Update weirdness

Wordfence (a relatively widely used security plugin for WordPress) has been flagging that the js code in the recently updated plugin (less than a week ago) in my installation was different than the code in the www.remarpro.com plugin repository.

When I looked at my WordPress installation, Edit Author Slug showed as 1.8.4, which matched the version number in the www.remarpro.com repository.

But looking at the files in the /js directory on the server showed file modified dates from February – i.e. no signs of an update on the actual files while the 1.8.4 in the www.remarpro.com repository shows as updated only a few days ago.

So I deleted Edit Author Slug and then installed it again, and then the file modified dates showed today’s date. Then I initiated another security scan with Wordfence, and the scan now came back clean. So now I can be sure that I have the same version as the www.remarpro.com repository.

However, when checking the github repository for Edit Author Slug, it showed version 1.8.4. already as released in February, which was more consistent with the file dates on my installation before today’s re-install.

So now I’m a little worried, that there was a change in the plugin code in the WordPress repository, but it didn’t trigger a version update? And it seems inconsistent with the github repository?

Is there any chance that the code in the WordPress repository is compromised? Or is there a more benign explanation for the above observations?