Plugin updates/wp compatibility warning
-
Hi there,
This plugin hasn’t been updated or changed for 5 months and is now flagging as “Not compatible with your version of WordPress”. Are you planning on updating it to remove this message or check if their is any new vulnerabilities since WordPress and PHP have updated in that time?
Unfortunately I am forced to to use this plugin through my host and argued that its a security vulnerability due to it not being well established.
I have tried to remove this but they use an api to re-instate it. What are your policies if this is installed on thousands of users website without their consent and support is stopped/removed in any way?
I have not been able to get anywhere with asking them how they support my site if your plugin is hacked in anyway or allows a gateway into the site(s). How secure is it?
Please do update your plugin details to stress that you have no responsibility if a third part company is using your plugin without the customers consent and have no responsibility if the plugin is deemed a security risk in the distant future.
It now forces me to find a way to prevent your plugin from being installed without my knowledge. Security is king and this just makes things worse.
-
Hi Daniel, thank you for getting back to me.
Sorry if some of my questions came across a little confusing. the issue lies with my host. They force the plugin every time I log into my FH control panel, or if a support agent logs into my site to check for errors etc.
This is fine and its nice to see they can access the site admin and back end without special permission. What I didn’t agree on is when they have finished what they are doing they do not remove this plugin leaving it redundant and possibly a security issue going forward.
I respect you are the author of the plugin and trust you will always keep it up to date and to make sure it doesn’t become a security issue with the nature of what the plugin can do.
All I wanted to make sure is you have no responsibility for a third party user (hosting company) using your plugin on thousands of peoples websites and in that time you decide to leave the project with no support on your end. It’s common and there are loads of plugins on WordPress that have never been updated for years, all with serious security issues. With your being a login plugin it only makes it more concerning. If you are a one man band and not a company then all I am doing is covering your back as you potentially could get back lash from these people if they assume its from your plugin. More so if they have no awareness its installed without their consent.
I have tressed this with the hosting company but they deem to feel its ok and shouldn’t be a problem. I wasn’t 100% happy due to them not supporting it.
Hope this makes more sense and just making sure you are aware of your plugin usage and how its being installed without users being aware.
EDIT:
I know you cannot control who uses it but you could add a disclaimer in your plugin to cover you back if used to install on people sites without consent. You can probably see the install log on your WordPress account and it will probably look abnormally high to say you only have a few reviews etc. These people are not aware and will never know about it being installed.
- The topic ‘Plugin updates/wp compatibility warning’ is closed to new replies.
