WordPress.org

Ready to get started?Download WordPress

Forums

Acunetix WP Security
[resolved] Acunetix WordPress security plugin broken (18 posts)

  1. marev
    Member
    Posted 6 months ago #

    Does not appear in the administration panel, all the suggested fixes at

    http://wordpress.org/support/topic/administration-4?replies=7#post-4646053%29

    have been tried to no avail

    http://wordpress.org/plugins/wp-security-scan/

  2. Aksam Zarook
    Member
    Posted 5 months ago #

    It is working now.

  3. marev
    Member
    Posted 5 months ago #

    Could you please elaborate?

    According to the Plugin author on the above link the package broke on some systems because of explicit changes in v 4.0.1. Since there is no new version of Acunetix WP Security available it is not really clear how it could start working (on the systems where it is broken) again.

  4. WordWeaver777
    Member
    Posted 5 months ago #

    Hello,

    I am also having some problems with your plugin which I would like to bring to your attention. More specifically, these problems occur on the WordPress Scanner page.

    1. Although I have now removed the "readme.html" file from my blog directory, even when I did have it there, the page was reporting "Not Found" under "Current Permissions".

    2. For the "wp-config.php" file, under "Path" it is saying "Not Found", and under "Current Permissions" it also saying "Not Found".

    3. For the "wp-admin/.htaccess" file, under "Current Permissions" it is saying that it is 0755, when I am absolutely certain that it is already set to 0644, because I use a third party program to set permissions on my server, and I have physically verified that the permissions are set to 0644 by doing a "Get Info" on the actual file, and it is set to rw-r-r.

    4. Even when I click on the "Apply suggested permissions" button, the resulting message is "Successful changes: 0, Failed: 9". I am assuming that this is because I have already manually set all of the files to your suggested permissions. However, even after pressing the button, it still claims that wp-admin/.htaccess is set to 0755, when it isn't.

    5. When I visited the plugin's "Dashboard" page, some of the alerts were set back to red, even though I fixed them all earlier today. Thus, I had to fix them all again.

  5. Acunetix
    Member
    Plugin Author

    Posted 5 months ago #

    Hello, WordWeaver777

    Thank you for your interest in our plugin and for your feedback, much appreciated.

    We are aware about the issues with the current version of the plugin and we are working now on preaparing the new version, 4.0.2, for release.

    1) At the moment, we will display that information even if the file is missing, now we'll take that into consideration and omit it if the file doesn't exists.

    2) We know about that too, that was a misconfiguration in the plugin file, it has been fixed in the new version

    3) On all our tests we have use the test website's CPanel for comparing the file permissions, so I don't know if the third party program you are using is doing right the permissions change. you could just as easily test it using your website's CPanel and right clicking on the given file and selecting the file permissions from the context menu.

    4) In that case, it seems that the user under PHP process is running doesn't have the rights to modify those files' permissions.

    5) The alerts displayed in the dashboard page are the result of settings ticked in the settings page. I'm not sure what happened there, but after you select the settigns you want to apply form the settings page you'll have to click the "Update settings" button. For the settings to be remain enabled, the plugin must not be deactivated. If that happens, you will lose those settings so you will have to re-enable them.

    Hope this helps!

    Thanks again for the feedback!

    Regards,
    Costin

  6. WordWeaver777
    Member
    Posted 5 months ago #

    Costin,

    Regarding #3 above, I use a very reliable, stable program called "BatChmod" which is a front end of the usual terminal commands. If BatChmod was the problem, then it would not be making the file permissions modifications on all of the other files that you list on the "Scanner" page. However, BatChmod is in fact changing them correctly.

    It is only on the ".htaccess" in the "wp-admin" folder where "Scanner" is misreporting the file permissions. To reiterate, BatChmod is in fact setting the right permissions on the ".htaccess" file, because I visually verify it by doing a "Get Info" on the ".htaccess" file.

    Regarding #4 above, I am the only administrator on my machine, and the only owner/administrator of my blog as well. I am a Macintosh user. The problem may possibly be that it is failing because there is no way to enter the admin password -- of the machine -- when trying to use the "Apply Suggested Permissions" button on the "Scanner" page.

    In other words, with BatChmod, whenever I want to change file permissions on a single file, a folder of files, or a folder which contains many subfolders of files, BatChmod requires that I provide my admin password. This is a standard security procedure for making changes on a Mac OS X machine. Installing new programs is the same. The admin must provide his password before a new installation will be permitted.

    So to reiterate, it may be because there is no opportunity to enter the admin password, that the "Apply Suggested Permissions" button is not working.

    Regarding #5 above, the alert settings have been sticking for several days now since I fixed them. I am not sure what happened there, but they are working now, except for the "Clearing the content of the "readme.html" file from the "root" directory is disabled." option, which remains yellow.

  7. Acunetix
    Member
    Plugin Author

    Posted 5 months ago #

    Hello, WordWeaver777

    I wasn't saying the software was bad, I just wanted to make sure you double checked :)

    Thank you for your feedback, it really helps.

    We have released the updated version of the plugin, 4.0.3, can you please check and see if this issue persists?

