Update Causes Error

Hi,

This is the same issue reported in another ticket.

In this update we removed some files from the plugin and added some new ones therefore most probably during the upgrade some of the old files are not being deleted (because of permissions), hence there would still be reference to the old files.

At this stage you have two options; you either do a manual upgrade or re-install the plugin.

To re-install the plugin without loosing the data:

1. make sure the plugin setting Remove Data on Uninstall
is DISABLED.
so the data is retained.
2. Deactivate the plugin.
3. Uninstall the plugin.
4. Reinstall the plugin.

Do do a manual upgrade you should:

1. Download the latest version of the plugin.
2. Disable the plugin
3. Delete all the plugin files (/wp-content/plugins/wp-security-audit-log)
4. Upload the files from the downloaded plugin
5. Re-activate the plugin.

That should be it. Please keep us updated on the fix status.

Looking forward to hearing from you.

Yes I saw that “ticket” and the answer was as unsatisfactory as it is here. Why oh why must we jump through this hoop to resolve this?

Why did the update not go through properly requiring this much hassle to clean up after you? If you are going to make such drastic changes, then you should show the intelligence of forsight and make sure that you provide a proper trap and report mechanism so that people can fix it as the update is being done, not jump through time waste cleaning up after you because you decided you didn’t care how your changes might be thoughtless and inconsiderate of the multitude of environment they will be run in.

Frankly, at this point you don’t provide me enough value to deal with your non-sense, so thank you for the reply and if it works for others they are welcome to it, but I am done. Thank you.

Hello Guardian,

I am sorry to hear that you are seeing this issue this way, but I think there is a misunderstanding here.

Please note that this issue is NOT a bug in our update (or WordPress) mechanism, but is related to the particular setup you are running.

In this update we removed some files from the plugin and added some new ones. If the setup you were running was configured correctly WordPress would have been able to delete these files automatically and you would have not encountered such problem.

Though because of the restrictive permissions you have on your server WordPress could not automatically delete the files that are obsolete during the upgrade, hence they have to be removed manually, else the plugin won’t work.

Therefore from a plugin developer and as core WordPress functionality there is nothing else we can do better, but to require you to make a manual update.

I am sorry you do not like such solution, and I do understand that this might be an inconvenience for you, but there is not much we can do from our end.

While I hope the above clearly explains the situation, do not hesitate to get in touch in case of any further queries.

For the record, I get what you are saying but to imply that anyone who makes their installation secure and doesn’t leave it open to be manipulated without restriction is running incorrectly configured setup is absurd.

Your claim, “If the setup you were running was configured correctly WordPress would have been able to delete these files automatically and you would have not encountered such problem.”, is not only wrong and ignorant but also extremely insulting.

Your appeal to the lowest common denominator of those who throw a WP out of the box and then leave it to do whatever is poor stability expectation and to consider anything installation that doesn’t allow willy nilly change to core files as being improperly configured to suit your needs, then I proudly say that YES, my setup is incorrect for your no restriction expectations.

If your software only works where there is no initiative taken by the host, then you should note it on your plugin page that if you are not a noob then it won’t work, so we don’t waste time.

Again, I understand your reasoning for why it fails, but to blame it on the user is thoroughly reprehensible. And stop marking it as resolved, because it is ONLY in your mind, not reality. But I am done with it, thank you for making the decision to remove it easy. If I am going to manually clean it up, might as well just clean it out altogether.

It is very disappointing to say the least that something that touts itself as a security tool objects to installations being secure and fails to live up to its intended purpose.

Sorry to interrupt, but your understanding of the situation is wrong @gμ?rD??? .

I understand what you’re saying, that you’ve protected your installation like a fort, but with that is going to come some inconvenience.

The reason why the plugin could not update properly on *your* server configuration is that the permissions were set to *not* allow it at all. This is not the plugin’s fault, not in the least.

Blaming the plugin for not properly updating itself when the permissions *you* have set prevents it, is like replacing your garage door with a brick wall and blaming your car for not being able to leave the garage.

I can understand why you may want to secure your server to such an extreme degree, but please understand that you will likely need to manually update some of your plugins now, among other inconveniences.

Hello Gμ?rD???,

Thank you for your response though please note that:

1. The problem happened because some of the obsolete files were not deleted during the upgrade process.

2. There is no point in blaming the plugin because the upgrade process (when it comes to adding files, deleting files etc) is all taken care by WordPress itself.

3. The fact that the upgrade did not go as planned is because WordPress could not complete the task.

4. WordPress could not complete the tasks because of restrictive permissions.

5. I am not against anyone tightening the security of their WordPress website. As a matter of fact our setup is similar, and we understand that we have to do most of the tasks manually. I don’t expect everything to work on our setup because I understand the implications of running a tight setup.

Therefore to conclude, as James Huff (thanks for your response James) clearly explained, if you want to secure your WordPress to an extreme degree, go for it though please understand that most likely you will need to manually update any plugin (or theme) which needs to delete existing files or create new ones during upgrade.

I trust the above and James answer clearly explain the situation.

First off, I didn’t blame anything other than the mechanism in place that has failed.

@james, you are way off base with your analogy and frankly contribute nothing constructive that would benefit this conversation, despite the admiration of the plugin author.

You know full well that the update mechanism in WP allows for much greater access than regular files in the installation and therefore it would be appropriate expected that despite any permissions, you can handle such file managements without issue. EVERY SINGLE SECURITY PLUGIN, I have installed, except yours, has had NO PROBLEMS in over 5 years of handling my configurations, so the blame is still pretty misplaced.

Thanks again. But instead of whining and blaming the users, actually spend less time booby trapping links in the logs to earn you referral and affiliate credit, spend less time heavy loading and pushing your “premium” services, and actually focus on doing it right, others can, so you should be able too.

despite the admiration of the plugin author.

I’ve never used the plugin and this is the first interaction (if you’d call it that) I’ve ever had with its author.

I just wanted to point out that your excessive security will result in inconveniences, like this. It’s no reason not to do it, you’ll just have to update some plugins and themes manually from now on, and blaming the plugin for that is not productive.

Hello Gμ?rD???,

It seems we are never going to agree on this one so might as well close it here. I cannot and do not want to force you or anyone else to use my plugin and everyone is entitled for an opinion.

Though before I finish my last comment on this thread, I want to point out one thing; the plugin does not have any referrel or affiliate links. Only the plugin’s premium add-ons are promoted without which, the plugin project would not be sustainable.

And if you want to leave this topic marked as unresolved, so be it. Wishing you a good weekend.

You are right, we are done with it. You call it opinion, I call it a valid observation but you have convinced yourself of one thing and nothing is going to change that, so be it. Rigid developers who fail to acknowledge they can do better eventually end up becoming obsolete and disappear, so no worries.

As for your last comment, yes you are affiliate linking all the IPs in the log entry, unless you consider all users idiots, saying you are not is just outright dishonest.

https://whatismyipaddress.com/ip/XXX?utm_source=plugin&utm_medium=referral&utm_campaign=WPSAL

is an example, I don’t have more since I deleted everything but all the links have this format. So, whatever you say. And I will mark it as resolved, because frankly not using it anymore is resolution of sorts.

What Is My IP Address does not have an affiliate program. The URL structure you provided above is campaign tracking via Google Analytics, nothing more: https://support.google.com/analytics/answer/1033863?hl=en

That URL is used for product / feature usage tracking, and the owners of that website are patient enough to compile a report for me and send it to me every few months.

Thank you and have a good day.