Hi!
First I get the a warning about install.php being present. Then I delete a file but there is no way to refresh the scan result and get a green light for this check about install.php.
The only way to refresh info is to uninstall the plugin and install it again.
It would be nice to have a button “Go!”, “Rescan!”, “Refresh!”, “Recheck!” or something similar which would start the scan as for the first time.
Thanks!
BR,
Hrvoje
I’m a micro-hoster. I use Acunetix WP Security on 15 websites.
My primary host installed Imunify on the server. I went through 3 days of hell to find out why my sites were taking up to 2 minutes load on the front-end.
Additionally, front and back, my IP would be seen as a security threat.
The simplest solution was for me to replace Acunetix.
I won’t return due to the effort involved but accept that’s not your fault. Thank you for the years of service. I can, at the very least, make you aware of the problem, thus allowing you to contact Imunify.
]]>FYI: today I received the following reply from Acunetix when I asked a few questions directly:
]]>The Acunetix WordPress plugins are unsupported and we are no longer releasing any further updates for them and have not done so in a while. If you have any other questions about Acunetix, let us know.
Hi Guys,
is your plugin compatible with PHP 7?
I would like to upgrade my site.
Regards
Henryk
[Using Acunetix WP Security version 4.0.5.]
Acunetix WP Security’s database backup function is easy and convenient to use, however it backs up the entire database to which the current WordPress tables belong and not just the current tables themselves.
The disadvantages of backing up the entire database include:
These issues mean that one cannot reliably use Acunetix’s backup feature for any of multiple projects sharing a database.
Possible solutions include:
Addressing this detail and its serious ramifications would help make Acunetix an even more excellent plugin.
]]>FILE: /home/public_html/wp-content/plugins/wp-security-scan/index.php
-----------------------------------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
-----------------------------------------------------------------------------------------------------------------------------------
32 | ERROR | Function name, class name, namespace name or constant name can not be reserved keyword '__dir__' (since version 5.3)
-----------------------------------------------------------------------------------------------------------------------------------
FILE: /home/public_html/wp-content/plugins/wp-security-scan/res/inc/WsdUtil.php
-------------------------------------------------------------------------------------------------------------------------------------------
FOUND 9 ERRORS AFFECTING 8 LINES
-------------------------------------------------------------------------------------------------------------------------------------------
244 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and deprecated since PHP 5.6 and removed since PHP 7.0 - use mysqli instead.
248 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and deprecated since PHP 5.6 and removed since PHP 7.0 - use mysqli instead.
254 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and deprecated since PHP 5.6 and removed since PHP 7.0 - use mysqli instead.
255 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and deprecated since PHP 5.6 and removed since PHP 7.0 - use mysqli instead.
303 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and deprecated since PHP 5.6 and removed since PHP 7.0 - use mysqli instead.
304 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and deprecated since PHP 5.6 and removed since PHP 7.0 - use mysqli instead.
307 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and deprecated since PHP 5.6 and removed since PHP 7.0 - use mysqli instead.
307 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and deprecated since PHP 5.6 and removed since PHP 7.0 - use mysqli instead.
313 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and deprecated since PHP 5.6 and removed since PHP 7.0 - use mysqli instead.
-------------------------------------------------------------------------------------------------------------------------------------------
FILE: /home/public_html/wp-content/plugins/wp-security-scan/res/inc/WsdPlugin.php
-------------------------------------------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
-------------------------------------------------------------------------------------------------------------------------------------------
578 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and deprecated since PHP 5.6 and removed since PHP 7.0 - use mysqli instead.
-------------------------------------------------------------------------------------------------------------------------------------------
FILE: /home/public_html/wp-content/plugins/wp-security-scan/res/inc/WsdInfo.php
--------------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
--------------------------------------------------------------------------------------------------------------
161 | ERROR | INI directive 'safe_mode' is deprecated from PHP 5.3 and forbidden from PHP 5.4.
--------------------------------------------------------------------------------------------------------------Hello,
can your Plug detect a SQL Injection in Database? May also remove? Thank you!
]]>Soliloquy Lite 2.4.0.8
PHP 5.3.29
WordPress 4.5.2
Backing up our WP database spits out two PHP warnings (twice each):
Warning: mysql_num_fields() expects parameter 1 to be resource, boolean given in /.../wp-content/plugins/wp-security-scan/res/inc/WsdUtil.php on line 304
Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in /.../wp-content/plugins/wp-security-scan/res/inc/WsdUtil.php on line 307In general, though, thank you for this excellent plugin!
]]>I notice that some features are obsolete and others don’t work like the file scan.
Still, most of the stuff do work.
]]>There’s a bug applying file permissions in WsdSecurity.php file, when it’s setting the 664 permission to files, uses quotes around the 0644 number and the number is implicitely converted in an integer (and it’s not trated as octal) by PHP as you can see following:
$ stat -c "%a %n" *
664 test1.txt
664 test2.txt
$ php -a
php > chmod('test1.txt', 0644); // without single quotes
php > chmod('test2.txt', '0644'); // with single quotes
$ stat -c "%a %n" *
644 test1.txt
1204 test2.txtSo, the files in the server can’t be chmod’ed to the correct 644 value by an user without admin privileges.
(I have no idea about where to post tickets for wp-security-scan plugin… sorry if this is not the place for.)
]]>Hello,
We have automated archiving crawlers that have been blocked from the site for awhile. I can’t see a way to whitelist an IP in your updated settings page. Can you tell me how or where I can whitelist or unblock certain IP’s for the purpose of archiving our site?
Thanks so much!
Kelli
]]>WordPress File Scan Does Not Work. It says “Error: Error retrieving the json file from server for the detected WordPress version: 4.4.2. Scan aborted.”
]]>Hello and good morning.
