Title: Plugin has bee removed from wordpress.org? Last modified: March 13, 2020 --- # Plugin has bee removed from wordpress.org? * Resolved [isaacbrown](https://wordpress.org/support/users/isaacbrown/) * (@isaacbrown) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/) * Hi, why has your plugin been removed and now unavailable for download? * This plugin has been closed as of February 27, 2020 and is not available for download. This closure is temporary, pending a full review. Viewing 15 replies - 1 through 15 (of 18 total) 1 [2](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/page/2/?output_format=md) [→](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/page/2/?output_format=md) * [CGS Web Designs](https://wordpress.org/support/users/cgscomputers/) * (@cgscomputers) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12490995) * I came here to ask this question as well… would like to know why it’s been removed as I use it on many sites. - This reply was modified 6 years, 2 months ago by [CGS Web Designs](https://wordpress.org/support/users/cgscomputers/). Reason: Ticking for email replies * Plugin Support [robertabela](https://wordpress.org/support/users/robert681/) * (@robert681) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12491070) * Hello [@cgscomputers](https://wordpress.org/support/users/cgscomputers/) and [@isaacbrown](https://wordpress.org/support/users/isaacbrown/) * Thank you for your message. There is actually a low severity edge case issue in which unauthorized users can change the plugin’s settings. * We are currently working on a fix and will be releasing the update with a fix within the next few hours. * Sorry if this has caused any inconvenience. If you require further information/ clarification, please do not hesitate to contact us by sending us an email on [support@wpwhitesecurity.com](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/support@wpwhitesecurity.com?output_format=md). * Thank you for using our plugins. * [richsadams](https://wordpress.org/support/users/richsadams/) * (@richsadams) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12491544) * Thank you for the timely attention to this issue! * Would you be so kind as to post here when the update is available? * Thank you again. - This reply was modified 6 years, 2 months ago by [richsadams](https://wordpress.org/support/users/richsadams/). * [tmuka](https://wordpress.org/support/users/tmuka/) * (@tmuka) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12491631) * thanks for the info @robertabela! * Could you clarify if “unauthorized users” mean non-authenticated public, or just non-admin wordpress account users? * Thanks! * Thread Starter [isaacbrown](https://wordpress.org/support/users/isaacbrown/) * (@isaacbrown) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12491950) * Thanks [@robert681](https://wordpress.org/support/users/robert681/) I look forward to being able to set up this plugin in my MainWP Dashboard. Let us know once its back! * Plugin Support [robertabela](https://wordpress.org/support/users/robert681/) * (@robert681) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12492010) * We have already submitted the fix and we are waiting for the administrators to approve it. * As soon as it is approved we will update this ticket. * [@tmuka](https://wordpress.org/support/users/tmuka/) if you need more details, please email us at [support@wpwhitesecurity.com](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/support@wpwhitesecurity.com?output_format=md). We’d be more than happy to answer all your questions. However, we do not want to disclose too many details until the fix is available to the public. Although there is not much to worry about, because it is a low severity edge case and it’s impact is only on our plugin and not on the WordPress website on which it is installed. * [tmuka](https://wordpress.org/support/users/tmuka/) * (@tmuka) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12492282) * thanks, that makes sense. * Plugin Support [robertabela](https://wordpress.org/support/users/robert681/) * (@robert681) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12497682) * Hello everyone, version 4.0.2, which includes the fix is available for download. Even though the plugin has not been reinstated yet (wrong timing because of the weekend) you can still download it from this repository. * [Jos Klever](https://wordpress.org/support/users/josklever/) * (@josklever) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12497846) * [@robert681](https://wordpress.org/support/users/robert681/) But as the plugin has been taken offline, the download links are not available. * Plugin Support [robertabela](https://wordpress.org/support/users/robert681/) * (@robert681) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12497875) * Sorry [@josklever](https://wordpress.org/support/users/josklever/) * I thought everyone can see the download link. I can see it because I am the developer. * You can download the latest version of the plugin, which includes the fix from [here](https://www.wpsecurityauditlog.com/downloads/support/wp-security-audit-log.zip). * [ellmann