for the new selector operators introduced in last week's blog post for 3.0.160. Last week I was still kind of figuring it out and the code still needed some refactoring and optimization. This week several parts have been rewritten and it's been improved quite a bit. Though the end result is still very similar to what was demonstrated last week, but now it's a lot more performant and solid. One thing new this week that's also kind of fun: you can now use more than one operator in any "field=value" selector expression, at least from the API side. And it works anywhere that you might use a selector, whether querying the database or something in memory. I think the best way to explain it is with an example. Let's say that you want to find all pages with a title containing the phrase "hello world" — you'd do this using the "contains text/phrase" operator: *= $pages->find("title*=hello world"); But let's also say that if you don't find any matches, you want to fallback to find any pages that contain the words "hello" and "world" anywhere in the title, in any order. We'd use the "contains all words" operator "~=" to do that. So now you can add that operator to the existing one, and it'll fallback to it if the first operator fails to match. So we'll append the "contains all words" operator to the previous one: ~= $pages->find("title*=~=hello world"); Cool huh? But maybe we still aren't finding any matches, so we want to fallback to something even broader. So if the phrase match fails, and the words match fails, now we want to fallback to find any pages that contain the world "hello" OR "world", rather than requiring them both. For that we can use our new "contains any words" operator: ~|= $pages->find("title*=~=~|=hello world"); This example is getting a bit contrived now, but let's say that if we still haven't found a match, we want it to find any pages that have any words starting with "hello" or "world", so it would find pages with words like "helloes", "worlds", "worldwide", etc. That's a job for our new "contains any partial words" operator: ~|*= $pages->find("title*=~=~|=~|*=hello world"); Okay last one I promise—you probably wouldn't stack this many in real life, but stay with me here. Let's say the query still didn't find anything, and as a final fallback, we want it to find any words LIKE "hello" or "world", so that those terms can match anywhere in words, enabling us to find pages with words like in the previous example, but also words like "phellogen", "othello", "underworld", "otherworldly", etc., and that's a job for our new "contains any words like" operator: ~|%= $pages->find("title*=~=~|=~|*=~|%=hello world"); So that looks like a pretty complex operator there, but as you've seen by following the example, it's just these 5 appended operators to each other: *= Contains phrase ~= Contains all whole words ~|= Contains any whole words ~|*= Contains any partial words ~|%= Contains any words like I think a more likely scenario in a site search is that you might stack two operators, such as the *= followed by the ~|*=, or whatever combination suits your need. By the way, you can do this with any operators, not just the text searching ones. But if you didn't read the blog post last week, also be sure to check out the other new operators in addition to those above: *+=, **=, **+=, ~*=, ~+=, ~~=, ~%=, #=. I think these new operators help out quite a bit with ProcessWire's text searching abilities. But there's one thing that's kind of a common need in search engines that's not easily solved, and that's the handling of singular vs. plural. At least, that's a common issue when it comes to English (I'm assuming so for other languages, but not positive?) MySQL fulltext indexes can't differentiate between singular and plural versions of words, so they index and match them independently as completely different words. This can be unexpected as clients might type in "goose" and expect it's also going to match pages with "geese". I've already got something in the works for this, so stay tuned. Thanks for reading and hope you have a great weekend!

Hello. Apparently I have a problem with Tracy adminer. Presently using last PW version + PHP 8.5 in my development instalation. At the time of the problem, I don't know what TracyDebugger version I was using. PHP was 8.0 or lower. The problem: I received an email from the server support, telling something like (translated) "Please be advised that the account ‘rumors.pt’ has been found to be overloading the system. You must urgently check and rectify the website’s security." The site is down (I suppose it is suspended for security reasons). Before asking the server admin to reopen it, I would like to know if other similar cases were reported, and, if that's the case, to have your opinion. Here goes the server's imunify360 log from the server: Malicious Reason Status Actions /home/c0010270/.trash/site.1/modules/.TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed Scan type: background Cleaned 12 days ago Original (infected) file will be removed in 2 days /home/c0010270/.trash/site.2/modules/.TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed /home/c0010270/.trash/site.3/modules/.TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed /home/c0010270/.trash/site.4/modules/.TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed /home/c0010270/.trash/site/assets/cache/FileCompiler/site/modules/TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed /home/c0010270/.trash/site/modules/.TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed /home/c0010270/.trash/site/modules/TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed /home/c0010270/rumor.rumors.pt/site/modules/.TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed Remarks: 1) A (new) similar (copied) development version of the site seems to work ok in my computer. 2) In fact this is the second time a PW site maintained by me goes down, apparently caused by external "interferences". I suppose I have to review the security issues and the rules of access to files and folders (presently 755/644). 3) Probably there is no point in keeping Tracy in a public site. What is the common procedure? Wishing you a fine weekend, Rui VP

