“No False Alarms”

  • Resolved Elliot Sowersby

    (@elliotvs)


    4 years, 6 months ago

    Hi

    The plugin description mentions:

    No False Alarms – Just Genuine Alerts!

The Website File Changes Monitor plugin uses an exclusive smart technology that detects WordPress core updates, plugins and themes installs, uninstalls and updates.

So when you update the WordPress core, install a new plugin, update a theme, or delete a plugin it won’t flood you with hundreds of alerts prompting a false alarm!

    However, I tested it out, and updated a plugin, but still got an email notifying me of the files being modified from the plugin update. Should that not be the case?

    I also uninstalled another plugin, and got an email for that too.

    What I was hoping for is for plugin updates and uninstalls to be ignored, to not get false alarms, so when we get an email, it’s most likely something important and worth checking out.

    Any ideas?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author robertabela

    (@robert681)

    Thank you for using our plugin @elliotvs

    As an administrator ou should know of all file changes that happen on your site, even those done through a plugin changes (install, delete, update). Not all plugin changes are legit.

    The different here though is that the changes through a plugin install/update/delete are grouped together. The plugin tags the file changes, advising you that the reported changes were due to a plugin install/update/deletion.

    We do this so:

    1) You still have the option to review the file changes (not all changes are legit).

    2) It does not alarm the user with a false alarm. Many users are not technical, and they do not correlate 30 file changes with a plugin update. So the plugin makes it very clear.

    Administrators, especially on big websites, are not always involved in day to day running of the websites. So from the security and management point of view, these emails are still very important, as long as the information is clearly presented.

    Hope that helps. Should you require any further information, please do not hesitate to ask.

    Thread Starter Elliot Sowersby

    (@elliotvs)

    Thanks for the reply.

    What I was hoping for is for the “plugin/theme/core updates” that are downloaded from the WordPress repository to be completely ignored (including new files, file changes) created by these updates. Since I was considering using this plugin on lots of client sites, which have plugin updates every week, I’d end up getting spammed with emails for every site, every week, when they are updated.

    So essentially, I was hoping that we’d only get notifications if there are changes to the code outside of the regular “official plugin updates” (meaning it’s more likely to be something suspicious and should be looked into).

    Hope this makes sense. Any chance this would be possible?

    Much appreciated!

    Plugin Author robertabela

    (@robert681)

    Hello @elliotvs

    That is not a good system to have in place, especially from the security point of view. I.e. what if a customer’s website is hacked, and the attacker installs a plugin to create temp users from the repo?

    That is a legit plugin from a legit source, but a malicious intent. What could be somehow good, is to add an option so the plugin does not send emails on plugin updates only. Would that work for you?

    With such an option you’ll still know if someone installs a new plugin, deletes an existing one but you do not get notified when already installed plugins are updated.

    Thoughts?

    Thread Starter Elliot Sowersby

    (@elliotvs)

    Hi @robertabela

    Thanks for the response. Completely understand, yes what I meant was just the “updates”, not actually downloading/installing any new plugins.

    What could be somehow good, is to add an option so the plugin does not send emails on plugin updates only. Would that work for you?

    Yes, this sounds like it would be a great solution, so we don’t get notified for all the plugin updates, but still get notified for new installs, uninstalls, and other unusual file changes

    I guess it would be handy to disable emails for core “updates” too, if possible, though they obviously don’t happen as often.

    Cheers!

    Plugin Author robertabela

    (@robert681)

    Thanks for the feedback @elliotvs

    This is not an easy feature to come up with because it is very difficult to tell what are expected and legit file changes from non legit and malicious ones.

    However, we will certainly look more into this. Please understand that we cannot promise you anything at this time.

    Thread Starter Elliot Sowersby

    (@elliotvs)

    Sounds good, thanks.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘“No False Alarms”’ is closed to new replies.