    Thank you

    Regards,
    Costin

  8. Acunetix
    Member
    Plugin Author

    Posted 5 months ago #

    As these issues are related to the previous version of the plugin: 4.0.1, I will close this tread.

    Thank you for your understanding.

    Regards,
    Costin

  9. WordWeaver777
    Member
    Posted 5 months ago #

    Hello Costin,

    You will be happy to know that your plugin version 4.0.3 is now properly reporting all of the file permissions.

    However, the "Apply Suggested Permissions" button is still not working properly. It says failed and zero changed.

    I thought that this might possibly be because all of the files were ALREADY set to the suggested permissions by BatChmod. If this were the case, then your plugin should report that the files are already set to the proper permissions and do not need to be changed.

    However, to test this theory, I put a copy of the readme.html file back into the top level blog directory, set its permissions to 644, and rebooted my web server.

    Even though the readme.html file was set to 644, and not to your suggested 400, when I clicked on the "Apply Suggested Permissions" button, is still said failed and zero changed, when it should have at least said one file changed; that is, the readme.html file.

    On the alerts page, all alerts remain green except for "Clearing the content of the "readme.html" file from the "root" directory is disabled.", which remains yellow, even though I have that option checked on the settings page.

    Changing the "Scanner" option to "WP Info" threw me off. Personally, I prefer that option to say "Scanner", as that is a more accurate description of what is on that page.

    The WordPress File Scan page is not working. Regardless of what time frame I set it to -- even if I set it back to a month -- it gives the error message "Internal Error: could not retrieve the ID for the last added scan."

    Well, obviously, if this is the first time that I am using that function, there is not going to be an ID, right?

    Also, next to Scan State, it continues to say none.

    I hope this helps.

    Thank you.

  10. Acunetix
    Member
    Plugin Author

    Posted 5 months ago #

    Hello, WordWeaver777

    Thank you for your feedback.

    I am glad to hear the new verion of the plugin is working on your end, as regarding the other issues, let's tackle them one by one:

    1) The "Clearing the content of the "readme.html" file from the "root" directory is disabled." alert is a result of the "Empty the content of the readme.html file from the root directory" option from the settings page. If this option is checked then the plugin will try to delete all the content from that file. If the user under which the PHP process is running on your server has the permission of performing this operation then the readme.html file will be cleared out and the alert will be showing as green in the dashboard. Otherwise it will show up yellow.

    2) As regaring the permissions set for the readme.html file, the success/fail rate is calculated internally by the plugin, when it will try to apply the suggested permissions. If you would like to test this feature out yourself, you can create a test.php file on your server and put this in it:

    <?php
    	error_reporting(-1);
    	ini_set('display_errors','on');
    	if(chmod('readme.html', '0400')){
    		echo "Changing file permissions to 0400 for readme.html file: success";
    	}
    	else { echo "Error changing file permissions to 0400 for readme.html file"; }
    	exit;
    ?>

    now open this file in your browser and see what message you receive.

    3) We have decided to rename that menu item to WP Info because having "Scanner" and "WP File Scan" at the same time in the menu would have been even more confusing.

    4) As regarding the WP File Scan issue, I suggest you to deactivate and then reactivate the plugin. This will fix it.

    Looking forward to hearing from you!

    Regards,
    Costin

  11. WordWeaver777
    Member
    Posted 5 months ago #

    Hello Costin,

    Well, I saved the PHP script as test.php and placed it at the top level of my blog directory. I set the permissions for it to 777 and then rebooted the server.

    When I navigate to the test.php file in my web browser, nothing happens. There are no on-screen messages; just a blank white page.

    Deactivating and then reactivating the plugin did resolve the issue regarding the WP File Scan. It is now working properly.

    Upon reactivating the plugin, I noticed two new alerts on the alerts page. Both of them -- regarding the install.php and upgrade.php files in the wp-admin folder -- were yellow. I manually removed both files from the wp-admin folder, but the alerts remain yellow, and not green.

    I also once again removed the readme.html file from the top level of the blog.

    Thus, right now, there are three yellow alerts on that page, while all the rest are green.

  12. Acunetix
    Member
    Plugin Author

    Posted 5 months ago #

    Hi, WordWeaver777

    Thank you for the feedback.

    As regarding the test.php file, this is pretty weird, you should have received at least one of those two messages... can you please check the error log and see if there is an error reported when that page was loaded?

    Good to hear that the wp scanner is working now :)

    As regarding the new alerts for install.php and upgrade.php, yes, we've added these two alerts in this update of the plugin. The reason you don't see the green icon yet is that the check for those files existence is done hourly using the cron from WordPress; after the cron job will be executed, the icons should turn green.

    As regarding the readme file, this is how the check is handled inside the plugin:

    if the file was not found: the alert should have the green icon
    otherwise:
    if the file is not readable: the alert should have the green icon
    else: if the file's size is greater than 0 then a MEDIUM alert is generated, else the alert should have the green icon

    In conclusion, if you still receive the yellow icon (the Medium alert level) it means the script detected the file as not empty, but you're saying you have deleted the file, and that makes things extremely weird... :/ (I have to mention here that I have triple checked how the alert is generated for this file and I couldn't find any flows in it).