Hello @rushy, I think it only matters if you want the correct created and modified timestamp when creating or editing pages. I don't think there are any further implications. You could try this script in your config.php. It worked for me:

Hello, everyone. I was wondering if it wouldn't just be better to switch TinyMCE with SunEditor instead as the "official" WYSIWYG editor of ProcessWire. It's licensed under MIT and it outputs cleaner code. I'm not a developer, so I'm afraid I cannot create a module and implement it myself. I don't need it personally, but I'm sure there are people (clients) who do need a WYSIWYG editor.

Hello. I used to work with TracyDebugger in my development site (Windows 10 home + Wampserver + PHP 8.0.30). When I tried to update the module, I got error "Call to undefined method Tracy\Helpers::getNonce()" I also get in Tracy's report: From there on, I couldn't access anymore any site page. The only solution to keep working was to delete Tracy's folder in module folder. This means I can't even clear database data from this module. Can you figure out what is going on? Thanks in advance, but please take into consideration that I'm not a programmer.

Hello community! I want to share a new module I've been working on that I think could be a big boost for multi-language ProcessWire sites. Fluency is available in the ProcessWire Modules Directory, via Composer, and on Github Some background: I was looking for a way for our company website to be efficiently translated as working with human translators was pretty laborious and a lack of updating content created a divergence between languages. I, and several other devs here, have talked about translation integrations and the high quality services now available. Inspired by what is possible with ProcessWire, I built Fluency, a third-party translation service integration for ProcessWire. With Fluency you can: Translate any plain textarea or text input Translate any TinyMCE or CKEditor (inline, or regular) Translate page names/URLs Translate in-template translation function wrapped strings Translate modules, both core and add-ons Installation and usage is completely plug and play. Whether you're building a new multi-language site, need to update a site to multi-language, or simply want to stop manually translating a site and make any language a one-click deal, it could not be easier to do it. Fluency works by having you match the languages configured in ProcessWire to those offered by the third party translation service you choose. Currently Fluency works with DeepL and Google Cloud Translation. Module Features Translate any multilanguage field while editing any page. Translate fields in Repeater, Repeater Matrix, Table, Fieldset Page, Image descriptions, etc. Translate any file that added in the ProcessWire language pages. It's possible to translate the entire ProcessWire core in ~20 minutes Provide intuitive translation features that your clients and end-users can actually use. Fluency is designed for real-world use by individuals of all skill levels with little to no training. Its ease-of-use helps encourage users to adopt a multilanguage workflow. Start for free, use for free. Translation services supported by Fluency offer generous free tiers that can support regular usage levels. Fluency is, and will always be, free and open source. Use more than one Translation Engine. You may configure Fluency to use either DeepL, Google Cloud Translation, or both by switching between them as desired. AI powered translations that rival humans. DeepL provides the highest levels of accuracy in translation of any service available. Fluency has been used in many production sites around the world and in commercial applications where accuracy matters. Deliver impressive battle-tested translation features your clients can count on. Disable translation for individual fields. Disable translation for multilanguage fields where values aren't candidates for translation such as phone numbers or email addresses Configure translation caching. Caching can be enabled globally so that the same content translated more than once anywhere in ProcessWire doesn't count against your API usage and provides lightning fast responses. Set globally ignored words and text. Configure Fluency to add exclusionary indicators during translation so that specific words or phrases remain untranslated. This works either for specific strings alone, or present in other content while remaining grammatically correct in translation. Choose how translation is handled for fields. Configure Fluency to have buttons for either "Translate from {default language}" on each tab, or "Translate To All Languages" to populate every language for a field from any language to any language you have configured. No language limits. Configure as few or as many languages as you need. 2, 5, 10, 20 language website? Absolutely possible. If the translation service you choose offers a language, you can use it in ProcessWire. When new languages are introduced by third parties, they're ready to use in Fluency. Visually see what fields and language tabs have modified content. Fluency adds an visual indication to each field language tab to indicate which has