I h ave WP Security installed and running. Great information it gives.
However, I am running in Multisite and every subsite has access to the WP Security information via the WordPress Side Toolbar.
What is the best way to activate for multisite but not all all users/customers to access this information?
]]>This is a simple security question for beginners. The Wp-security scan verifies that there is an .htaccess file in the wp-admin folder.
OK, so does that mean I need to move the .htaccess file from the root to the wp-admin folder? Do I delete the one in the root for improved security? Or are there certain snippets of code that belong in the root and others that belong in wp-admin or other folders?
I see all kinds of tips about code snippets for .htaccess files, but they never tell you in which folder you should put them.
Can someone please explain the minimum security recommendations, best practices for .htaccess AND in which file/folders they should be placed?
Thanks ??
CherieO
Hi.
I’m backing the database but when I try to download the .sql file I receive this message:
“The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.”
Any idea?
Regards
]]>Hi, found out recently that when trying to share a post on LinkedIn, no preview is appearing. After searching around a few different websites I have created, same thing was occurring. Common thing was, all sites are using Acunetix WP Security.
If I disable the plugin, then the preview on LinkedIn started working as expected.
If I r-enabled the plugin, but cleared all of the check boxes under WP Security > Settings, then the preview on LinkedIn would work as expected.
I’ve tried fiddling with a few of the check boxes under settings (such as leaving the ones related to meta tags un-checked) but haven’t yet worked out which combo causes the issue. Is this something you guys might already know about?
Typically I have everything under WP Security > Settings checked, except for “Show the RSS” and “Enable Live Traffic Tool” (ie. the last two options are un-checked. All others I check by default).
]]>Error retrieving the json file from the server
Is this a file permissions issue or missing code or a required plugin?
]]>I installed the plugin, the site is no longer displayed (https://www.belluard.fr/ecritures/). I deleted the plugin via ftp. The site is not displayed!
]]>As of Sept. 13, 2015 Acunetix Secure WordPress and Acunetix Secure WordPress cause my site to block all pages when they are both activated.
By deactivating either one while leaving the other one activated the sites work normally.
Which one should I keep?
When the wp-config.php file has file privs of 0600, the file is identified as writable and suggests 0644. 0600 is more restrictive.
]]>How can i remove the password generator of this plugin???
]]>Hi,
I was wondering if this plugin is still being supported and/or being updated for future releases of wordpress.
I seem to have some issues, like scanning files and warnings about files that aren’t there anymore (related to file scanning I presume).
WP filescan retrieves an error:
Error: Error retrieving the json file from server for the detected WordPress version: 4.3. Scan aborted.
]]>Hi, i would like to translate this plugin in italian, but i can’t find .po or .mo file, but there is a language directory in plugin res dir, how can i translate it?
Thanks, Regards
]]>As of this evening, version 4.0.5 of your plugin started to cause issues with many of my websites. I have had to deactivate it in three (so far) in order to be able to log into wordpress admin and be able to work. Also caused web page loading issues that deactivating solved.
Yet, some of sites are okay… as of yet.
]]>The plugin suddenly causes my wordpress website to stop working since 09/Jul/2015:21:19:49 +0200 (Amsterdam/Europe timezone).
The execution time of the PHP script (/index.php) consistently is 60000-240000ms (60-240 seconds!) whilst a normal request only lasts 500ms (0.5 seconds). This causes of course a timeout.
Disabling this plugin resolved this issue.
The PHP process is practically idle so I assume that the plugin does an external HTTP request which seems to last too long since 09/Jul/2015:21:19:49. Maybe it calls home to get some config data, I do not know – but it should not wait so long for a response.
Using WP_DEBUG did not give more information about timeouts etc.
09/Jul/2015:21:19:49 +0200 127.0.0.1 - $_SERVER['REMOTE_ADDR'] 1.2.3.4 - "GET /index.php" - HTTP Status 200 - Script /var/apache-www/index.php - ExecTime 60386.076 ms - MaxMemUsage 6400 KB - MaxCpuUsage 0.13%
09/Jul/2015:23:36:29 +0200 127.0.0.1 - $_SERVER['REMOTE_ADDR'] 1.2.3.4 - "GET /index.php" - HTTP Status 200 - Script /var/apache-www/index.php - ExecTime 198225.642 ms - MaxMemUsage 6400 KB - MaxCpuUsage 0.17%Final solution: disable the plugin.
]]>In INFO page wp-admin/admin.php?page=wps_scanner
you have text “The .htaccess file was not found in the wp-admin directory.(read more)”
First: the .htaccess file in wp-admin folder will prevent a multiuser/membership site from functioning properly.
Second: the link to documentation you providing is broken.
]]>Scan report
ID Start date End date Scan Status Alerts Fail reason
1 2015-05-16 06:55:46 2015-05-16 06:56:05 0 Error retrieving the json file from server for the detected WordPress version: 4.2.2. Scan aborted.
Thanks
Roger Pilon, Editor
The Planet Fixer Digest
Reports: Error: Error retrieving the json file from server for the detected WordPress version: 4.2.2. Scan aborted.
]]>Hi Support,
get following error, when I activate the plugin in the actual version wir WordPress 4.2.1 (sorry it is in German):
Das Plugin verursachte eine Fehlermeldung 295 Zeichen unerwartete Ausgabe w?hrend der Aktivierung. Sollte du Fehlermeldungen wie “headers already sent”, Probleme mit der Syndizierung der Feeds oder andere Fehler erhalten, versuche das Plugin zu deaktivieren oder zu l?schen.
Need to deactivate the plugin now.
Any suggestions or fixes?
Thanks Josef
]]>Hello !
Is it there a French translation of the back-end ?
Thank you in advance,
Eugène
]]>