Links in vulnerability notices shouldn’t link to website

  • Resolved metricmedia

    (@metricmedia)


    1 year, 4 months ago

    Thanks for building and maintaining such a great product. I have an issue with a recent change though.

    In the past, email vulnerability notices contained a link for each vulnerability to a publicly accessible web page with info about the vulnerability (most importantly, whether there was a fix available).

    With this recent change, email links now go to a page on WordPress admin for the affected site. This requires the administrator to log in to the site to determine if there’s even a fix available. Furthermore, if the site login URL has been changed (via this plugin), the link results in a “page not found” error. So, you have to navigate to your custom login URL, log in, then go back to the email and click the link again (or navigate in WP admin to the vulnerabilities page).

    I realize this sounds like a minor complaint but I’m the point person for about 75 websites that my company maintains, so multiply this effort times a busy day dealing with all this and it adds up.

    It would make me very happy if you could add a second link for each vulnerability (in the notification emails) to allow someone to quickly check the status of a fix without having to log into every affected site.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @metricmedia, thank you for reaching out, and we appreciate your kind words!

    Your feedback and concern regarding the vulnerability email notifications have been relayed to our team for review. While the log-in requirement was intentional, we understand how it affects the users who manage several sites. Your input is valuable in helping us improve our plugin, and rest assured, we are taking this seriously. I’ve included your suggestion about the second link to quickly check the vulnerability status without logging in. If I receive a response from our development team, I’ll update you here.

    Thank you for sharing your thoughts, and please feel free to reach out again if you have any more suggestions or concerns. I hope you can look forward to our upcoming developments!

    Thread Starter metricmedia

    (@metricmedia)

    Well, since I have you, a couple more suggestions:

    • It’d be nice if the alert emails said whether there’s a fix available. I know you use < and <= but it seems like that isn’t always accurate, or at least not always clear.
    • It’d be nice if the emails said if the plugin is active or not. Of course we should always update, active or not, but if a plugin is inactive we can ask the client if we can remove it rather than updating it.

    Thanks for your consideration!

    Plugin Support chandelierrr

    (@shanedelierrr)

    @metricmedia, thanks for getting back. These additional suggestions have been added to the existing report. I appreciate your input!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Links in vulnerability notices shouldn’t link to website’ is closed to new replies.