Can you add support for export/import settings?

  • Resolved noahj-champion

    (@noahj-champion)


    9 years, 5 months ago

    Hi,

    Maybe it is just me. But when your plugin first came out, around 600 installs, I started using it.

    Since then I tried other security solutions after the multiple email notification issue I had (you may recall) ??

    But there are so many steps to setting up the Sucuri settings that doing so itself starts to quickly feel tedious.

    Here are 2 things that could help with this, and again maybe it is just me so I though to ask since coming back to your plugin I see it hasn’t bee implemented (and I really thought it naturally would be).

    1. The option to make multiple change and “Apply All Changes” in one saving action.
    – Right now having to make each change individually is just mind boggling to me.
    – Is this on the radar or am the only one to bring it up ?? ?

    2. The other option, probably easier would be to export my settings so I can import those into another site.

    Thoughts?

    https://www.ads-software.com/plugins/sucuri-scanner/

Viewing 5 replies - 1 through 5 (of 5 total)

  • +1 to this

    I am looking at having to deploy the Sucuri plugin to nearly 100 sites. Deployment is easy via ManageWP.

    But configuration of each site is incredibly tedious and time consuming.

    I have thought about this multiple times in the past but have not decided to implement it yet. Any action that interacts directly with the database may become a target for attacks. I could easily write the code to power the export of the settings which by itself should not affect the security of the website, but when I start thinking about ways to import the data to another website in a safe way I get multiple ideas of how a malicious person could benefit from this to inject malware in the database; this is why I have not implemented this feature yet.

    I have this in my TODO list, if I get an idea of how to import the data in a safe way I will implement it, but for now I will have to keep this in my backlog.

    Thread Starter noahj-champion

    (@noahj-champion)

    Hi, thanks for the update and details as to why Yorman!

    I appreciate it and I understand why this hasn’t been implemented yet.

    Just a thought throw off here, maybe an online account where users could import or set their settings and be able to connect the plugin to their online account, which could download the plugin settings for their install from there.

    I was just thinking of something that may take the whole experience outside of WordPress so maybe the security issues that come to mind don’t exist (if that isn’t something you have thought about). So then settings data couldn’t be imported by hackers unless tied to the online account as any other method to interact with the Sucuri plugin would be invalid.

    I have a similar request. I’m using Duplicator Pro plugin to duplicate my staging WordPress instance to production instance. When I restore the backup to the new WordPress instance, everything comes over fine except I need a new Securi Security scanner key and all of the settings reset back to default. I assume there is still no export/import process. Is there a reason why a duplicated site trips up and needs a new scanner key and restores to the default settings?

    Thanks…

    Feature implemented with commit #e30de5a [1].

    You will find a section named “Import and Export Settings” in the general settings page. The data is manageable using the JSON format. The options that can be imported are manually whitelisted, this prevents malicious people to inject arbitrary settings to the website.

    The feature will be available in the next version of the plugin.

    [1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/29/commits/e30de5a

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Can you add support for export/import settings?’ is closed to new replies.