SECURITY BUG!

Viewing 3 replies - 1 through 3 (of 3 total)

  • That’s not an issue with the plugin. The errors you had posted are due to your site configuration. Errors should be hidden, but logged. You need to modify your site’s configuration.

    In your php.ini file, either change or add the following:

    
display_errors = Off

    You should also set ‘log_errors’ to ‘On’, and ‘set error_log’ to a secure location outside of the web root (inaccessible to the web). Do a little research on these first. You should set ‘display_errors’ right away though.

    For more info, see the official PHP docs on php.ini config directives, as well as the OWASP cheat sheet.

    @tazotodua

    As @blackhawkcybersec stated, this is not a plugin issue.

    Indeed a site configuration issue. Fix it and then add:

    define('ITSEC_BACKUP_CRON', true);

    to your wp-config.php file.

    From that moment on Database Backups are handled by WordPress Cron.
    So no more frontend/backend interruptions by scheduled Database Backups ??

    @tazotodua

    Hmmm … on second thought this is actually an interesting case.

    The screenshot error shows a backup file being checked for its existance in /home/u830696858/… while /home/u651005508 is set in open_basedir …

    And the warning seems to occur in the file:

    /home/u651005508/public_html/wp-admin/includes/class-pclzip.php on line 2022

    Which is an external library file included in the WordPress core.
    It’s not an iTSec plugin file …

    So perhaps you’ll need to correct the Backup Location setting in the iTSec plugin Database Backups module…

    Let me know if this was any help ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘SECURITY BUG!’ is closed to new replies.