Support for Infinite WP

Please tell us why the support is removed.

Best.
P.

I too would like to know…

My guess would be because iThemes now has it’s own competitor to Infinite, Manage WP et al?

And if that’s the case it’s fine. I’d just like to know whether there is a negative aspect to the removal.

We’ll have a blog post at iThemes.com later on the issue but for now I have been working with the InfiniteWP folks for a couple of weeks due to a vulnerability found in the way they deliver their data. It uses serialized data pass via a base64 encoded entity to determine if the call is from InfiniteWP. This can be spoofed as the deserialization will in fact run the code without any good safeguards to prevent an XSS vulnerability.

This will be re-introduced the moment they can get me some updated code. I have been working with their team for a couple of weeks on it and progress was simply not fast enough for this release. It will be put back in as soon as possible (hopefully by the release of 4.0 next week).

Thanks for the update.

@chris:
OK, I got it. But we want to know what will happen with InfiniteWP if we update your plugin. Will InfiniteWP fail to deploy updates? will it be blocked by Better WP Security?
Please clarify this.
Thank you!

I am David founder at InfiniteWP. There has been few security issues in the integration with BetterWP and InfiniteWP and we will be fixing it in the next release which would be March 1st week.

InfiniteWP as such is secure and powers around 200,000 sites and being downloaded 400,000 times. We take security seriously.

If you update your BetterWP plugin it may not bring updates for themes, plugins etc if you had the setting to hide the updates on BetterWP. If you have change the WP-admin path in BetterWP plugin it may also not work and you have to goto “Advanced” and select siteURL to connect in InfiniteWP

We would recommend not to update if your are an InfiniteWP user till the next release.

infiniteWP’s David: thanks for the clarification. We are a lot of people waiting for the fix.

thanks for clarification ??

Thank you for working on that. I’ll wait for the update(s) !

David over at InfiniteWP got me an acceptable solution and InfiniteWP compatibility has been restored in 3.6.5.

https://ithemes.com/2014/02/25/better-wp-security-3-x-vulnerability/

Excelent news, guys! I can confirm it works under WP 3.8.1 standalone.
Thank you!!

First of all thank you for this great plugin! I’m asking without knowing much… Latest update triggers a positive in wordfence scan because of the

base64_decode( $HTTP_RAW_POST_DATA );

What $HTTP_RAW_POST_DATA contains, is it the data from IWP? Is there any way that somebody can take advantage of better-wp-security\inc\secure.php ? I don’t have IWP installed.