Daniel Cid
Forum Replies Created
-
Thanks for the feedback. It has to do with caching on our malware scanning and this is something we are getting fixed.
Next version will do a fresh scan each time, instead of relying on the cached version of the last scan done.
@foliovision: Thanks for the honest review. I really appreciate the feedback and I am taking note to add it to our roadmap.
*And sorry for the late reply as I missed some of the reviews and I am trying to go back into them right now.
thanks,
Sorry for the delay here, missed this message.
I would love to investigate your case more. The plugin does not have a paid version, but we do offer more comprehensive scans, monitoring and cleanup through our paid products.
The plugin complements our paid services, but would love to see what our scanner missed. Can you send the details to dcid@sucuri.net?
thanks,
That’s a good suggestion. Added it to our roadmap to see if we can add.
We try not to auto-block things in the plugin, but we will see what we can do.
thanks!
Thanks! Appreciate the nice review 🙂
Thanks for the possible bug report. We are looking at this issue to see what is going on.
thanks,
I didn’t understand your question. Can you clarify? You want to use sitecheck on your own plugin?
Hey @elza,
Thanks for the feedback. Sorry you didn’t like what the plugin offered.
As I replied on another thread, the code is open & free, so I high welcome anyone and everyone to help us get better. That’s the beauty of open source.
You also have many other alternatives in the repo, so try the others.
If anyone ever have any issues or questions about the plugin, you are always welcome to email me directly: dcid@sucuri.net as we try to engage and make things better.
thanks!
@elza: The plugin code is all open source. Do some research and look at the code and you will see it does nothing of that.
That’s the beauty of open source, anyone can see what it is doing. In fact, you are free to fix whatever you don’t like and share with everyone else. Even send a PR so we can merge if you are inclined.
But the real benefit of open source is that silly accusations like yours can be easily proven as wrong and false by anyone that looks at it. Nobody can hide anything there.
thanks,
@elza: Shoot the messenger.
This plugin gives you security visibility to what is happening to your WordPress site. Every site gets attacked every single day, from comment spam, to brute force, SQL injections and DDoS. However, due to the lack of visibility most people are unaware of that. Visibility brings that to light, but won’t stop the malicious activity.
If you are using this plugin without any other security protection, it will be noisy. In fact, I recommend deleting the plugin if you are using it without any other security in place. Security requires multiple layers and visibility alone for someone that doesn’t covers the other layers will likely be more noisy than useful.
However, when you are taking security seriously and you have protection in place, with things like:
-IP Address White listing on wp-login/wp-admin.
-A real Website Firewall running before WordPress (like the open source ModSecurity or Sucuri’s own Firewall)
-You have spam protection on wp-comments and 2fa on wp-login.
Than the plugin becomes a very powerful addition to your security stack, allowing you to respond very fast in case of an issue and know what is going on.
Forum: Fixing WordPress
In reply to: Hacked – New admin user occuredHi @reeve,
What plugins do you have on your site? Mind pasting them? Having a good password policy won’t protect against exploits /vulns on the plugins or themes you have.
We see these injections often and most of the time they always come with hidden backdoors inside your themes or plugins that allow them to come back. So just removing the user might not be enough to be protected moving forward.
thanks,
Forum: Fixing WordPress
In reply to: My sites on wordpres was hackedIt looks like you have some type of conditional redirection on your site (most of the time hidden on .htaccess, but not always).
This is an example of similar case:
Try to follow the guide of hacked sites that Jan sent and it should help.
thanks,
Forum: Themes and Templates
In reply to: [evolve] Is it malware or a false positive?That does looks like a false positive on WordFence that is looking for Eval’s on your code, matching the “EvalError” part.
If you can paste the full content of that file from your site, we can confirm better.
thanks,
Forum: Plugins
In reply to: [Limit Post Add-On] Security issues?This is not really malware, but a “Site error detected” warning.
It means your site has errors being displayed and affected Sucuri’s ability to scan your site, so we generated a warning for you to investigate.
You can fix it by disabling notices from being displayed on PHP (display_errors to Off) or wait until the plugin is fixed.
Hope it helps.
thanks,
Hi Dan,
Yes, the plugin will not scan for malware or alert if malware is found on any of your files. It partially ties to our external scanner, but the real goal of it is to act as an audit trail, where you can track your site logins, logouts and internal WordPress activities.
So it will not find backdoors at all. As you mentioned, that is done by our Antivirus product that actually does a full scan and a complete cleanup of your site. I recommend trying it out to see the difference (or I can get you a full refund if we don’t 🙂 ).
thanks!