{"id":46045,"date":"2012-10-16T06:39:02","date_gmt":"2012-10-16T06:39:02","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/mvis-security-center\/"},"modified":"2013-06-13T13:26:45","modified_gmt":"2013-06-13T13:26:45","slug":"mvis-security-center","status":"closed","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/mvis-security-center\/","author":9960560,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.3.5","stable_tag":"1.3.5","tested":"3.5.2","requires":"3.3","requires_php":"","requires_plugins":"","header_name":"MVIS Security Center","header_author":"SEC Consult","header_description":"","assets_banners_color":"3f597b","last_updated":"2013-06-13 13:26:45","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"http:\/\/wordpress.org\/extend\/plugins\/mvis-security-center\/","header_author_uri":"https:\/\/www.sec-consult.com\/en","rating":5,"author_block_rating":0,"active_installs":10,"downloads":4469,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":[],"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":"1"},"assets_icons":[],"assets_banners":{"banner-1544x500.jpg":{"filename":"banner-1544x500.jpg","revision":"613100","resolution":"1544x500","location":"assets"},"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":"613100","resolution":"772x250","location":"assets"}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.1","1.2","1.3","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":"690137","resolution":"1","location":"assets"},"screenshot-2.png":{"filename":"screenshot-2.png","revision":"690137","resolution":"2","location":"assets"},"screenshot-3.png":{"filename":"screenshot-3.png","revision":"690137","resolution":"3","location":"assets"},"screenshot-4.png":{"filename":"screenshot-4.png","revision":"698295","resolution":"4","location":"assets"},"screenshot-5.png":{"filename":"screenshot-5.png","revision":"698295","resolution":"5","location":"assets"},"screenshot-6.png":{"filename":"screenshot-6.png","revision":"698295","resolution":"6","location":"assets"},"screenshot-7.png":{"filename":"screenshot-7.png","revision":"698295","resolution":"7","location":"assets"},"screenshot-8.png":{"filename":"screenshot-8.png","revision":"725577","resolution":"8","location":"assets"},"screenshot-9.png":{"filename":"screenshot-9.png","revision":"726229","resolution":"9","location":"assets"}},"screenshots":{"1":"The start page of the plugin gives you an overview of all tests within each of the three steps. Hovering over a dot will give you a brief description of the gravity of a given issue.","2":"The update check step shows you which plugins are either outdated (orange dot) or contain a known security vulnerability (red dot) that hackers can abuse to attack your site. For non-subscribed users the vulnerability information is 30 days outdated.","3":"Clicking on the double arrow symbol of any issue shows detailed information about it. In this case details of a vulnerability in an installed plugin are displayed and the option to update the plugin directly with one click is given. This functionality is only available to subscribed users.","4":"The user check step displays information about user accounts that might pose a threat to your website. For example weak passwords or common usernames with high privileges will be flagged here.","5":"Detailed information on how to solve a problem with a specific user account is given.","6":"The core check step shows which files and settings might put your website at risk and are configured insecurely.","7":"One example of a violation of security best practices that should be resolved.","8":"Subscribed users conveniently receive weekly status e-mails for all their active sites summarizing available updates and known vulnerabilties.","9":"A detailed report about the specific vulnerability that affects a site is attached in the real-time email alert that for subscribed users."}},"plugin_section":[],"plugin_tags":[90075,44505,44504,895,600],"plugin_category":[54],"plugin_contributors":[],"plugin_business_model":[],"class_list":["post-46045","plugin","type-plugin","status-closed","hentry","plugin_tags-mvis","plugin_tags-mvis-security","plugin_tags-mvis-security-center","plugin_tags-permissions","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_committers-mvis","plugin_committers-s_streichsbier"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/mvis-security-center_3f597b.svg","icon_2x":false,"generated":true},"screenshots":[{"src":"https:\/\/ps.w.org\/mvis-security-center\/assets\/screenshot-1.png?rev=690137","caption":"The start page of the plugin gives you an overview of all tests within each of the three steps. Hovering over a dot will give you a brief description of the gravity of a given issue."},{"src":"https:\/\/ps.w.org\/mvis-security-center\/assets\/screenshot-2.png?rev=690137","caption":"The update check step shows you which plugins are either outdated (orange dot) or contain a known security vulnerability (red dot) that hackers can abuse to attack your site. For non-subscribed users the vulnerability information is 30 days outdated."},{"src":"https:\/\/ps.w.org\/mvis-security-center\/assets\/screenshot-3.png?rev=690137","caption":"Clicking on the double arrow symbol of any issue shows detailed information about it. In this case details of a vulnerability in an installed plugin are displayed and the option to update the plugin directly with one click is given. This functionality is only available to subscribed users."},{"src":"https:\/\/ps.w.org\/mvis-security-center\/assets\/screenshot-4.png?rev=698295","caption":"The user check step displays information about user accounts that might pose a threat to your website. For example weak passwords or common usernames with high privileges will be flagged here."},{"src":"https:\/\/ps.w.org\/mvis-security-center\/assets\/screenshot-5.png?rev=698295","caption":"Detailed information on how to solve a problem with a specific user account is given."},{"src":"https:\/\/ps.w.org\/mvis-security-center\/assets\/screenshot-6.png?rev=698295","caption":"The core check step shows which files and settings might put your website at risk and are configured insecurely."},{"src":"https:\/\/ps.w.org\/mvis-security-center\/assets\/screenshot-7.png?rev=698295","caption":"One example of a violation of security best practices that should be resolved."},{"src":"https:\/\/ps.w.org\/mvis-security-center\/assets\/screenshot-8.png?rev=725577","caption":"Subscribed users conveniently receive weekly status e-mails for all their active sites summarizing available updates and known vulnerabilties."},{"src":"https:\/\/ps.w.org\/mvis-security-center\/assets\/screenshot-9.png?rev=726229","caption":"A detailed report about the specific vulnerability that affects a site is attached in the real-time email alert that for subscribed users."}],"raw_content":"\n

