Hi,
Love the idea of WP Fingerprint, but unfortunately it constantly flags premium plugins that we know are safe and have used for many years. We’ve gone so far as to delete them several times and re-install them, but they always get flagged.
Is there any way to disable the Fingerprint check for certain plugins? Or at least to hide the large error messages that displays under the plugins?
Thank you
wp fingerprint is making requests for files that don’t exist, all of which are .json files
example…
https://downloads.www.ads-software.com/plugin-checksums/upgrade-for-unattach-re-attach-media-attachments/.json
https://downloads.www.ads-software.com/plugin-checksums/goodbye-captcha/.json
https://downloads.www.ads-software.com/plugin-checksums/simple-basic-contact-form/.json
]]>
i see there’s an options.php among the files, but i’m not seeing any options in the WP backend
documentation is lacking, so i have questions…
1. what files are excluded from scanning? i assume everything in /uploads, .htaccess, what else?
2. what triggers scanning? how often are scans run?
3. there doesn’t seem to be any notifications – i installed it and… nothing, but when i visited the plugins page, i see 2 notices of file changes (both expected in my case)
4. how is the admin notified? is it supposed to send mail?
]]>Hi, Thank you for this great plugin.
Following up this
https://www.ads-software.com/support/topic/initial-feedback-2/
Is the new version with the little icon ready yet?
Also, I saw on your website https://wpfingerprint.com/why/
this:
”
What data do you collect and store?
First and foremost we’re here to help increase security and awareness. We’re not here to scoop up all your private data. We store only what we need to help keep your site safe. We store the following data:
* your domain name
* a list of the plugins you have installed
* the versions of those plugins”
I can understand that you get the information to check the plugin, but why do you need to store the domain name?
How long is that information stored?
How can we ask for removal of that information?
Thanks
]]>Hi Tim,
I noticed a PHP notice in my log files when I turned on debugging on a site.
[23-Aug-2018 09:00:46 UTC] PHP Notice: Use of undefined constant checksums – assumed ‘checksums’ in /var/www/example.com/htdocs/wp-content/plugins/wp-fingerprint/inc/class-wpfingerprint-plugins.php on line 60
Always followed by
[23-Aug-2018 09:00:46 UTC] PHP Warning: Illegal string offset ‘wp-fingerprint’ in /var/www/example.com/htdocs/wp-content/plugins/wp-fingerprint/inc/class-wpfingerprint-plugins.php on line 60
This happens for each plugin installed.
The patch to fix it is here https://git.pub/snippets/17
If you get your Github repo up I could submit a Pull Request.
]]>This would probably fit best in the reviews but as I’ve only just started using it, I thought that would be premature.
Anyway, it would be great to have some kind of visual indicator that something is happening once the plugin is active – I can’t see any settings or anything changed at all on my site to indicate it’s doing anything at all right now.
Also, are you planning on using your Github repo (https://github.com/34sp/wp-fingerprint) as that, too, would have been a good place to have asked this question ??
Thanks.
]]>