Security considerations against unusedcss.io

  • Resolved gna

    (@gna)


    4 years, 3 months ago

    The plugin suggests to subscribe to the service residing on unusedcss.io, but it seems the hosting of that service is not really secure.

    Last time a search in google for site:unusedcss.io inurl:attributel showed 2 pages from the indexed 15800 results, which are clickbait pages redirecting to hell-knows where.

    If the plugin author has any contact to the service provider, I would suggest to ask them to first lock down the security problems on unusedcss.io and making sure the service itself does not leak any information (not even the urls it shall check for unused CSS) prior using it further in the plugin.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Shakeeb Sadikeen

    (@shakee93)

    Hey gna,

    Thank you for this support ticket.

    unusedcss.io is just our website with information regarding our service and information related to it. the service runs on a separate instance and it is 100% secured.

    the plugin doesn’t rely on unusedcss.io domain it relies on app.unusedcss.io domain.

    We are working on tightening the security of our website.

    Please feel free to let us know if you have any questions.

    Good day!

    Plugin Author Shakeeb Sadikeen

    (@shakee93)

    Marking this as resolved as we tightened the security of our website. please feel free to open this again if you found anything related.

    Thank you for pointing this out.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security considerations against unusedcss.io’ is closed to new replies.