Sucuri reporting possible security issue with a plugin file

Viewing 2 replies - 1 through 2 (of 2 total)

  • Sucuri is searching for threat strings in code. It found the place in threat-scan where the plugin is searching for threat strings.

    Threat scan is looking for the same things that Sucuri is looking for.

    It found the string that threat-scan is using to find threats and thinks that it is a threat.

    Viscous circle. I will change the threat scan to scramble the threat signatures so that sucuri won’t see them.

    Stop spammers is not a threat.

    You can go into wp-content/plugins/stop-spammer-registrations-plugin/settings and delete kpg_ss_threat_scan.php for now. The plugin does not need it to run. It will only cause an error when you try to check for threat and the file is not found.

    Keith

    I have removed the offending check. I don’t want Sucuri to think the plugin is a threat. I should not have copied the whole threat signature. This makes websites that don’t use Securi a little less secure, but it will not trigger false positives.

    I am releasing it immediately, you will see the plugin update notice in the next half hour or so.

    Keith

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Sucuri reporting possible security issue with a plugin file’ is closed to new replies.