Updates w/out next Release

  • Resolved Joseph G.

    (@illumination2025)


    4 years, 5 months ago

    Hi there!

    Not a big deal, but please consider not changing your code until you are ready for the next release, as it sends a security warning (w/ Wordfence, and perhaps other security plugins). If a dev, like me, uses your plugin and has many sites, it can lead to hundreds of emails about a potential security risk.

    This is in regard to your recent change in authors in the rlrsssl-really-simple-ssl.php file.

    Thanks, and keep up the great work! Appreciated your consideration and hope all is good and well.

Viewing 8 replies - 1 through 8 (of 8 total)

  • I will echo this. I manage > 2 dozen websites and Wordfence is barking up a storm about the changes you made to your plugin. If you make a change and don’t commit to official WordPress plugin repo, Wordfence does not get a copy and if you did not know, they check against official version. Since a file has changed, WF thinks potential attacker activity is taking place.

    I’m getting this warning 30 times so I know it’s obviously an update RSSL made, but agreed with OP I would stick to major release update patches to avoid this in the future. If a single site user gets this warning from Wordfence they will think they’ve been hacked or your plugin has been compromised.

    Cheers. Love your work.

    • This reply was modified 4 years, 5 months ago by a305587.
    Plugin Author Mark

    (@markwolters)

    Hi @illumination2025, @a305587

    thank you for reporting this issue. We are aware of it and will do a full update in the future after making a small change. A new version of the plugin will be released next week.

    Mark

    Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    @a305587, @illumination2025,

    Last week we decided to show our company name on our plugins, rather than the individuals who developed the plugin.

    Because only the author name was changed, and no actual code, per the plugin guidelines, we decided not to to a version update, preventing unnecessary updates firing, causing unnecessary strain on the WordPress plugin repository.

    I understand your suggestion, but it’s a bit overkill to let almost 5 million websites update only for a changed author string.

    I have to think about this, but it seems to me that WordFence should consider checking the actual code changes before sending out such emails. I’ll contact WordFence about this, and see how they respond.

    Thanks for the update. I’m getting the messages about modified plugin files too for all of my websites and it does worry a non-developer in case someone has been up to mischief. The notifications are coming from Wordfence.

    Thread Starter Joseph G.

    (@illumination2025)

    @rogierlankhorst

    “I understand your suggestion, but it’s a bit overkill to let almost 5 million websites update only for a changed author string.”

    I agree with this. I was just bringing it to your attention, as it might cause some concern with folks who are not developers, in which case you might lose some ‘clients’. As I said, it’s not a big deal, as I can always delete the emails. Just a friendly suggestion from a fellow developer.

    Thanks again. Appreciate the consideration and ya’ll’s work / the plugin.

    Cheers,

    -j

    Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    Thanks all for the feedback! I’ve been in contact with WordFence, they’re working on a solution for this.

    @rogierlankhorst Thanks for the solution.

    Thread Starter Joseph G.

    (@illumination2025)

    @rogierlankhorst

    Thanks! Happy Friday!

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Updates w/out next Release’ is closed to new replies.