Emails on EVERY scan and flagging non changes

Hello @7thcircle

Thank you for your message. Below are the answers to your comments:

1) We have opted to add that email as a scan confirmation. Here is an explanation: without such email, if after a scan you do not get an email, does it mean there were no file changes or could it also be that there were file changes but the email failed to be delivered, or was blocked?

However, we understand that not everyone might like this. In fact we have planned to add a setting to enable / disable this in the next update.

2) In regards to seeing files added to the site months ago – I am presuming that these are files added to your website’s root directory, right? If that is the case, that is happening because in this update we have included WordPress core files checks against the official WordPress repository. You can read more about this in today’s release notes.

Looking forward to hearing from you.

Yes, I am getting an email about things like the bing.xml file on every scan. I know I can exclude the file, but that defeats the purpose since I want to know if it is changed for some reason.

Hello @7thcircle

No, you do not need to exclude the file from the scan. You just need to add it as an “allowed file”.

With this update we have included a new check; the WordPress core file of your website are cross checked against the official WordPress repository, to confirm that the WordPress core files on your website has not been tampered with.

Since by default, there are no such files in the WordPress core, you have to tell the plugin that you have a number of files in your core, such as bing.xml. Once it is added as an allowed file, the plugin won’t alert you anymore about it, unless it is changed or deleted.

You can refer to these FAQs for more information:

1. How does the plugin detect file changes?
2. What are allowed files in WordPress core?
3. How to address the file changes reported by the plugin.

The above should help. Can you please confirm?

Looking forward to hearing from you.

I have whitelisted the files but I am still seeing issues. I have deleted the readme file in my root, but the scan keeps telling me it is missing in the email but not on the monitor page. Currently it tells me I have 8 files in question but none showing. Of those 8, 7 of them are the readme file and 1 is the GeoLite2-Country.mmdb for WooCommerce.

I appreciate the need to scan the files, but I would think that once they are listed they should not be listed again until cleared or changed. I also would think that the total number should reflect things we can see and act on. I also see that when updating a plugin we get a single line instead of the previous list of all files added, changed, and modified.

Files modifications detected on your website:
/home1/xxx/public_html/wp-content/uploads/woocommerce_uploads/KjJFn94SbuTU1wEHS3Ho0W0j1NbJ0kgn-GeoLite2-Country.mmdb
Total number of modifications: 0

File deletions detected on your website:
/home1/xxx/public_html/readme.html
/home1/xxx/public_html/readme.html
/home1/xxx/public_html/readme.html
/home1/xxx/public_html/readme.html
/home1/xxx/public_html/readme.html
/home1/xxx/public_html/readme.html
/home1/xxx/public_html/readme.html
Total number of deletions: 0

Hello @7thcircle

Just wanted to let you know that we are looking into this and will get back to you soon. Sorry for the late response. The offices were closed during the festive season and we are now replying to all emails and support tickets. Thank you for your patience.

Hello @7thcircle

I can confirm that we identified the issue. We are working on update 1.7.1 which will include a fix. It should be released early next week.

Thank you for using the plugin and let us know should you have any other questions.

Have a good day.

Hello @7thcircle

We need more data from your end to be able to solve this, sorry. Would you please be able to send us an export of the DB to [email protected]? We’d like to see what exactly is the plugin saving.

Looking forward to hearing from you.

The file is on the way

Hello @7thcircle

We have just released update 1.7.1 of the plugin. Can you please update your copy and advise if all issues are addressed?

Thanks a lot for your cooperation.

The update seems to solve this issue. It does require someone to check and uncheck the box for the “don’t send” option.

Thank you for the update @7thcircle

I am glad all is solved. That setting should be off by default. We’ll check it again.

Turns out that when you go through the option to disable / re-enable the sending that all emails stop.

On the sites that I left without checking and unchecking the box the email sends no matter what everyday.

On the sites that I set to only send when there is a change I get no emails at all.

Hello @7thcircle

Iv been testing this extensively and I just cant seem to reproduce an issue, in al cases I (admin) am not notified via email with no changes take place until I specifically set the option to do so.

I suspect there could have been an issue during the update which enabled this option, which would explain why saving/re-saving the setting worked, however im afraid I cant be accurate as I cannot currently replicate the problem.

Thanks for letting us know however, ill keep an eye out for any similar issues being reported

Kind Regards, Daniel @ WP White Security

I have removed and reinstalled the plugin (using the delete settings on removal option) and will test after the next file change.

After the reinstall, a test email works fine, but the scan finds changes and does not send a message.