• “cans your WordPress installation for security vulnerabilities and suggests corrective actions.”

    Was that meant to be an April Fool’s joke? Being concerned about security, I downloaded this plugin, ran it, set my permissions to the “suggested corrective actions” and when trying to access my site, all I got were errors. I had to reset my permissions as best as I could and got it to work again.

    Either this is a bad joke or awfully written code by someone who doesn’t have a clue as to what WP permissions should be.

    Gene

    https://www.ads-software.com/extend/plugins/wp-security-scan/

Viewing 15 replies - 16 through 30 (of 49 total)
  • Michael Torbert

    (@hallsofmontezuma)

    WordPress Virtuoso

    Thank you. Feel free to email me with any suggestions, bugs, etc.

    Gary

    (@garydouglas)

    Hi guys

    I really like the sound of this plugin but am a little concerned of the problems stated above, Can anyone confirm this plugin is working fine now?

    It works great for me.

    Gary

    (@garydouglas)

    cool ill give it a whirl

    Great Plugin, two concerns to mention though.
    1. after I changed the file permission it didn’t change on the plugin site in the backend.
    2. seems to have a problem with the event calendar plugin and the CSS for my footer. In both cases the font was changed.

    Michael Torbert

    (@hallsofmontezuma)

    WordPress Virtuoso

    genevaeagles,

    Thank you for using my plugin.

    Please start a thread or email me, and describe your situation in more detail. Include your WordPress version, WP Security Scan plugin version, plugins (with links), and browser.
    Almost all of the feedback that I’ve received via email has been very positive. I very much want to ensure that everyone finds this plugin useful.

    Later versions of the plugin include a link to a contact form that goes directly to me.

    So I’m using the newest WP 2.5 version. I saw your Plugin through the new Dashboard function and downloaded the latest version from the WP Plugin repository.

    As soon as I activated your Plugin I checked the security tab in the backend and changed the file permission of the files which didn’t have a proper setting. When I came back to the tab and did a reload nothing changed…even when I did a log out and logged in again…no changes to the persmission statements…even the actual file were changed.

    Going to my front end I figured out that it probably doesn’t work with the Event Calendar Plugin I’m using because the font style was changed and I didn’t do any work on the CSS (the widget I’m using in my sidebar). This also happened with my footer although I don’t see any relation to the Event Calendar Plugin.

    I still have your Plugin but deactivated it for the moment because it messes up those to fonts a bit but would really like to have in activated…because it’s good.

    Hope this helps. Let me know if you need to know anything else.
    Great Plugin!

    Thx.

    i’m a newbie and i know how it is to struggle with wordpress. i’ll be watching this forum and until veteran users say it works great, i’ll just hold on to that download.

    Thread Starter raygene

    (@raygene)

    Michael is constantly updating this plugin. Just wait till it’s stable and I’m quite sure it’ll be a great add-on.

    Cheers,
    Gene

    Michael Torbert

    (@hallsofmontezuma)

    WordPress Virtuoso

    99% of the feedback I get is positive.
    However, you can help by suggesting improvements, new features, reporting bugs, etc. Contact me at any time at semperfiwebdesign.com/contact

    I release updates often to keep this plugin as up to date as possible.

    Thank you to everyone so far who’s given me support.

    I used the plugin as well, but it broke my site in IE once the plugin was activated and then, once I logged out of Admin, I couldn’t get back it..just received MySQL error and had to manually delete the plugin folder via FTP. I will say that when I ran it, it told me that my permissions should the 755, not 644 as ‘raygene’ experienced.

    But the plugin still hosed my site and I had to remove it, bottom line.

    I gave it a go just because Y’all said it broke stuff. (I like to break stuff). If it can be bent, broken, bruised or badly overheated, I’m your boy.

    As long as you use it, consider the results, and then deactivate it, it doesn’t seem to break anything, (I feel a little cheated), but it didn’t tell me anything I wasn’t already aware of either. If you leave it activated and then log out and try to view your site, (IE7 and Firefox), it 404’s “like Grant took Richmond”… figuratively speaking… but I had no problem logging back in. In all fairness, I tested version 2.2.56.14. Perhaps the future features will be more informative. Looks interesting enough.

    Michael Torbert

    (@hallsofmontezuma)

    WordPress Virtuoso

    touchnova and ClaytonJames,

    You are the exceptions. Most people have no issues with the plugin in the current version.
    Everyone who has emailed me that something didn’t work in the current version also sent me their server settings. They almost always have uncommon or incorrect server settings.

    Anyone who has an issue with the plugin, please email me and I will take a look.

    I upgraded to the latest version with the same results. Here is the only information output I can see, that may contain a common variable that causes the 404 symptom.

    # Operating System : Linux
    # Server : Apache
    # Memory usage : 9.23 MByte
    # MYSQL Version : 5.0.22
    # SQL Mode : Not set
    # PHP Version : 5.1.6
    # PHP Safe Mode : Off
    # PHP Allow URL fopen : On
    # PHP Memory Limit : 32M
    # PHP Max Upload Size : 2M
    # PHP Max Post Size : 8M
    # PHP Max Script Execute Time : 30s
    # PHP Exif support : Yes ( V1.4 )
    # PHP IPTC support : Yes
    # PHP XML support : Yes

    The only other constant, is that this is an upgrade to WP 2.5, and not a clean install. Frankly, I don’t view it as a problem. Why would you need or want, to leave the plugin activated after viewing and acting on the information it provides anyhow? I’m still more interested to see the implementation of the future features than in the info it currently provides. Either way, it’s not really an issue for me.

    Peace!!

    Michael Torbert

    (@hallsofmontezuma)

    WordPress Virtuoso

    ClaytonJames,

    First, I want to clear up your misconception. WP Security Scan (assuming you don’t receive any errors) needs to be left activated. It doesn’t just provide information. In the current version, it hides your WordPress version and turns of database errors, both of which are vital defenses against attacks.

    I would like to debug why you are receiving 404 errors. I’ve not had anyone else report this. Please email me with the URL to your website and a list of plugins installed/activated.

Viewing 15 replies - 16 through 30 (of 49 total)
  • The topic ‘[Plugin: WP Security Scan] CAUTION: SCREWED-UP MY BLOG!’ is closed to new replies.