different content than when opening the edit page. This helps ensure that content updated in one language should be updated in other languages to prevent content divergence between languages. Render language meta tags and ISO codes. Output alt language meta tags, add the current language's ISO code to your <html lang=""> attribute to your templates that are automatically generated from accurate data from the third party translation service. Build a standards-compliant multi-language SEO ready page in seconds with no additional configuration. Render language select elements. - Fluency can generate an unordered list of language links to switch between languages when viewing your pages. You can also embed a <select> element with JS baked in to switch between languages when viewing your pages. Render it without JS to use your own. Manage feature access for users. Fluency provides a permission that can be assigned to user roles for managing who can translate content. Track your translation account usage. View your current API usage, API account limit, and remaining allotment to keep an eye on and manage usage. (Currently only offered by DeepL) Use the global translation tool. Fluency provides translation on each field according to the languages you configure in ProcessWire. Use the global translation tool to translate any content to any language. Use Fluency from your templates and code. All translation features, usage statistics, cache control, and language data are accessible globally from the $fluency object. Perform any operation and get data for any language programmatically wherever you need it. Build custom AJAX powered admin translation features for yourself. Fluency provides a full RESTful API within the ProcessWire admin to allow developers to add new features for ProcessWire applications powered by the same API that Fluency uses. Robust plain-language documentation that helps you get up to speed fast. Fluency is extremely easy to use but also includes extensive documentation for all features both within the admin and for the Fluency programming API via the README.md document. The module code itself is also fully annotated for use with the ProDevTools API explorer. Is and will always be data safe. Adding, upgrading, or removing Fluency does not modify or remove your content. ProcessWire handles your data, Fluency sticks to translating. Full module localization. Translate Fluency itself to any language. All buttons, messages, and UI elements for Fluency will be presented in any language you choose for the ProcessWire admin. Built for expansion. Fluency provides translation services as modular "Translation Engines" with a full framework codebase to make adding new translation services easier and more reliable. Contributions for new translation services are welcome. Fluency is designed and built to provide everything you need to handle incredibly accurate translations and robust tools that make creating and managing multi-language sites a breeze. Built through research on translation plugins from around the web, it's the easiest and most friendly translation implementation for both end users and developers on any CMS/CMF anywhere. Fluency complements the built-in first class language features of ProcessWire. Fluency continues to be improved with great suggestions from the community and real-world use in production applications. Big thanks to everyone who has helped make Fluency better. Contributions, suggestions, and bug reports welcome! Please note that the browser plugin for Grammarly conflicts with Fluency (as it does with many web applications). To address this issue it is recommended that you disable Grammarly when using Fluency, or open the admin to edit pages in a private window where Grammarly may not be loaded. This is a long-standing issue in the larger web development community and creating a workaround may not be possible. If you have insight as to how this may be solved please visit the Github page and file a bugfix ticket. Requirements: ProcessWire 3.0+ UIKit Admin Theme That's Fluency in a nutshell. The Module Is Free This is my first real module and I want to give it back to the community as thanks. This is the best CMS I've worked with (thank you Ryan & contributors) and a great community (thank you dear reader). DeepL Developer Accounts In addition to paid Pro Developer accounts, DeepL now offers no-cost free accounts. All ProcessWire developers and users can use Fluency at no cost. Learn more about free and paid accounts by visiting the DeepL website. Sign up for a Developer account, get an API key, and start using Fluency. Download You can install Fluency by adding the module to your ProcessWire project using any of the following methods. Method 1: Within ProcessWire using 'Add Module From Directory' and the class name Fluency Method 2: Via Composer with composer require firewire/fluency Method 3: Download from the Github repository and unzip the contents into /site/modules/ Feedback File issues and feature requests here (your feedback and testing is greatly appreciated): https://github.com/SkyLundy/Fluency/issues Thank you! ¡Gracias! Ich danke Ihnen! Merci! Obrigado! Grazie! Dank u wel! Dziękuję! Спасибо! ありがとうございます！ 谢谢你

