Option to disable Security Checks

  • Resolved Erik Molenaar

    (@erikmolenaar)


    3 years, 10 months ago

    Hi,

    Is it possible to include an option to disable all or individual “Security Checks”? Just like you guys did for “Ignore items” (plugins/themes) in the plugin settings?

    I don’t have any need for these additional security checks as I use dedicated code for these checks, it’s just unrequired overhead as I use WPScan primary for scanning my theme+plugins only.

    Looking forward to your reply. Thanks and keep rockin’.

    01.12.2021-15.54.31

Viewing 5 replies - 1 through 5 (of 5 total)

  • Same here.
    I use openid for login so weak-password check is of now use (even less every day).

    But it’s more of a problem because this check is likely to take more than 30sec and exceed max_execution_time and trigger cron/logs/warnings.

    Even worst, the code seems to look for checks according to */check.php presence.
    But removing/renaming one of these file would make the website unusable (plugin/file integrity check I guess).

    Plugin Contributor ethicalhack3r

    (@ethicalhack3r)

    Thank you for your feedback.

    I have opened an internal ticket for this issue and will look into implementing it in a release soon.

    Plugin Contributor ethicalhack3r

    (@ethicalhack3r)

    Hi!

    Please find the new checkbox to disable security checks on the settings page in the latest version released just now (1.15.2).

    Thanks for your feedback!

    Ryan

    I just tested it. It’s not bad, but far from flexible. In my case I only wanted to disable the bruteforce testing.

    A simple filter hook to filter checks (or a wp_options accepting a list of check’s names) would be even better.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Option to disable Security Checks’ is closed to new replies.

Tags