Yes, I saw and replied to your email. My reply stated that providing a WP admin login, cPanel access and FTP credentials was not necessary and could not possibly be beneficial. Not to mention, a majorly unnecessary security risk. The default support response should never be to request someone send login credentials for every critical access point via email; as an obvious security risk, that should be a worst-case-scenario-ONLY request – certainly not a Step 1 request. And you team has got to find a more secure way of passing that info IF they absolutely NEED that info. Just tell them to use OneTimeSecret or something.
Anyhow, regarding my ticket and my situation….
I noticed after posting here and submitting my ticket that the main WPL plugin page on WP.org actually stated:
Tested up to: 6.4.2
<span style=”text-decoration: underline;”>PHP Version: 8</span>. – however, now it says “7.4 or higher” so I tried again I was able to update the plugin today, so you have obviously resolved the problem.
I’m suprised how poorly this was handled though. When I saw that PHP 8 requirement, after the plugin had JUST recently been updated for PHP 8 compatibility, I assumed your team would know immediately what was wrong and would correct the mistake on their PHP version requirement and announce the patch.
To my surprise, over a day later, I wasn’t contacted with a “OH wow! Our bad! We’re putting out a patch ASAP”. Rather, I was asked to send full backend access to a huge non-profit’s website and server – not through any kind of protected, encrypted process, just via regular old email. Lucky for my client, it was me who had filed the ticket. Had it been one of their office staff, they likely would have naively done exactly what WPL’s Support had requested and replied to the email with every username and password and URL they could find, putting the security of the entire organization at risk.
I haven’t heard from anyone saying it was fixed and the version number is still the same, 4.13.13, so of course the Changelog makes no mention of the problem or the fix. It says Last Updated: 1 day ago though and 4.13.13 was released many days, if not a week, earlier. So, thank you for getting that fixed.
I hope you will also look in to fixing your Support dept’s lack of security with customers’ login credentials and ensure they only request access as a last resort.