Hello @ all I want to share a new module with you, which makes the creation and validation of forms easy. Take a look at the following example of a simple contact form: // A very simple example of a contactform for demonstration purposes $form = new Form('contactform'); $gender = new Select('gender'); $gender->setLabel('Gender'); $gender->addOption('Mister', '0'); $gender->addOption('Miss', '1'); $form->add($gender); $surname = new InputText('surname'); $surname->setLabel('Surname'); $surname->setRule('required'); $form->add($surname); $name = new InputText('name'); $name->setLabel('Name'); $name->setRule('required'); $form->add($name); $email = new InputText('email'); $email->setLabel('E-Mail'); $email->setRule('required'); $form->add($email); $subject = new InputText('subject'); $subject->setLabel('Subject'); $subject->setRule('required'); $form->add($subject); $message = new Textarea('message'); $message->setLabel('Message'); $message->setRule('required'); $form->add($message); $privacy = new InputCheckbox('privacy'); $privacy->setLabel('I accept the privacy policy'); $privacy->setRule('required')->setCustomMessage('You have to accept our privacy policy'); $form->add($privacy); $button = new Button('submit'); $button->setAttribute('value', 'Send'); $form->add($button); if($form->isValid()){ print_r($form->getValues()); // do what you want } // render the form echo $form->render(); This piece of code creates a simple contact form and validates it according to the validation rules set. Inside the isValid() method you can run your code (fe sending an email) Highlights: 30+ validation types Support for UiKit 3 and Bootstrap 5 CSS framework SPAM protection Highly customizable Hookable methods for further customization Multi-language You can download and find really extensive information on how to use at https://github.com/juergenweb/FrontendForms. Please report errors or suggestions directly in GitHub. Best regards and happy testing ? If you have downloaded the module in the past I recommend you to uninstall the module completely and install the newest version 2.1.14. There are a lot of changes in the new version, so please test carefully.

Hello @Peter Knight To be clear, FrontendForms doesn't send any form data by default – it just checks whether a form is valid or not. Inside the isValid() method, you can send form data — or do whatever you want (e.g., store the values on a page). So it's not a "Email Form" module by default. Informing about what went wrong So in this case, it's a bit more complicated. The validator can only set the form validation to true or false (without sending information to an administrator). Of course, it could happen that a real person uses some characteristics of a SPAM text and the text is therefore declared as SPAM. This risk always exists, but it is very low. For this reason, it is necessary to inform the user about which mechanisms were responsible for the failure of validation. But I agree with you: too much detailed information (e.g., word 1 and word 2 are SPAM words) could give a human spammer too much information. My Opinion: In this case you have to make a compromise. You can't stop SPAMMERS completely. If it's a bot, it should post a fixed text in a text box – it will fail and can't react the way it changes the SPAM text it's going to pass. When you have real human SPAMMERS, it becomes much harder to stop them, because they can react much different than a bot. At the moment, the information in the error message is very general and doesn't contain too much detailed information. Yes the danger is always there, especially with AI - so I guess I leave it general. You can also change the error message to your own by asking the user to call you by phone if the message fails validation. Another option would be to set the threshold lower (e.g. from 50 to 30) so that more SPAM properties are accepted and the entered text is more likely to pass validation. I don't know what the "best practice" scenario is in this case. Maybe someone has an idea how best to deal with messages that have been falsely declared as SPAM, even though they are not.

Hello @Peter Knight At the moment, it stops the successful form submission like any other validator and an error message will be displayed to the user under the inputfield, that the text looks like SPAM with a hint to prevent using to much links to write to much words in uppercase letters using typical SPAM words and so on If a form has too much failed attempts, it will be logged, with timestamp and IP if this security measure was not disabled manually, but not with detailed information. So at the moment it only stops the successful form submission. Maybe the error message is written generally. This could be improved to give more information of what went wrong. Idea: Could be done only via a session I think but I have to try it.

