wassi007
Forum Replies Created
-
Forum: Plugins
In reply to: [Advanced IP Blocker] Suggestion for improvement – automatic DeepScansHello IniLerm,
Unfortunately I have to open the ticket again because I have another request for the “Automatic DeepScan” settings.
When the switch for “Enable core, plugin, and theme update checks.” is set, notifications will be sent by email when updates and/or vulnerabilities are present. Since I run update management using the InfinitWP tool, it would be great if there were separate switches for updates and vulnerabilities in the settings.Best regards
Wassi007Forum: Plugins
In reply to: [Advanced IP Blocker] SSL “critical” with automatic DeepScanHello IniLerm,
Siteurl and home are entered with https in the database.
WP_SITEURL and WP_HOME are not used in wp-config.ph.
In Plesk, redirection from http to https is set via 301.
The check from ssllabs.com gives A+ as a result for IPv4 and IPv6.
Only the original WordPress rules and Advanced IP Blocker entries
are stored in the .htaccess.
I think it’s just Plesk’s fault (same error with the wpscan plugin)I still have one more question.
I once asked whether it was possible for you to make the functions individually selectable during the automatic DeepScan.
For example, I don’t need the message as to whether there are plugin updates
I do this centrally via InfiniteWP for all my WordPress instances.
The SSL check provides incorrect information, which is probably due to Plesk or the server configuration.
It would also be good to have the option of only sending the email if there is a problem.
Do you still have this on the roadmap, and if so, when do you think it will be implemented?Thanks a million in advance.
Best regards
Forum: Plugins
In reply to: [Advanced IP Blocker] SSL “critical” with automatic DeepScanHi IniLerm,
I have now activated the automatic DeepScan on 4 websites and on every site
SSL shown as critical. By the way, the server is managed with Plesk. The cron is
executed as task via PHP script “httpdocs/wp-cron.php”.
I think the best solution is if we can select all options separately for DeepScan,
which should then be carried out.
It would also be good to have the option to only receive a status email if there is a problem
DeepScan was detected (makes it easier with around 30 WordPress instances).Best regards
Wassi007Forum: Plugins
In reply to: [Advanced IP Blocker] SSL “critical” with automatic DeepScanHi IniLerm,
the settings are already set to “https://”.
Best regards
Wassi007Forum: Plugins
In reply to: [Advanced IP Blocker] SSL “critical” with automatic DeepScanHello IniLerm,
I’ve updates, but the SSL critical Messages is always shown.
Besteht regards
Forum: Plugins
In reply to: [Advanced IP Blocker] Suggestion for improvement – automatic DeepScansHello,
then it might just be the wpscan plugin.
Unfortunately, wpscan still shows version 4.1.22 of XML Sitemap as vulnerable.
Google XML Sitemaps <= 4.1.22 – Missing Authorization
https://wpscan.com/vulnerability/78f693a2-3fd3-4f44-8556-fa9f9952087b/Wordfence and cve.org actually only use version 4.1.21
vulnerable displayed.It’s probably time for me to replace the wpscan plugin with your DeepScan! 😉
Best regards
Forum: Plugins
In reply to: [Advanced IP Blocker] Suggestion for improvement – automatic DeepScansHello,
thank you for implementing the automatic scan so quickly.
I have another suggestion for improvement:
Setting option so that the email is only sent if a vulnerability or other errors are found during the scan.I also noticed that DeepScan doesn’t show any vulnerabilities, even though there are plugins with CVEs that haven’t been fixed yet. E.g. “Google XML Sitemaps” (CVE-2025-64632). The plugin is shown as vulnerable by wpscan and Wordfence.
Would it be an idea to relieve your own API that you use the WordPress API, for example – https://www.wordfence.com/help/wordfence-intelligence/v2-accessing-and-consuming-the-vulnerability-data-feed/
Thanks for the great plugin.
I sent you a donation.Best regards
Wassi007