creative](https://wordpress.org/support/users/ellmanncreative/) * (@ellmanncreative) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12498364) * I’m not sure how much my word will mean to anyone, but… Since I don’t like to blindly download stuff (especially security-related stuff), I did a quick review of the changes made to the plugin (available on the link, file hashes – MD5: 664f37ae7ff5a5f872e9450317291e6e, sha256: c9b21c1d9f7093e7ae80b19d760fe89e4a78986a62a453551deab69984d3aea1) and they check out – the changes generally fall under removal of obsolete/insecure code, or shifting reliance to WP’s own role security. * If you happen to have an old copy (say, v4.0.1) of the plugin, nothing’s stopping you from performing a comparison yourself. * [Jos Klever](https://wordpress.org/support/users/josklever/) * (@josklever) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12498389) * [@ellmanncreative](https://wordpress.org/support/users/ellmanncreative/) I trust the developer of this plugin and the download link is placed by himself on his own website, so it’s not a shady link from a third party. * Hopefully the WP plugin team will review the update asap, so the plugin will be available for download/update again. * [ellmann creative](https://wordpress.org/support/users/ellmanncreative/) * (@ellmanncreative) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12498408) * No, I figured that – but this issue doesn’t just affect you, and I thought maybe someone else might benefit from me saying the above. * Plugin Support [robertabela](https://wordpress.org/support/users/robert681/) * (@robert681) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12498459) * Thank you for pointing that out [@ellmanncreative](https://wordpress.org/support/users/ellmanncreative/) * I see your point and I agree – there is no way to verify the validity of that download. I also agree that ideally one should not just download any random file. * However, in this case as [@josklever](https://wordpress.org/support/users/josklever/) pointed out (thank you for the trust!) I uploaded the file from the same place we upload the plugin on the repo. So it is safe to download, but I also understand if people want to wait until the update is made available officially via the repository. * [ellmann creative](https://wordpress.org/support/users/ellmanncreative/) * (@ellmanncreative) * [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/#post-12498590) * I would argue that this is a high-risk plugin, since it deals with security and therefore is trusted explicitly. As such, with this update being highly irregular, there’s a broad chain of trust that needs to be followed: * – that wordpress.org’s security hasn’t been compromised – that your account hasn’t been compromised: — that you don’t reuse passwords, — that none of the sites you also use haven’t been compromised and used to reset your security or otherwise gain access to the account — that your website hasn’t been compromised– that the plugin wasn’t suspended for possible security violations (wordpress. org really isn’t transparent about these things…), or otherwise made to be suspended so that people would come to the Support threads seeking help (a perfect opportunity to serve someone a malicious “update”, wouldn’t you agree?) – that the file wasn’t prepared with malicious payload as part of an ongoing attack * etc. etc. etc. * I don’t know you. It says “plugin contributor”, but there could be anyone hiding behind that handle right now. A short-lived attack could last only a few days and be so high-profile that the attacker might not care that this vector is then permanently patched up. * On the other hand, if I trusted all of the above explicitly when I installed the plugin from wordpress.org before – I can assume (without extensive code reviews) that the existing v4.0.1 I have on my disk is safe. Therefore, checking the code diff is a relatively simple procedure that only really costs me time (and, seeing as it only took under an hour w/ other activities, it’s not that high a cost to begin with). Viewing 15 replies - 1 through 15 (of 18 total) 1 [2](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/page/2/?output_format=md) [→](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/page/2/?output_format=md) The topic ‘Plugin has bee removed from wordpress.org?’ is closed to new replies. * ![](https://ps.w.org/wp-security-audit-log/assets/icon-256x256.png?rev=2961534) * [WP Activity Log](https://wordpress.org/plugins/wp-security-audit-log/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-security-audit-log/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-security-audit-log/) * [Active Topics](https://wordpress.org/support/plugin/wp-security-audit-log/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-security-audit-log/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-security-audit-log/reviews/) * 18 replies * 7 participants * Last reply from: [robertabela](https://wordpress.org/support/users/robert681/) * Last activity: [6 years, 2 months ago](https://wordpress.org/support/topic/plugin-has-bee-removed-from-wordpress-org/page/2/#post-12498877) * Status: resolved