Problem with Checksum Hashes

With all this being said then, would any one like to join a more structure beta-testing group? That way with all your help we can develop new features and catch things like this earlier?

Hi Paul,

Glad you guys are onto this. Had me working overtime to sort out the issues but not a problem.

Keep up the great work on a superb plugin.

@ re7ox – thanks dude! ??

@ everyone. For example, I have a fully working implementation of Google Authenticator for two-factor authentication.. Any beta testing takers? ??

Thanks.

Hi Paul, add me to your beta testing list!

Thanks

A reply to those users with many WP installs complaining about the email notifications, like Wingers574.

Either you want a firewall which is automatically updating itself to protect your site as soon as possible against (new) threats – or not.

New features can always contain bugs. I think that’s why most of you don’t let WP just do all updates automatically, right?

Of course the same can happen to this firewall (keep in mind taht in this case we are talking about emails, not any serious bug killing your sites).

If you don’t want those automatic firewall updates, deactivate it. You can update and test anytime you want. Another option might be to update only one site automatically, check the update emails and update the rest of your sites manually if the update looks good to you.

I got the same emails. But I’m happy the plugin updates itself and as for now I still have trust that it won’t brake my site but protect it against new threats. If I loose this trust, i will deactivate automatic updates, simple is that.

Paul, you mentioned: “index.php will be replaced automatically when it’s discovered to be different in any way to the original source.”
Not sure if this is a good idea. With that many WP users maybe there is someone out there who changed some of these files on purpose. I don’t think this is a good workaround for the problem.

Concerning beta tests: implement an option in the plugin to receive betas. (but don’t activate it automatically ?? )

Anyway thanks for your fast response Paul, as always. Keep up the good work!

@flowliver
Thanks for your comments and feedback on this.

I’m torn. Last week I was inundated with folks writing about these index.php files, and then wanting an automated fix for them. This is not what I want to spend my time supporting, so going forward, I’m opting to not enable new features such as this, but then change the default to enabled at a later date, after the majority of plugins have already upgraded.

This does 2x things:
– it means the vast majority of automatic upgrades remain unaffected at the time of upgrade and going forward.
– new plugin installations eventually will have features such as this automatically enabled.

If existing users/plugins want a new feature enabled, they’ll have to go to each site and enable it. Unfortunately both sides of this debate can’t be satisfied so I have to choose the least disruptive for users, and the lowest support burden for me.

I may build in an option to “enable new features automatically”. This is complicated, but do-able.

I like the idea of building in beta-testing into the plugin – I’ll create a subscription option there in the future at some point.

Regarding the index.php problem I may remove the automated repair for it at a later date, but it’s the best option for resolving this issue at the moment. Once most sites are “repaired”, it wont need to be retained in the plugin and newer websites wont have the issue anyway.

Thanks again for your feedback and suggestions, appreciate it!

Paul, thanks again for the really wonderful plugin.

I thought you should know that I am getting the checksum warning below on some brand new sites with fresh installs of WP:

The MD5 Checksum Hashes for following core files do not match the official www.remarpro.com Checksum Hashes:
– wp-content/themes/index.php (www.remarpro.com source file)
– wp-content/plugins/index.php (www.remarpro.com source file)
– wp-content/index.php (www.remarpro.com source file)

I am not sure how a sites installed with the latest version of WP could be triggering this notification.

what is the source of your install files?

Ah that could be the issue as one of the sites had WordPress installed by the host.

ah ok. if it’s not coming from www.remarpro.com, then you could have anything ??

@paul:
>> I may build in an option to “enable new features automatically”.

It’s already possible to activate/deactivate automatic updates for this plugin. Whoever activates this must be aware that such things might happen. I don’t see a big problem here – once again it might be in front of the screen ??

But if you think an extra option for updating with new features is needed, feel free, that’s up to you.

Anyway, there should remain an option to automatically update to the newest stable version, for best protection.

Thanks!

@paul –

I’m still having some issues with notifications being thrown for themes/index.php and plugins/index.php on a variety of sites.

I’ve removed the closing ?> on those files *and* turned on the auto repair and I keep getting notifications.. Odd.

The other thing – I think I have an install or two and would love to beta test the Google authenticator if thats still open!

Thanks for your awesome work and fantastic plugin!

Could you go to the source of the file and copy-paste the contents of the source files exactly and save them?

Latest beta with Google Authenticiator is here:
https://github.com/FernleafSystems/wp-simple-firewall/tree/release/4.17.0

Thanks for the beta!

I will do the manual source update. Is there a way to force the file check to run to see if it works?

Thanks Paul!