Shows plugins as new even though they were not

  • Resolved Flexer

    (@flexer)


    2 years, 3 months ago

    Hello,

    The plugin is reporting plugins that were installed before as “This item was added to your site after the most recent scan. We will check for vulnerabilities during the next scheduled one.” This seems random and is happening on a number of sites

    Thanks

    • This topic was modified 2 years, 3 months ago by Flexer.

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support Animesh Gaurav (a11n)

    (@bizanimesh)

    Hi @flexer,

    It appears that Jetpack is not able to establish a connection with your site, and that is because XML-RPC is not responding correctly. You can also see that this file is not loading correctly by loading it in your browser. It currently returns a “403 Forbidden” response. What we need is for this to be accessible so that Jetpack can communicate with the WordPress.com servers.

    The ideal response that we need there is XML-RPC server accepts POST requests only. Check the example here: https://wp.cloud/xmlrpc.php

    As a first step, I’d recommend disabling any security plugins you might have installed. It might also be possible that your hosting provider blocks access to this file. If you don’t find any plugin that may block access to the file on your site, I would recommend that you get in touch with your host.

    Also, please find the IP ranges for the connection between your site and Jetpack/WordPress.com here, and whitelist them for HTTP connection on your site.

    If you’re unsure about this, you may contact your hosting provider; they should be able to help you with this. Please note that these IP addresses could change (or more could be added) at any time. For that reason, we recommend your host uses the machine-readable versions of these IP ranges in JSON or plain text format to automate configuration changes on their systems.

    Once we are able to access your site’s?xmlrpc.php file, the issue should resolve. Let me know how it goes!

    Thread Starter Flexer

    (@flexer)

    Hello,

    In my opinion disabling all security plugins should_not_be the way to go.
    Perhaps a better course of action would be “How to allow access to xmlrpc.php while still keeping security plugins enabled”? [You actually did that afterwards, thank you] Just my thought. I will troubleshoot xmlrpc and will update ASAP.

    [Edit] Added allow from for WordPress.com IP’s as well as changed some WordFence settings.

    I will wait for the next scan and Updated

    Thank you
    Daveed

    • This reply was modified 2 years, 3 months ago by Flexer.
    Thread Starter Flexer

    (@flexer)

    Hello @bizanimesh,

    Thank you for looking into this.

    I have another site with a very similar setup except it has no security plugin currently and https://ENTER-YOUR-SITE-ADDRESS.ca/xmlrpc.php is accessible. But the issue is identical.
    1) Plugins that are not new are flagged as such
    2) A vulnerability is flagged in the list on the left but on the right “No vulnerabilities found”

    Attached is the screen capture https://snipboard.io/ewhkOF.jpg

    THOUGHT: Have you tested the plugin on a LiteSpeed server? Could this be a cache issue?

    I can share the URL privately as a list of all plugin with a potential vulnerability would be insecure.

    • This reply was modified 2 years, 3 months ago by Flexer.
    Plugin Support lastsplash (a11n)

    (@lastsplash)

    Hi @flexer

    Please contact us via this contact form so that you can share the URL of the site where you are experiencing the issue. Additionally, if you can provide a list of plugins that you have installed on the site, that would be helpful for us in trying to reproduce the issue.

    Please include a link to this thread as well as screenshots showing the issue.

    Thread Starter Flexer

    (@flexer)

    Hi @lastsplash

    I have submitted the form;
    The plugin is reporting 3 vulnerabilities now 2 on two sites;
    The vulnerabilities are not listed either on The Health tab or on the plugin screen.

    https://snipboard.io/ktsxIO.jpg

    This site does not have security plugins and xml-rpc is accessible.

    Daveed

    Thread Starter Flexer

    (@flexer)

    Hello

    In regards to this issue of updated plugins being flagged as new:
    You answered me directly that “It’s completely normal since an updated plugin is a new version.” in a private email thank you, BUT

    Several days after these plugins have been updated and several Jetpack protect scans, (August 31 to Sept 5) they are still flagged as still pending
    ===
    This item was added to your site after the most recent scan. We will check for vulnerabilities during the next scheduled one.
    ===
    This includes “Jetpack Protect” itself. (!!??)

    Daveed

    Plugin Support lastsplash (a11n)

    (@lastsplash)

    Hi @flexer

    Since we are helping you over email, please ask your question via email. We’re able to provide a better support experience if we stick to one method of communication.

    If necessary, we’ll come back to this thread and summarize what we find out for anyone seeking support via the forums in the future.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Shows plugins as new even though they were not’ is closed to new replies.