In line 104 of /css/admin.css
.last_scan { font-size: 11px; float: right; font-style: italic ; margin-right: }
someone wanted to specify a margin-right property, but never got to it I suppose. This occurs in the latest version 3.4.8.
]]>Hi, thank you for your nice plugin.
I have been testing the latest version running in WordPress 4.6.1. When I run the Core Scanner test it starts correctly but never finishes. All the other test run well and without any issues.
To further test the above, I disabled all other plugins except this Total Security plugin and still it would never complete the scan. It looks like it stays in a never ending loop.
Current server specs.
Let me know if you need me to carry out more test or if you require more information.
Kind regards
]]>The Core scanner is started but is never finished, just executing.
What is wrong?
Hi,
I have spotted several small glitches:
1. There are recurring warnings about fail2 and fail3 variable not defined in class-p2.php
(line 36: $fail_p2_t = $fail2+$fail3+$fail4+$fail5+$fail6+$fail7+$fail8+$fail9+$fail10+$fail11+$fail12+$fail13+$fail14;). This pollutes the debug log.
2. The core scanner always report wp-config-sample.php as modified; maybe because I use the French version and not the English one?
3. When using the Secure hidden login with wordpress in a subfolder, logging out always result in a 404 error, thus polluting the 404 error log.
Best regards,
Alain
]]>Hello
I keep getting these warning in debug mode:
PHP Notice: Undefined variable: fail2 in xxx/wp-content/plugins/total-security/modules/class-p2.php on line 36
PHP Notice: Undefined variable: fail3 in xxx/wp-content/plugins/total-security/modules/class-p2.php on line 36
Is there a setting to get rid of this messages?
Regards,
Alain
]]>Latest version of WordPress and of plugin, PHP 5.4…
When I ran the three scans, the vulnerability scan came up with 4 high risk items (and 4 medium) and the file system scan came up with just 1 high risk.
I fixed the file system issue – a stray file I left during testing. Then re-ran all the scans. Under the File System tab I came up perfectly clean. Likewise Core Scanner.
But in the Dashboard tab I still show the 4 and 4 I mentioned before, AND the 1 high risk file system issue that I resolved, for a total of 5 high risk instead of the 4 it ought to be.
Re-ran all scans a couple of times, no change.
]]>I tried the new version of Total Security just now. Good news is it no longer things every file in the core is suspect.
Bad news is that it’s doing something on my site that it’s been doing for the last two versions:
For “Check if security keys and salts have proper values” Total Security tells me I have “Bad keys” and if I click the fix button it comes back with this dialogue:
Parse error: syntax error, unexpected ‘[‘ in /home/content/44/7512444/html/w2abc/wp-content/plugins/total-security/modules/inc-popup.php on line 170
]]>Hello,
Since upgrading to WP4.5, all WP files appears as unknown files in File System scanner?
Any upgrade on the way?
Regards,
Alain
]]>I have false positives in “Core Scanner” for files:
readme.html
wp-config-sample.php
wp-includes/version.php
Because I’m using a WP install in a language different from English. Those files are officially distributed in translated version.
]]>When option “Hide “wp-login.php” and “wp-admin” folder” is on
all request to wp-admin/admin-ajax.php are blocked. this is common ajax communication url. How you suggest to work around or will you do fix on your side?
Core scanner requires file called hashes-4.4.2
which is not included in the plugin itself.
This results in scan taking forever.
Debug logs:
[03-Feb-2016 21:49:44 UTC] PHP Warning: require(libs/hashes-4.4.2.php) [function.require]: failed to open stream: No such file or directory in XXX/wp-content/plugins/total-security/total-security.php on line 437
[03-Feb-2016 21:49:44 UTC] PHP Fatal error: require() [function.require]: Failed opening required ‘libs/hashes-4.4.2.php’ (include_path=’.:/usr/share/pear/’) in XXX/wp-content/plugins/total-security/total-security.php on line 437
deleted, posted in wrong place, sorry
]]>Currently, I get false positives\ error messages although I deliberately set the settings as they are.
Like: index.php, I purposely added some code. It shows as high risk warning.
Will it be possible to accept current situation and use the current situation as accepted baseline.
]]>I have an Unknown file, which TS found in WP core.
But I’m sure that it is wrong detection, which is spoils all results of TS core scanning.
The file name: wp-admin/.htaccess
I use this file for filtration IP addresses, which I use for allow or deny to login to admin section.
It is possible to use a some exception list? I can’t figure out how I can setup it.
