fopen required?

  • Resolved weblink

    (@weblink)


    3 years, 5 months ago

    I was excited to find this plugin to block bad robots. But now I see in my error log that fopen is required. A security plugin that requires fopen? I learned that that is a security risk in itself?
    >>>failed to open stream: no suitable wrapper could be found
    >>>https:// wrapper is disabled in the server configuration by allow_url_fopen=0

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support amanbv

    (@amanbv)

    Hey!

    Thank you for your email.

    We need to use fopen for syncing and doing configurations on your site and then run extensive scanning on our servers. Without fopen, we won’t be able to provide security because we would not be able to sync the website data to our servers.

    We can assure you that fopen is using only in authenticated requests. We have a symmetric authentication system in place which makes sure that only our servers can communicate with our plugin.

    Regards,
    Aman Kedia

    Thread Starter weblink

    (@weblink)

    Thank you for your response. If I enable fopen, it is available to everyone, not only to your plugin. I am not a security expert but whatever I read about fopen is not to enable it because of the risks. Your nonchalant response surprises me – a lot. I have used your malware removal service in the past and I was extremely pleased with the service. However, this discussion makes me wonder.

    • This reply was modified 3 years, 4 months ago by weblink.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘fopen required?’ is closed to new replies.