@joost de Valk – thanks!
Aside from that, cleaning up your hacked site is a totally different issue – see those links above to start getting it cleaned up.
Autoloaders… all with “TEST” in their names? What do Asgard, CakePHP, DokuWiki, Drupal, TYPO3Cms have to do with WordPress SEO? Auto loader of TYPO3 CMS for WordPress? Makes no sense at all. How about Shopware, Piwik, Zend, and so on!? I don´t think all that is okay.
Ah wait I see what you mean now, you’re talking about the 2.1 release, that had some development files shipped with it, 2.1.1 has fixed that.
Yes, modern web development where code is reused on a boatload of different systems does save dev time, but it adds bloat, and then when people see code referencing Drupal and other CMS’s, it does look pretty suspect.
And I don´t want any kind of popup or auto-load update page within the admin area. Yoast does that since the latest updates. And all these files and “autoloaders” of course look pretty suspect. So fix that.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Everyone? It’s perfectly fine to ask questions, report problems and even question the answers from the plugin author provided the exchange is civil.
I’ve just deleted a reply that was accusatory. That’s not necessary and please dial it down.
This is a free plugin and no one is required to use it, you can delete the plugin and try something else.
The converse of that is also true: the plugin author is not required to provide support. Please keep it civil and factual and I am sure this will get sorted out.
If it continues into name calling then the topic will get closed as it will no longer be a productive exchange.
Autoloaders… all with “TEST” in their names? What do Asgard, CakePHP, DokuWiki, Drupal, TYPO3Cms have to do with WordPress SEO? Auto loader of TYPO3 CMS for WordPress? Makes no sense at all. How about Shopware, Piwik, Zend, and so on!? I don´t think all that is okay.
So this plugin, like many popular plugins write automated tests, to check if things break, the testing suite they use is not WordPress specific but a general one for PHP. By ACCIDENT it would seem the test stuff got left in when they generated a version of the plugin.
Looking at this thread, a new version was released without this content. However if you downloaded the old version, that folder may still exist if the files were copied over and the folder wasn’t deleted during the update.
So to quickly summarise:
The folder is not dangerous or weird it’s perfectly normal and safe, to reduce size these folders normally get removed from plugins before a plugin release is done. To make the release as small as possible.
The mistake was spotted and a release was updated, however in some cases those files and folder may still be there. It’s safe to delete them.
@jan, wow, kinda wish I’d seen that. I can see how people get worked up about this kind of thing, because they’re trusting someone else with the security of their site. Sure, the plugin is free, so Yoast doesn’t charge us, and we don’t charge him for being his beta testers. 🙂 It’s actually a great model, because if his free plugin works well it can lead to sales for his premium plugins. But if his plugin results in your site getting hacked… well, aside from the hassle of restoring a hacked site, who’s going to trust his premium stuff if his free stuff has issues, especially security issues?
Anyway, it’s good that you jumped in here, because the pot was simmering and was evidently about to boil over. Cheers.
@tim, I didn’t have enough info to know which folders could be deleted, so I just deleted the entire plugin. We’ll see if the DB entries are still there. They should be, because I deleted using SFTP, not the WP admin. Thanks for the tip.
I’ve been deleting all the off topic posts in this thread.
This is mdidesign’s thread, who asked this:
what is this “vendor”-folder in the latest WordPress SEO installation?
Answer, it’s just some dev code. Shouldn’t have been included but it won’t break anything to have it there. You can move on, they were removed in 2.1.1. There’s no evidence that this code made your site vulnerable, outside of the rather large security issue made by dozens of plugin authors due to poor documentation.
If you’re having actually problems with the 2.1.1 version of the plugin, please make your own thread and post the error message etc.
Please understand, what you’re doing here is derailing and confusing a topic that was resolved. You’re beating a dead horse, folks. The question has been answered, the post is resolved. Moving on 🙂
