secconsult

Hello Andrew,

I am glad to hear that you like the plugin 🙂

Regarding your problem, please take a look at the error logs of your site, there should be an indication of what causes the problem. Let me know if you find something that looks suspicious, then we can narrow down the problem.

Feel free to send the log file to mvis_wp@sec-consult.com, then I can help you with the analysis.

Cheers,
Stefan

Hello terminij,

First of all thank you for your honest feedback.

What I was just able to reproduce is that if you search for plugins, even though you can download plugins directly using “Install Now” and click on “Details” to open a tab with information, it is indeed not possible to click any link in that “Details” frame. I will start investigating and testing a solution to this problem and deploy a version fixing this issue asap.

Additionally, I would like to show our appreciation for bug reports like this by giving you a code for a one-year free subscription for one site. Please get in touch with me via the “Feedback, Bugs or Feature Requests?” link in the top right corner of the plugin to receive the code.

Regarding the manual update, if you allow the plugin to communicate with our servers by clicking the according checkbox during the first setup, it will automatically update the vulnerability feed once a day. The free version though will always be exactly 30 days behind and only with the subscription you will be receiving immediate up-to-date email alerts as well as the updated vulnerability feed and vulnerability details in your plugin .

Finally, I would like to mention that we really take bugs seriously and put a lot of effort into developing high quality plugins. So far we have received a lot of good feedback regarding this. No software ever gets a 100% bug free, but relies on community support such as yours to get close to that.

So again, thank you for bringing this bug to our attention and I’ll make sure it is fixed and released asap.

Cheers,
Stefan

Hello, you can contact me again if there are any further questions. I’m closing the topic.

Hello mosheeshel,

Do you have ftp/sftp access to the system, then you should be able to see what the owner name and group name of specific files/directories are, which should help us determine how your file permissions can be secured without breaking the site.

In the meantime, please share the default file permissions that are set on /wp-config.php and /index.php, because these are some of the most important files to secure in a shared hosting environment.

Hello Mosheeshel,

Are you hosting the WordPress on your own server?
If not then the issue is likely to be in the setup of your hosting provider.
Could you share which users own the files and which group user is set for your directories? Additionally, we would need to find out which user your webserver runs as (e.g www-data) and if it is part of the group.

If you don’t want to share the information publicly, you can also send me an e-mail using the “Feedback, Bugs or Feature Requests?” link in the top right corner.

Cheers,
Stefan

Hello Justin,

I have tried to reproduce the error you are getting on XAMPP 1.8.1 for Mac and for Linux and was not able to produce any errors after the installation of the plugin.

This might sound exotic, but did you use the same password for your testsetup and the production system?

Other than that unfortunately I have no further ideas than the already proposed fix.

Please let me know.

Alright, so if I download and install the latest XAMPP (1.8.1) I should be able to reproduce the issue, right?