Support » Plugin: WPSSO Core - The Complete Structured Data Plugin for WordPress » What is the update process of WPSSO (and associated plugins) ?

What is the update process of WPSSO (and associated plugins) ?

  • Resolved Boldair Développement

    (@boldairdeveloppement)


    1 year, 11 months ago

    Hi,

    I’m using Wordfence and WPSSO together for a bunch of different sites. And I’ve been regularly plagued in Wordfence by warnings like this one :

    Modified plugin file: wp-content/plugins/wpsso-inherit-parent-meta/lib/config.php
    Type: File Changes

    Examining the diffs (and the github repo) the changes are appearing legitimate, but it’s always a few days before the warning disappear (usually after an update of the corresponding WPSSO plugin appears on the plugin page and it’s updated), leading me to wonder where the changes come from.

    I Just checked the diffs on that example above and the code from WP Repo, matched the GithUb repo, but the code of the file on my site was the one from the previous version. BUT I didn’t have a version change shown in my plugins page, which is indeed very weird, since all other plugins are regularly showing updates (and are auto updated when they do.

    Any idea of what could possibly be happening there ?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author JS Morisset

    (@jsmoriss)

    1 year, 11 months ago

    It sounds like WordFence is assuming the WP.org SVN tags and GitHub branches are static and read-only – they are not. I would suggest excluding WPSSO from WordFence SVN and GitHub checks to avoid false positives.

    js.

    Thread Starter Boldair Développement

    (@boldairdeveloppement)

    1 year, 11 months ago

    Hi, Thanks for your reply. I can of course exclude WPSSO, still it’s a risk, because if a malicious change did happen in those plugins I wouldn’t be warned about it.

    I guess I’ll take the question to the Wordfence team (who in turn might then have questions for you about the flow and source of changes on your plugins)

    Have a nice day 🙂

    Thread Starter Boldair Développement

    (@boldairdeveloppement)

    1 year, 11 months ago

    Hello.
    So I contacted the Wordfence team about this and that was their reply :

    Hi,

    The WPSSO Core (The Complete Meta Tag and Schema Markup Solution) plugin author is not managing their code properly at the plugin repository.

    See the 7.8.0 version tag below:

    https://plugins.trac.wordpress.org/browser/wpsso/#tags/7.8.0

    You will see multiple different modification dates for files for version 7.8.0 of the plugin.

    Each time a plugin author makes a change to any file they should release a new tag version number. The only file changes that a Standard Wordfence scan will ignore is for TXT text files. Any changes to other files for the same version tag number will result in modified file scan results.

    Kind regards,

    Phil
    Customer Support Engineer

    So I suppose this is the source of the discrepancies I’m seeing (and the Wordfence alerts). It’d be nice if you revised your updates process, but if not, I’ll live with it 😉

    Have a great day.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘What is the update process of WPSSO (and associated plugins) ?’ is closed to new replies.

Views