whitefirdesign
Forum Replies Created
-
Forum: Plugins
In reply to: [DW Question & Answer] spammers were subscribing to to get messages sent outThat might a be a phishing email, as the text matches the text recently being used by phishing emails sent to appear as if they were coming from Bluehost support. If that is the case the link after the text “To activate your account, please visit our BlueHost account reactivation center. Use the link below:” would actually go to a domain name other than bluehost.com though it would appear otherwise by starting “http://my.bluehost.com.”. You should also be able to confirm whether that is a phishing email by contacting the real Bluehost support and asking if they contacted you about such an issue.
This plugin doesn’t update the plugins itself, it turns on automatic background updates for plugins. As far as we are aware all updates for plugins will be applied by that.
Forum: Plugins
In reply to: [Automatic Plugin Updates] Plugin rulesDisabling updates for a specific plugin is working fine for us and we haven’t had anyone else mention having an issue with it. If you can provide us with reproducible steps to recreate this happening we can troubleshoot things further.
Forum: Plugins
In reply to: [Automatic Plugin Updates] Email sent without any plugin updatesThis plugin just turns on automatic background updates for plugins. The updating, which is where you are having the issue, is handled by WordPress, so we can’t really provide any insight on how to resolve an issue with that beyond pointing out that on the last line of that email WordPress is providing information on the error occurring.
Forum: Plugins
In reply to: [Automatic Plugin Updates] Not working ! NO SUPPORT HERE ANYMOREYour first screenshot shows you have disabled the automatic updating of the plugin EWWW Image Optimizer in our plugin’s settings and the second shows that EWWW Image Optimizer is not up to date, which would be the case if our plugin was correctly making sure that plugin is not automatically updated. So what is it that you think isn’t working?
Forum: Plugins
In reply to: [Display Widgets] Display Widgets Plugin v2.6.3.1 Includes Hacking Code@karks88
Unfortunately the problem here doesn’t seem to be finding a solution for this type of situation, it is getting the people in charge to finally properly address the issue and implement one or more of the existing solutions.One option is for the people running the Plugin Directory to release a new secured version of the plugins, which for this plugin could be done by simply re-releasing the version prior the new developer taking over, with a new version number. They have released new versions to resolve security issue very infrequently, while they claim to be doing it on a wider basis. Once when we brought up that it wasn’t being done in situations it should have in thread on this forum and our reply was deleted, so it appears they are not interested in even discussing what is really going on with this. We have also offered to help them to handle putting together fixed version, but we haven’t gotten any response. Based on past experience, what seems to determine if they will release a new version is if the security issue is receiving press coverage, so if you can get some for this they might take action.
A second option is for WordPress to warn when removed plugins are being used on websites and provide at least a basic explanation of why it was removed, which is something we have been trying to get implemented for over five years. At various times the response has been that it is something that is going to be done, while other times the response is that it would put websites at more risk to do that, so it isn’t clear what is going on. It would be great if Wordfence would get behind this effort instead of only being interested in using the issue to get people to use their plugin.
Forum: Plugins
In reply to: [Automatic Plugin Updates] When does it updateThis plugin just turns on automatic background updates for plugins, so WordPress handles the actual updates, not the plugin. If you can point to some issue with the plugin we can look into that, but it is likely the issue is occurring within WordPress and not the plugin.
You wouldn’t receive any emails if the updates are not happening, since those are sent by WordPress when the updates happen.
Forum: Plugins
In reply to: [Automatic Plugin Updates] My theme is updating every single dayWe are not sure what the relevancy to our plugin this is supposed to have since the plugin only activates automatic updates for plugins, but it looks like the issue is related to the error message shown:
[fs_unavailable] Could not access filesystem.
So we would recommend you look further into that.
- This reply was modified 8 years, 9 months ago by whitefirdesign.
Forum: Reviews
In reply to: [No Longer in Directory] Not workingIt sounds like you are confused about how this plugin works, as it lists if installed plugins have been removed from the Plugin Directory, not that they exist in it.
What you are showing there looks to be intentionally adding JavaScript code (through a tag) to a page. As long as you are logged in as an Editor or Administrator level user when doing that, it wouldn’t be a vulnerability, since users with those roles are permitted to do the equivalent of cross-site scripting (XSS) due to the unfiltered_html capability.
Forum: Fixing WordPress
In reply to: Malware warning – what to do?Sites like Sucuri and Unmaskparasites scan the website from the outside, so at best they can only detect malicious content being served by the website and therefore they can’t be used to rule out the possibility of malicious code in files on a website.
Based on the fact that that your web host detected malicious code in the functions.php file for numerous themes, it seems unlikely that this is a false positive as they shouldn’t all contain code that leads to a false positive. It is fairly common for hacks of WordPress websites to add code to that file in the themes installed on the website. Following barnez’s advice you should be able to take a look at one of those files and see if there has been some code added to it.
Forum: Fixing WordPress
In reply to: WP got hacked several times – how to clean and secure?In line what was mentioned before, it likely is that either the original hack hasn’t been fully cleaned up or the vulnerability that allowed the website to be hacked in the beginning hasn’t been fixed and that is allowing a hacker back in or allowing additional hackers in. So in addition to cleaning up the files, you would want to try to determine the source of the hack(s) and fix that.
Potentially any file that is loaded during the generation of front end pages could contain the code causing the unwanted content, which means a lot of files could be the cause. If you do a file comparison between the files on the website and a freshly downloaded copy of the relevant software you should be able to find any code added to those files.
Forum: Plugins
In reply to: [No Longer in Directory] Add Email Notification?This plugin has only ever intended as a stop-gap until WordPress properly resolves the lack of notifications for removed plugin, so this isn’t a great idea for a plugin since everyone should be notified when they are using plugins that have been removed from the Plugin Directory for security issues instead of just those that happen to use a plugin. Otherwise websites are going to continue to be hacked when those hackings could have been prevented by WordPress acting responsibly.
Seeing as this plugin only provides a limited version of the needed functionality, it would make more sense for the issue to finally be properly resolved by WordPress and then plugins (whether new or existing) could provide an email alert based on that, instead of adding more functionality to a plugin that shouldn’t have needed to exist in the first place.
Forum: Fixing WordPress
In reply to: Site hacked and unable to log inIf what you can’t log in to is WordPress, the various methods you can use to reset the password are discussed here, including ones that don’t require knowing or having access to the email address used.
Forum: Plugins
In reply to: [Plugin Vulnerabilities] List Vulnerabilities for Old Versions Not Installed?It isn’t quite clear what you are referring to, but on the plugin’s page if the vulnerability isn’t in the currently installed version of the plugin it is listed under the heading “Installed plugins that have known vulnerabilities in other versions of the plugin:” already. The versions that are vulnerable are also included in the vulnerabilities listing.
Knowing if other versions are vulnerable can be important. Let’s say you are cleaning up a hacked website where the plugins have not been updated in some time, which in our experience is often the case. Knowing that the vulnerability only existed in newer versions than the one installed would allow you to rule out the vulnerability as the source, whereas if it wasn’t listed, you wouldn’t know that the vulnerability was in the data set. It also would be useful if the plugins have been updated before you start dealing with the hacked website, since knowing that a version that might have been in use before had a certain vulnerability could indicate a possible source of the hack.