• “cans your WordPress installation for security vulnerabilities and suggests corrective actions.”

    Was that meant to be an April Fool’s joke? Being concerned about security, I downloaded this plugin, ran it, set my permissions to the “suggested corrective actions” and when trying to access my site, all I got were errors. I had to reset my permissions as best as I could and got it to work again.

    Either this is a bad joke or awfully written code by someone who doesn’t have a clue as to what WP permissions should be.

    Gene

    https://www.ads-software.com/extend/plugins/wp-security-scan/

Viewing 15 replies - 1 through 15 (of 49 total)
  • Michael Torbert

    (@hallsofmontezuma)

    WordPress Virtuoso

    What were the problems exactly? What permissions were incorrectly suggested?

    You downloaded a beta version, so before going off, if you’re going to make a comment, make it constructive criticism.

    Thread Starter raygene

    (@raygene)

    The suggested permissions were:

    /wp-includes/ 0644
    /.htaccess 0644
    index.php 0644
    js/ 0644
    /wp-content/themes/ 0644
    /wp-content/plugins/ 0644
    /wp-admin/ 0644
    /wp-content/ 0644

    Kinda hard to make constructive criticism when something fouls up your blog. Thanks to this, I now have to hunt for the correct permissions for my 2.5 installation.

    those are not the correct permissions. and honestly thats kind of a “lame” plugin as all it does is check something that you ought to be able to check since it expects you to change it. If you know how to change permissions, you know how to check them.

    directories == 755
    files == 644

    Its in the codex.

    furthermore, a “plugin” thats beta shouldnt be publicly available, ( and if it is in beta, and you have it publicly available, expect to be held accountable for it, and not to be able to cry “beta!”). If you host a plugin on www.ads-software.com, tolerate the comments or move the plugin. Theres no rule about anything needing to be constructive.

    Thread Starter raygene

    (@raygene)

    Thanks Whooami,

    I was looking at Changing File Permissions and you made things a heck of a lot simpler for me.

    “furthermore, a “plugin” thats beta shouldn’t be publicly available”

    That I do agree with, I am no guru but I did restore my blog by reversing the permissions to what I thought they were before but could you imagine a complete “Newbie” in this type of situation?

    I also assume that the author didn’t bother to read the Codex, where the heck did he come up with 644 for everything (open up his PHP file and you’ll see what I mean)? And yes, he should be held accountable for it and should also expect to be criticized when his “beta” crashes a blog.

    Thanks again, whooami, saved my day again.
    Gene

    Thread Starter raygene

    (@raygene)

    Forgot to mention, the description is quite vague:

    “Scans your WordPress installation for security vulnerabilities and suggests corrective actions.”

    Doesn’t say much, does it?

    Also, the FAQ says:

    A question that someone might have
    An answer to that question.

    What about foo bar?
    Answer to foo bar dilemma.

    LOL! A comedian on top of that… Maybe he missed his real calling?

    37 people downloaded it so far, sure hope they were savvy enough not to do the same I did…

    Cheers,
    Gene

    sure hope they were savvy enough not to do the same I did

    If they did I’m sure we’ll hear from them.

    Thread Starter raygene

    (@raygene)

    If they did I’m sure we’ll hear from them

    LOL! I guess that most were smart enough not to go change their permissions or if they did, didn’t post about it.

    Wonder who the heck gave this an “almost 3 star” rating?

    well, interestingly enough the description of the plugin has changed atleast 2x in the last 4 hours, perhaps, 3 times. Im fairly sure there wasnt an ” in beta” there the first time I clicked, then there was one, and going abck now, it not only says “beta” but “use at own risk”

    lol.

    While I defend the right to complain, bitch, moan, etc after the fact.. I think everything that is downloaded off a web site is used at one’s own risk.

    Michael Torbert

    (@hallsofmontezuma)

    WordPress Virtuoso

    “Beta” was there, I added use at your own risk.

    fair ’nuff, I probably missed it — I wasnt looking very hard, admittedly.

    Michael Torbert

    (@hallsofmontezuma)

    WordPress Virtuoso

    I figured as much. That’s why I went and added the rest of the text, realizing that I didn’t make it obvious enough this was a development version. My appologies to all who messed things up. If anyone needs me to fix their perms, send me an email at michael (at) semperfiwebdesign (dot) com and I’ll take care of it.

    Thread Starter raygene

    (@raygene)

    My appologies to all who messed things up.

    NP but it almost gave me a heart attack. Error pages, blank pages, a real disaster.

    Good luck with the plugin, I saw that you made a couple of updates since, are you now using the Codex’s default permissions?

    Cheers,
    Gene

    yeah..i should have read these comments before using this plugin. and another reason to Always Backup!! Glad I did. I see that there’s a new update avail, but I’m scared…I sure do like the thought of having an app as such! Guess I’ll wait for others to play with it before I take another crack at it.
    GetWitIT

    Michael Torbert

    (@hallsofmontezuma)

    WordPress Virtuoso

    What problem did you have?

    Thread Starter raygene

    (@raygene)

    Yo Michael,

    I’m happy you’re making progress with the plugin…

Viewing 15 replies - 1 through 15 (of 49 total)
  • The topic ‘[Plugin: WP Security Scan] CAUTION: SCREWED-UP MY BLOG!’ is closed to new replies.