Important Notice<\/h4>\n\n

MVIS Security Center has been updated to identify weak user accounts that are exploited globally by distributed brute force attacks. Install it and remediate any problems with user accounts immediately.<\/p>\n\n

Security has never been this simple!<\/h4>\n\n

MVIS Security Center is a proactive WordPress security plugin that helps you lock down your installation in three simple and clear steps.<\/p>\n\n

    \n
  1. Update Check: Find out what components of WordPress are vulnerable or need updating.<\/li>\n
  2. User Check: Find out which of your user accounts have problems that pose risks to your website.<\/li>\n
  3. Core Check: Find out which files and settings put your website at risk.<\/li>\n<\/ol>\n\n

    You'll have all the information you need to protect your website from hackers.<\/em><\/p>\n\n

    Protect yourself now. Stay protected in the future.<\/h4>\n\n

    Everyday new vulnerabilities are found, and hackers are ready to use them against your websites.<\/p>\n\n

    We at SEC Consult<\/a> have a dedicated team in multiple timezones that tracks all vulnerabilities and makes them available to you in real-time. \nA subscription comes with the following unique benefits:<\/p>\n\n

      \n
    1. You'll receive an e-mail alert as soon as vulnerabilities are identified that affect any of your sites.<\/li>\n
    2. The vulnerability alerts will tell you exactly how to address the vulnerability and become safe again.<\/li>\n
    3. You'll receive weekly status mails informing you about outdated versions and vulnerabilities in your sites.<\/li>\n<\/ol>\n\n

      Hackers will never stop attacking. Don't become a victim!<\/em><\/p>\n\n\n

        \n
      1. Either install it directly through the WordPress admin dashboard or<\/li>\n
      2. Download the mvis-security-center.zip<\/code> and extract its contents<\/li>\n
      3. Upload the mvis-security-center<\/code> directory to the \/wp-content\/plugins\/<\/code> directory<\/li>\n
      4. Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<\/ol>\n\n\n
        \n
        What is MVIS Security Center<\/dt>\n

        MVIS Security Center is a WordPress plugin that identifies security problems in your website and helps you lock down your WordPress installation in three simple steps. The plugin covers most of the hardening tips of the WordPress Security Codex and includes a lot of additional security checks. It was designed to clearly show at a single glance what security problems exist in your website and to provide you with all the information needed to understand these issues and eliminate them.<\/p>\n\n

        The free MVIS Security Center plugin will also show you vulnerabilities that have been made public 30 days ago or longer. At a small cost, you can subscribe to our MVIS PROtection, which gives you immediate access to the most up-to-date vulnerability information.<\/p><\/dd>\n