Hello all, Another day, another thread! 😅 So I'm building out a portfolio site bit by bit, and trying to learn how ProcessWire works for clients in the meantime. Below is a screenshot of what a project page might look like. The project header is made with a project repeater and some txt fields. Below this is another repeater (sections) - that's where my project images live. What I'd like to make: a curated gallery page (like a photographer's portfolio page) where I can manually choose images from across my project pages to be displayed in a masonry style layout (e.g. like Masonry.js https://masonry.desandro.com/) I'd like to avoid duplication or double uploads - I'd like to reuse existing project images and keep my setup as fast/light as possible Clicking an image on the gallery should link to the related project Ideally without resorting to third party solutions - could image tags be used like an image reference? I've read a discussion on community requests for something like an image reference field (which would be great) but it looks like this isn't natively supported in PW yet: https://github.com/processwire/processwire-requests/issues/207 I'm wondering if I could use PW's built in image tags or something and then display all of those on a gallery page layout. But I'm not sure if I could grab the related project page links through tags alone? Fyi, I'm also using the PageimageSource module to keep things efficient. https://github.com/nbcommunication/PageimageSource Beginner here, so maybe I'm thinking about this the wrong way. Would be nice to hear your thoughts. Thanks!

I'm trying to work out how to use ProcessWire, but seem to have stumbled at the first. I am copying the steps in the 'Hello Worlds' tutorial here: https://processwire.com/docs/tutorials/hello-worlds/ Having done step 3, when I click view, I don't see the html from the template, I just see the same template as the home page with 'Default content'.

Hello! 👋 I'm thrilled to (re-)introduce WireWall — an advanced security firewall module for ProcessWire that I've been actively developing and refining in production for months. After blocking massive amounts of malicious traffic (99.98%+ on my e-commerce sites) with zero impact on real users, it's time for a refreshed community announcement with all the latest features from v1.3.4. What is WireWall? WireWall turns your ProcessWire site into a secure fortress with enterprise-grade tools: city-level geo-blocking, full IPv6/CIDR, multi-layer bot protection, true stealth mode, rate limiting fixes, and file-based caching that easily handles 1M+ IPs. Key Features (as of 1.3.4) Geographic Control City-level blocking (e.g. Philadelphia, Beijing, Sydney) Subdivision/region blocking (Pennsylvania, New South Wales, Île-de-France) Country blocking (blacklist/whitelist 200+ countries) MaxMind GeoLite2 integration (Country + ASN + City) — 0.5-2ms lookups HTTP fallback (ip-api.com) when MaxMind not available Full IPv6 + CIDR support Bot & Threat Protection Bad bots, scanners, vulnerability tools AI training bots (GPTBot, ClaudeBot, GrokBot, Perplexity, etc.) Fake/headless browser detection (Puppeteer, Selenium, etc.) VPN/Proxy/Tor detection (multi-API chain) Datacenter blocking (AWS, GCP, Azure, Hetzner, etc.) ASN blocking & whitelisting (block/allow entire networks) Security & Rate Limiting Configurable rate limiting with burst handling & permanent/temporary bans JavaScript challenge for suspicious traffic IP whitelist/blacklist with CIDR Priority system — now 16 levels (logged-in users at #3, trusted modules at #2) Stealth & UX True silent 404 mode — plain "Not Found" text (no HTML/branding) Beautiful custom block page with location/IP display Custom redirect or message on block Option to completely disable AJAX protection (fallback for tricky integrations) Performance & Management File-based cache — scales to millions of IPs, no DB overhead Cache UI with stats & per-type clear buttons Detailed logging (city/region/ASN included) Admin area always protected (triple-layer) Real-World Results On production sites (e-commerce + others), WireWall consistently: Blocks 99.98%+ of attacks/scrapers/VPN fraud Zero false positives for logged-in users & legitimate traffic (thanks to priority fixes) Handles spikes without issues after rate limiting improvements Eliminates most cloud-based automated probes Installation (Quick) cd site/modules/ git clone https://github.com/mxmsmnv/WireWall.git Then in admin: Modules → Refresh Install WireWall Configure (start with rate limiting + VPN detection + bad/AI bots) Monitor: Setup → Logs → wirewall Priority System (how requests are evaluated) Admin area → always ALLOW Trusted ProcessWire module AJAX → ALLOW Logged-in users → ALLOW (new in 1.3.4 — unconditional bypass) IP whitelist → ALLOW Allowed bots / IPs / ASNs → ALLOW Rate limiting → BLOCK if exceeded IP blacklist → BLOCK JS challenge → CHALLENGE VPN/Proxy/Tor → BLOCK Datacenter → BLOCK ASN blocking → BLOCK Global rules (bots/paths/UA/referer) → BLOCK Country blocking → BLOCK/ALLOW City blocking → BLOCK/ALLOW Subdivision blocking → BLOCK/ALLOW Country-specific rules → BLOCK First match wins. MaxMind Setup (strongly recommended) Free GeoLite2 databases → fast & offline. See README or https://wirewall.org for setup guide. Requirements ProcessWire 3.0.200+ PHP 8.1+ Resources GitHub: https://github.com/mxmsmnv/WireWall Releases & Changelog: https://github.com/mxmsmnv/WireWall/releases Landing: https://wirewall.org License: MIT (free for commercial use) Why build this? ProcessWire deserved a native, scalable, granular firewall with city-level control, offline capability, and proper exception handling — things missing or hard in other solutions. Happy to answer questions, hear about your security setups, or debug any issues! Feedback from the community has already shaped big improvements (like the recent logged-in & stealth fixes). Best regards, Maxim