    Coming back to the test.php file, please clear its content and replace it with this one:

    <?php
    error_reporting(-1);
    ini_set('display_errors','on');
    
    echo "File loaded.<br/>";
    
    echo "Testing the environment:<br/><br/>";
    
    echo "Checking for chmod: <br/>";
    if(function_exists('chmod')){ echo "&nbsp;&nbsp;&nbsp;&nbsp;function chmod is available on your server.<br/>"; }
    else{ echo "&nbsp;&nbsp;&nbsp;&nbsp;function chmod is not available on your server.<br/>"; }
    
    if(is_callable('chmod')){
        echo "&nbsp;&nbsp;&nbsp;&nbsp;function chmod can be executed on your server.<br/><br/>";
        $readmeFilePath = realpath("readme.html");
        echo "Checking the readme.html file ($readmeFilePath):<br/>";
        if(is_file($readmeFilePath)){
            echo "&nbsp;&nbsp;&nbsp;&nbsp;The readme.html file exists.<br/><br/>";
    
            echo "Checking the readme.html file size.<br/>";
            $size = filesize($readmeFilePath);
            if(0 == $size){
                echo "&nbsp;&nbsp;&nbsp;&nbsp;File size is 0<br/>";
            }
            else {echo "&nbsp;&nbsp;&nbsp;&nbsp;File size is $size bytes<br/>";}
    
            clearstatcache();
            $permissions = substr(sprintf("%o", fileperms($readmeFilePath)), -4);
            echo "<br/>Checking the readme.html file permissions before change:<br/>";
            echo "&nbsp;&nbsp;&nbsp;&nbsp;File permissions: $permissions<br/>";
    
            echo "&nbsp;&nbsp;&nbsp;&nbsp;Trying to change the file permissions to 0400<br/>";
            if(chmod($readmeFilePath, '0400')){
                echo "&nbsp;&nbsp;&nbsp;&nbsp;Changing file permissions to 0400: success<br/>";
            }
            else { echo "&nbsp;&nbsp;&nbsp;&nbsp;Error changing file permissions to 0400<br/>"; }
    
            clearstatcache();
            $permissions = substr(sprintf("%o", fileperms($readmeFilePath)), -4);
            echo "<br/>Checking the readme.html file permissions after change:<br/>";
            echo "&nbsp;&nbsp;&nbsp;&nbsp;File permissions: $permissions<br/>";
    
        }
        else {echo "&nbsp;&nbsp;&nbsp;&nbsp;The readme.html file was not found.<br/>";}
    }
    else{ echo "&nbsp;&nbsp;&nbsp;&nbsp;function chmod cannot be executed on your server.<br/>"; }
    ?>

    This one should give you an idea of what's going on.

    Regards,
    Costin

  13. WordWeaver777
    Member
    Posted 5 months ago #

    Hello Costin,

    You are correct. The alerts for both the install.php and upgrade.php alerts are now green.

    I made a new test.php file with the above code and placed it at the top level of my blog directory where the readme.html doc is usually located.

    I again set the permissions for the test.php file to 777 and rebooted my server.

    The results are still the same. That is, I get just a blank white page when I navigate to that page with my web browser.

    Neither my Apache or PHP error logs are showing any errors when I navigate to the test.php file.

    All alerts are now green, except for the readme.html alert which still remains yellow.

    Aside from this issue, the only other problem is that the "Apply Suggested Permissions" button is still now working on the WP Info page. However, I am not going to worry about it, because I use BatChmod to change all of my file permissions anyway.

    Also, the readme.html file has also been removed, so I really see no need to pursue the one yellow alert, unless you personally really want to dig into it, and figure out why it is still not changing to green.

    Thanks for your help.

  14. Acunetix
    Member
    Plugin Author

    Posted 5 months ago #

    Hello, WordWeaver777

    Thank you for your feedback!

    It is strange that you cannot access the test.php file, even more strange is the fact that you don't get any access errors...if I would have access to your server I might probably find the answer for this very quick, but in this conditions it gets really hard to find a solution for this :(

    the same goes for the readme.html notification...now that you have manually changed permissions and deleted the readme file then there's no need to worry about the yellow icon...

    Regards,
    Costin

  15. dsgncr8or
    Member
    Posted 4 months ago #

    Never have ran the FILE SCAN and when I try and run it for the first time I get: "Internal Error: could not retrieve the ID for the last added scan." How can I fix this?

    Thanks in advance,

    Dru

  16. dsgncr8or
    Member
    Posted 4 months ago #

    And I am running 3.7.1 and it miss-reports that I am not.

  17. dsgncr8or
    Member
    Posted 4 months ago #

    And live traffic does not work either.

  18. jimkend
    Member
    Posted 4 months ago #

    I activated the plugin and none the settings checkboxes will check. Little hand hovers, outline gets all red-dotted on click, but no payoff. To the left of the Update Settings button is a blank white button, too—what's that? Other than that things seem fine, but I would like to check those boxes! What am I missing? Thanks.

Reply

You must log in to post.

About this Plugin

About this Topic