]]>Just some messages that have cropped up. Am using my own error_handler in a sort of debug mode and these came to my attention. Just to let you know:
2015-11-06 18:31:51 [8 - E_NOTICE] : [Undefined variable: no] in file /home/mark/dev/plugins/wp-content/plugins/total-security/modules/inc-popup.php on line 164
2015-11-06 18:31:51 [8 - E_NOTICE] : [Undefined variable: no] in file /home/mark/dev/plugins/wp-content/plugins/total-security/modules/inc-popup.php on line 169
2015-11-06 18:31:51 [8 - E_NOTICE] : [Undefined variable: row_usage] in file /home/mark/dev/plugins/wp-content/plugins/total-security/modules/inc-popup.php on line 184
2015-11-06 18:31:51 [8 - E_NOTICE] : [Undefined variable: data_usage] in file /home/mark/dev/plugins/wp-content/plugins/total-security/modules/inc-popup.php on line 185
2015-11-06 18:31:51 [8 - E_NOTICE] : [Undefined variable: index_usage] in file /home/mark/dev/plugins/wp-content/plugins/total-security/modules/inc-popup.php on line 186
2015-11-06 18:31:51 [8 - E_NOTICE] : [Undefined variable: overhead_usage] in file /home/mark/dev/plugins/wp-content/plugins/total-security/modules/inc-popup.php on line 187Hello,
I installed TS on several sites and on 1 site the Vulnerablility scan will not execute.
Maybe a server setting?
thanks, Zef
]]>Hi
I suggest that there should be an option to ignore the issue next to each. Eg. [ ] Ignore (permissions for wp-config.php).
]]>Hi
I suggest that files have their common paths. Eg “upgrade.php” should be “wp-admin/include/upgrade.php”.
]]>Hi
I renamed “install.php”, as per secure instructions. Now during the file-system scan, that file is listed in the “Unknown file found in WP core” section. That seems counter-productive, what’s the best solution?
]]>Hi
Since WP codex recommends to include “upgrade.php” to execute wpdb’s dbDelta(), I have chosen not to rename or remove the file. When I change the permission as suggested no difference:
“…Check if install.php file is accessible via HTTP on the default location. ?
Check if upgrade.php file is accessible via HTTP on the default location…”
I renamed “install.php”, and that get a tick. Also I changed permissions for each file (600), but “upgrade.php” still fails. I think you simply forgot to check permissions, otherwise please specify the permissions.
]]>Parse error: syntax error, unexpected ‘[‘ in /home/admin/domains/websitename.com/public_html/wp-content/plugins/total-security/modules/inc-popup.php on line 170
What can i do?
]]>Hi.
Does TS works on Nginx?
Nginx not use .htaccess file: https://wiki.nginx.org/LikeApache-htaccess
]]>Check if table prefix is the default one “wp_”. Yes X
This check has always given a false positive. I do not use the prefix “wp_” yet Total Security says I do.
]]>I am using total security in a couple of sites and never had any problems. Today, after I upgraded to 4.2.1 in two sites the core scanner doesn’t stop and has to be aborted after 20 minutes or so … What is going on. Are there errors in my WP installations or can we expect an upgrade of total secutity?
Greetings, Adil
]]>Hi,
When I execute File System, the result found all unknown file from my WordPress in WP core?
My WordPress installation is in its own subdirectory on my website: https://example.com/blog/
Does this could be the cause?
]]>During the creation, WordPress request a database user with all privileges on the database. However, after install is complete, some rights can be revoked without breaking the site.
Maybe the plug-in could check that the db user do not have excessive privileges?
The following rights are more than enough for my site:
When the Core Scanner is checking for modified files, the WordPress installation language should be taken into account.
Presently on my site, all 3 files
are reported as modified because they contains some text in French.
CRC check confirms that are identical to what I downloaded from the official site, so this are false positive.
Otherwise, keep on the good work!
]]>I have installed and run the vulnerability section of Total Security and it advises me to change the following file:
wp-config.php 400 755
However if I chmod that file to 400, then the page will not load (blank screen).
Is that an anomaly with my setup, or does the app have some issues that need to be addressed? It kind of stops my faith in it.
Andy
]]>I added the login key using Total Security to my site (to have a secret login page), and now I’m locked out. It’s not recognizing my password. I went into PHPmyadmin and changed the password, but still no go. And it won’t send me a new one because of the redirect. Can I disable this feature remotely to get back in? Thanks.
]]>I just installed the latest version of your Total Security plugin, and was able to run the Vulnerability and File scans without any problems; but when I run the Core Scan, it never completes. I have been letting it run now for about 20 minutes.
Any thoughts or suggestions?