Hello @da² Thank you for your detailed explanation! Now I know what your goal is. The first problem by doing additional validations inside the "isValid()" method after all form values are valid is that the form has "status valid" and therefore the form values will be emptied to prevent double form submission. That is the reason why the form is empty. This can be prevented by adding the useDoubleFormSubmissionCheck() method with value false to the form object. The second problem is that the validation of max attempts (if enabled) will be reseted if the form is valid, but it would take further attempts if you are doing additional validations inside the isValid() method. So the max attempts validation in this case does not work. But this can be disabled by using the setMaxAttempts() method and setting the value to 0. So adding additional validations inside the isValid() method is a very dirty solution and the module is not developed to support such a scenario. So the goal you want to achive is very difficult to achive. I am afraid that the module will not be able to solve your problem, but I will wrap my head around it and maybe I have an idea.🤔

Hello @da² I have added a new validation rule that could be interesting for your usecase: uniquestringvalueofpwfield It checks for the uniqueness of a value inside of a specific ProcessWire field. Lets assume you have stored your gaming usernames inside the PW field with the name "gamer_name" which you have added to the user template. Then you could validate the gaming username with the new validator like this: $gamername = new \FrontendForms\InputText('gamername'); $gamername->setLabel('Gamer name'); $gamername->setRule('required')->setCustomFieldName('This gamer name'); $gamername->setRule('uniqueStringValueOfPWField', 'gamer_name', ['user']); $form->add($gamername); As you can see, you have to add the name of the PW-field (= gamer_name) as the first parameter. The second parameter (= the name of the template") is not mandatory, but it makes sense in this case to restrict the search only for entries in the user template. Add this as an array, because it also possible to search in multiple templates). Otherwise the search will be globally on all templates where this ProcessWire field is added. To use the new validator please update to 2.2.13 Best regards Jürgen

Hello @da² looks like it is not so difficult 🙂. First of all I would take a look at the following Inputfield: https://processwire.com/modules/fieldtype-text-unique/ This looks interesting and if it fits to your needs, than add it to the user template in the backend as the field containing the gamer name. Second, take a look at the uniqueEmail or uniqueUsername validators, which are already included in FrontendForms. These validators could be used as a starting point for your own validation rule. Take them as an example to create your own custom rule for gaming names.

Now when they're all pinged, we need to have something for them... Something to do or to write about... Maybe just say hello and share where they're at now...

Hello @da² I have added a new method to trigger an error message to a field manually: setErrorMessageToField() Here is a small example on how to use it: $form = new \FrontendForms\Form('testform'); $form->setMaxAttempts(0); $form->setMaxTime(0); $form->setMinTime(0); $firstname = new \FrontendForms\InputText('firstname'); $firstname->setLabel('Firstname'); $firstname->setRule('required')->setCustomFieldName('The first name'); $form->add($firstname); $button = new \FrontendForms\Button('submit'); $button->setAttribute('value', 'Send'); $form->add($button); if ($form->isValid()) { $form->setErrorMessageToField($firstname, 'This is my custom message'); } echo $form->render(); If the "default validation" was successful, then the error message will be displayed under the "firstname" field in this case. You can use it to make another validations inside the isValid() function to check the submitted form values against other conditions. If the conditions fail then you can output this manually triggered error message like written above. To use the new method, you have to replace the file site\modules\FrontendForms\Formelements\Form.php with the one from Github or you simply add the new function to your Form.php. Please let me know if this helps.