Support » Plugin: WebP Express » Modified plugin file: wp-content/plugins/webp-express/changelog.txt

  • Resolved jpnl

    (@jpnl)


    Hi, it looks like you changed something to a file after releasing 0.17.2 without updating the version number. Please don’t do that. It triggers WordFence to issue a warning because potentially it could mean that a file on your website has been infected with malicious code.

    When I compare the original and updated file, I see this

    Original

    * Fixed bug: Updating plugin failed on some systems (in the unzip phase). Problem was introduced in 0.17.0 with the updated binaries.

    Updated

    * Fixed bug: Updating plugin failed on a few hosts (in the unzip phase). Problem was introduced in 0.17.0 with the updated binaries.

    I can see the change isn’t harmfull (and not useful either for that matter), but I manage a lot of websites with your plugin and this change means I’ll get a WordFence warning form every website every day until the next update.

    Thanks
    JP

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author rosell.dk

    (@roselldk)

    Got it.
    Thanks.

    Plugin Author rosell.dk

    (@roselldk)

    Do you know if I can change the README without Wordfence complaining?

    I don’t think you can, unless you release a new version.

    WordFence takes a snapshot from when a new plugin/theme version is released. They use the snapshot to scan for file changes.

    WordFence can’t see it when you change a file without releasing a new version.

    This results in a strange, but logical situation. If I update a site right now, I get all the current files from the WP repository. Including your updated readme file. So technically, there are absolutely no differences between the files in the repository and on my site. However, WordFence still sees a difference, because they compare the files on my site with the files in the snapshot they took when you released the update, prior to your file change.

    Plugin Author rosell.dk

    (@roselldk)

    Have you gotten any warnings about changed README.txt ? I have modified that many times without creating a release. It could be that Wordfence makes an exception for that file. Perhaps because the WordPress team specifically says that you should not make a new release if you are just changing README.txt (it takes up resources)

    • This reply was modified 1 month, 2 weeks ago by rosell.dk.

    This time WordFence only gave a warning changelog.txt not readme.txt.
    I can’t recall having a warning for that file.
    Did you also change something in readme.txt after releasing 0.17.2 ?

    If you want I can test if you change something now.

    Plugin Author rosell.dk

    (@roselldk)

    Yes, I actually did.

    Ah ok, so then it looks like WF excludes that file from their warning mechanism.

    Plugin Author rosell.dk

    (@roselldk)

    I shall continue this practice then (with README.txt only). Just let me know if you start seeing warnings because of this

    Ok will do. Thanks for understanding!

    When do you expect 0.17.3?
    Then I skip 0.17.2 to not trigger WF

    • This reply was modified 1 month, 2 weeks ago by jpnl.
    Plugin Author rosell.dk

    (@roselldk)

    There are no urgent fixes in queue, so 0.17.3 is not on the roadmap. If something comes up, I will fix and release quickly. I expect a 0.18.0 release within a month

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.