@davina14
The irony is that I think the warning is supposed to show unregardless type of FCD scan. However due to a bug the warning would normally only show after a manual FCD scan.
So the warning now showing up in your env after a scheduled FCD scans as well actually fixes that bug …
Somehow it started working in your env the way is was designed to work in the first place.
(There is still the issue that the warning gets displayed unregardless the FCD scan result … remember the false positive I mentioned in my previous update).
You could argue that a dashboard warning is not necessary for a scheduled FCD scan because there is already an email notification send (which by the way is NOT send for a manual FCD scan by design).
But that email might never arrive (for whatever reason) or you disabled the Email File Change Notifications setting or you delete the email quickly after reading it and then forget about it. In these situations it’s still very usefull to also get the warning displayed after logging into the WP Dashboard …
The View Logs button included in the warning will also allow you to jump straight to the Logs page and check the file changes …
I got curious and could not help myself from taking a look at the relevant FCD scan code. Here it is:
if (
function_exists( 'get_current_screen' ) && // First condition
( // Start second condition
! isset( get_current_screen()->id ) ||
false === strpos( get_current_screen()->id, 'security_page_toplevel_page_itsec_logs' )
) && // End second condition
isset( $this->settings['notify_admin'] ) && // Third condition
true === $this->settings['notify_admin'] // Fourth condition
) {
add_site_option( 'itsec_file_change_warning', true );
}
There are 2 important things to notice:
-
1. There is no condition that explicitly checks the FCD type (manual or scheduled).
This confirms the warning is supposed to show unregardless FCD type.
-
2. I did a quick test and it turns out a scheduled FCD scan will normally not pass the first condition. The get_current_screen() method does not exist during a scheduled FCD scan … (bug).
So somehow in your env the get_current_screen() method does exist during a scheduled FCD scan … and it will easily get past the other conditions.
So theoretically it is very well possible that a newly added plugin includes the WP file that defines the get_current_screen() method because that plugin needs something which is also defined in that file. As a side effect the scheduled FCD scan is able to pass the condition which it would normally not be able to pass.
You could try and temporarily deactivate, one by one, any recently installed plugin(s) and see whether the warning reverts to its previous behaviour.
The sole purpose would be to identify the plugin that affects the iTSec plugin FCD scan warning behaviour.
In the end I would not worry about the warning getting displayed.
To fix the other (false positive) bug simply replace your class-itsec-file-change.php file with this file (iTSec plugin release 5.0.1 only).
First rename the existing class-itsec-file-change.php to class-itsec-file-change.php.new and then simply copy the download file into the better-wp-security/core/modules/file-change folder while renaming the file to class-itsec-file-change.php (It’s a fake .zip file to facilitate the download).
After applying the fix you should only get a warning displayed when there are actually file changes detected.
I’ve tested the fix and it works perfectly.
Keep in mind the fix will get undone as soon as you update the iTSec plugin to the next release.
Based on my findings I don’t expect reinstalling the iTSec plugin will bring it back to working the way it did before … but you never know.
It works better now so I see no reason for un\reinstall …
I also don’t see why you should consider any other Security plugin.
I use the Sucuri Security – Auditing, Malware Scanner and Security Hardening plugin and the iTSec plugin concurrently.
Keep in mind, every (free) WP plugin has its quirks …
dwinden
