Red 'X' when Secure Hidden Login is not used

Another related issue for me, is that “Dangerous PHP Functions” also gives me a red X, because there are some PHP functions that are not disabled on my web server.

However, in my case this is intentional – I am using the very popular WP-DBManager plugin which creates backups of my WordPress database, and this plugin requires the use of the system, exec, and passthru functions. Therefore I cannot disable those, but it means that Total Security gives me a red X and it counts towards the number in the black circle in the sidebar menu. ??

My suggestion to fix this concern, is to allow the administrator (me) to “dismiss” the vulnerabilities once I have read them and acknowledged them. If I can dismiss it, then the red X could go away (maybe change to another color to indicate it’s been acknowledged and dismissed??). I think this would be a really helpful feature of your plugin, because I’m sure there are a number of situations where the administrator actually needs to allow a certain behaviour, which your plugin considers a vulnerability – and the admin doesn’t want to seee a red X or the black circle always displayed for something which he actually wants/needs to have!

I have seen other security plugins also provide the option to “acknowledge and dismiss” a vulnerability, and I think it’s an important feature for a security plugin. After all, if the administrator has seen and acknowledged the vulnerability, then your plugin has done its job, and it’s then at the risk of the administrator – it’s his choice!

What do you think?

ok

Thanks! ??

Thanks…

* 2.9.4 “Secure Hidden Login” and “Dangerous PHP Functions” change of risk status (Red -> Yellow)

Nice! Thanks for that! I’ve just updated and now I don’t get the red X for those two items anymore! ??

I’m actually now thinking about the red X for the up-to-date plugins, themes, and WP core, and wondering if it’s really necessary to have a red X for those three items. I wonder if these items would also be more appropriate to just use an orange X instead?

Because an orange X means “medium security risk”, while a red X means “The identified security issues have to be resolved immediately” which sounds very serious and urgent. I think that out-of-date plugins and themes and WP-Core best fit the definition of an orange X there – because there is often a valid reason not to update plugins, themes or core immediately, especially on a big site – you need time to test a new plugin/theme/core update, or check for compatibilities with other plugins, etc etc. Especially with a major plugin update or major core update eg. from 3.6 to 3.7 – there are many things to test and check before rolling out a big new version!

In my case, my current theme is not up to date because I am still testing the latest version (on another test server) against some of my own customisations. There is no big security risk here though.

Therefore I think the orange X is the best option for the plugins and themes, for the same reason as before – I don’t really want to have a black circle in my WordPress menu next to “Total Security” just because a plugin or theme is not (yet) updated. Especially because I already will have another black circle in the menu next to “Plugins” and also next to “Dashboard->Updates” which also tells me that there is a newer plugin or theme or core update waiting for me – as well as the yellow info-bar along the top of WordPress to tell me there is a new theme or new core update. WordPress already does a great job of informing me about these things with that black circle, so it’s redundant when Total Security adds another black circle for it too. Wouldn’t you agree? ??

What do you think?

Hi Fabrix! Any chance you might implement my suggestion above regarding the plugins, themes, and core checks?! I’d love to hear back from you about it!

(I’m using 2.9.7 now – it works great).

i) Update all the things!