Critical Notification Issue

bulewold
(@bulewold)

11 years ago

This is more of suggestion than issue. But I think it’s an important one that can be fixed easily.

This is GREAT security plugin and love it! The ONLY issue I have with this is that I enabled ‘critical issue email notification’ but wordfence is set to alert critical if a plugin or theme is not up to date for one second.

My system updates plugins automatically within 24 hours but ever day, I get email from wordfence saying critical alert: plugin out of date….

This kinda makes whole ‘critical’ part mute… it makes me ignore emails which is not what I want to do.

++ CAN YOU consider update where…
1. We can set exactly what kinds of emails I want to get.
2. Or simply make theme & plugin out of date not ‘critical issue’ but as warning.
3. Or give 2~3 days grace period for system to catch up and then set to alert. (since my system does update plugin automatically everyday, after I get email from wordfence with ‘critical alert’

Thank you for your attention on this matter.

https://wordpress.org/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)

WFSupport
(@wfsupport)

11 years ago

Great ideas, but let me tell you some of the reasons why we don ‘t do these things.

First, we do offer some configuration on email notifications. You can enable or disable “Alert on critical problems” and “Alert on warnings”. You are correct that it isn’t more granular than that but for simplicity’s sake we chose to make it this way. Remember not everyone is as security savvy as you are. You can also limit the number of emails you get to further pare down the number you receive.

Second, making themes and plugins out of date alerts anything but a critical issue would really be a bad idea. I would say most of the hacks we encounter, the sites that have been exploited, have started from out of date plugins or themes, even disabled ones, on the infected website. This is a huge security risk and to say it wasn’t critical to update them wouldn’t really say much for our being a security company. Again, thinking back to the first question, you probably don’t need reminded about this. Many wordpress users do.

Last, sometimes these plugins need to be updated as soon as the plugin is available. These ‘zero day’ vulnerabilities are usually pretty nasty and when announced need to be patched ASAP. The revslider comes to mind here.

Still great thoughts and I appreciate you taking the time to write them. I’m passing this on to our dev team to look at for ideas.

Thanks!

tim

Thread Starter bulewold
(@bulewold)

11 years ago

Tim, thanks for your response. I now understand your point of view on this. And you’re right….

The issue now then Installatron doesn’t offer immediate update… which I thought is a good thing because I wouldn’t want my site to be updating during the day when it’s active with visitors… What are your thoughts on that?

I do have email frequency down to 1 a day but the issue as admin is that I get 1 email from 7 different websites on same plugin… and when I get ‘critical email’, I do want to check it manually so that I can respond. But so far.. it’s only been about the plugin. now that’s a GOOD THING, of course… and thought I’d start discussion here to see if we can find a way to minimize ‘my annoyance’.

Having said that, I’ll also contact installatron and see if they can offer immediate update to start. And perhaps your team can look into ‘Turn off notification on plugin update’ feature with warning that ‘turn off at your own risk’ for people like me.

As I write this, this is very conflicting issue… I can really support both argument myself… lol

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Critical Notification Issue’ is closed to new replies.