Plugin Author
Paul
(@paultgoodchild)
The wp-config.php isn’t a WordPress core file as shipped by WordPress. If you download the ZIP, you’ll see it’s not there. Therefore the scan can’t flag that file as being modified.
When you say that there are multiple modified files, which files are those exactly?
Hi Paul –
Thanks for the response, I could have sworn it caught it on the first scan, but I am clearly very well mistaken. I’ll do a better job documenting what I believe it may missing. I wanted to fully flush out the plugin prior to paying for it to make sure it was as good as it seems. It’s possible the files I have observed being missed are out of scope of the free product.
Wordpress does consider wp-config a core file, but it is true it is not included in the download and is a generated file. So I can see why it would be very challenging for the scan to compare it to the sample file.
I appreciate the quick response, it’s a weekend so go enjoy it, have a happy new year. I will upgrade as I want to test out the rest of the scan features. Overall I am impressed with it, so thank you for the effort on creating and maintaining something that helps us keep our wp installations as secure as possible.
I’ll mark this as resolved until/unless I can provide you with more accurate details on what could have been missed.
Plugin Author
Paul
(@paultgoodchild)
Yea, this particular scan deals only in the files that actually ship with WordPress and can’t cater for custom files, such as the WordPress config. However, we’ll be releasing a new feature later in the year that will attempt to track and monitor the wp-config.php file.
With regard the free product, there is no difference for this particular scan – you have the full features. The Pro upgrade will however bring additional scans.
Keep us posted on what you find if you spot any issues.
