Support » Plugin: Sucuri Security - Auditing, Malware Scanner and Security Hardening » All Serttings Gone with 1.7.19 Update

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author yorman

    (@yorman)

    I understand, we decided to stop using the database to store the plugin’ settings because we had some concerns about the security of the built-in WordPress functions used to get and set the data in there.

    Since version 1.7.18 the plugin is storing the settings in a plain text [1] and it tries to migrate the settings from the database if possible, but if the directory where the file is located is not writable the plugin fails silently. I will modify the code to be more careful with the settings migration so this doesn’t happens again.

    EDIT: I just submitted the fix to the repository with commit d399993 [1] this will be merged with the rest of the code and be released to the public with a new version of the plugin. After this the plugin will check if the plain text file is writable before it tries to migrate the settings from the database. Thanks for the report.

    [1] /wp-content/uploads/sucuri/sucuri-settings.php
    [2] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/17/commits/d399993

    As I use a custom Sucuri directory outside my web site (also for security reasons) this broke completely for me. I really wish there had been a warning with 1.7.18 so that I could have prepared a writable directory in the right place. At least now I know what to do.

    Plugin Author yorman

    (@yorman)

    Sorry for the inconvenience, I fixed this bug here [1] feel free to install the development version of the plugin [2] or wait until these changes are merged with the rest of the code that will be released with a new version as soon as we finish the testing.

    [1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/18/commits/ca60b71
    [2] https://github.com/cixtor/sucuri-wordpress-plugin/archive/master.zip

    I’m happy to report that 1.8.1 did indeed preserve my settings on upgrade from 1.7.17.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘All Serttings Gone with 1.7.19 Update’ is closed to new replies.