        What is MVIS<\/dt>\n

        MVIS stands for Managed Vulnerability Information Service and is an enterprise grade service provided for our customers around the world. \nOur security experts gather all security vulnerabilities that are disclosed publicly (more than 7000 each year!), pre-filter them to eliminate false positives and thoroughly analyse them for validity, criticality, impact and other relevant criteria. This information is stored in our central database and allows us to give you detailed information about security vulnerabilities in a given software version.<\/p>\n\n

        Through MVIS Security Center you can subscribe to MVIS PROtection, which makes this high quality vulnerability information service available to everybody for a small annual subscription fee.<\/p><\/dd>\n

        What is MVIS PROtection<\/dt>\n

        MVIS PROtection is a subscription to SEC Consult's Managed Vulnerability Information Service that was specifically created for WordPress. The MVIS Security Center plugin tracks exactly which WordPress version or which of the thousands plugins and themes are installed on your website. As soon as vulnerabilities in any of these components that directly threaten your website are disclosed online, you will receive an e-mail alert telling you the specifics of the threat and the information needed to eliminate the security issues immediately. So you can react well before attackers get a chance to exploit these flaws in your website.<\/p>\n\n

        Yes, that is very cool :)<\/p><\/dd>\n

        How much does MVIS PROtection cost<\/dt>\n

        The current prices can be viewed from within the plugin.<\/p><\/dd>\n

        Does this plugin support Multisite or Windows WordPress installations<\/dt>\n

        Limited tests have been conducted for WordPress installations on Windows and for Multisite installations. If you have a WordPress set up on Windows or a Multisite, it would be great if you can give some feedback.<\/p><\/dd>\n\n<\/dl>\n\n\n

        1.3.5<\/h4>\n\n
          \n
        • Resolves a CSS naming conflict with the plugin User Access Manager.<\/li>\n
        • Adds more details to the file permission checks.<\/li>\n
        • Updates readme.txt to show the new beautiful weekly html status e-mails.<\/li>\n<\/ul>\n\n

          1.3.4<\/h4>\n\n
            \n
          • Adds a check for wp-config.php backup files as requested by Christian M. <\/li>\n<\/ul>\n\n

            1.3.3<\/h4>\n\n
              \n
            • Fixes a bug that prevented users from being able to click on links in the built-in plugin browser. Bug reported by terminij. <\/li>\n<\/ul>\n\n

              1.3.2<\/h4>\n\n
                \n
              • The plugin is now only accessible to super admins in multisite setups and to admins in normal setups.<\/li>\n
              • The plugin has been adapted to detect insecure credentials that are currently exploited by global bruteforce attacks against WP. <\/li>\n<\/ul>\n\n

                1.3.1<\/h4>\n\n
                  \n
                • Bugfix in the coupon subscription functionality and in the displaying of one security check<\/li>\n<\/ul>\n\n

                  1.3<\/h4>\n\n
                    \n
                  • Updated the backdoor script names<\/li>\n
                  • Now allows full subscription for all sites<\/li>\n
                  • Official launch<\/li>\n<\/ul>\n\n

                    1.2<\/h4>\n\n
                      \n
                    • Adds information about available updates to the weekly status e-mails for all registered sites.<\/li>\n
                    • Fixes a bug that now allows directly one-click upgrading themes as well.<\/li>\n
                    • Changed the registration button to reflect the extended free subscription phase.<\/li>\n<\/ul>\n\n

                      1.1<\/h4>\n\n
                        \n
                      • Adds a feature that allows users to enable\/disable receiving weekly status e-mails for all registered sites. <\/li>\n
                      • Fixes a bug with installations that have differently named wp-content directories reported by Ian Dunn.<\/li>\n
                      • Fixes two bugs pass by reference bugs with newer PHP versions reported by Ian Dunn.<\/li>\n
                      • Fixes two bugs in the check functionality reported by damian5000.<\/li>\n
                      • Fixes a bug with setting cookies in Safari.<\/li>\n
                      • Improves usability aspects of the user interface.<\/li>\n<\/ul>\n\n

                        1.0<\/h4>\n\n
                          \n
                        • Initial release starting the BETA phase<\/li>\n<\/ul>","raw_excerpt":"MVIS Security Center shows you exactly how to lock down your setup and sends subscribed users real-time vulnerability alerts for their site.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/46045","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=46045"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/mvis"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=46045"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=46045"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=46045"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=46045"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=46045"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=46045"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}