A security plugin with a security issue

  • oceandigitals

    (@oceandigitals)


    9 months ago

    I’m a pro user and my website was infected while this plugin was installed, so it was not really helpful to prevent the infection.

    Luckily I also use other malware scanners and I was warned about the following issue:

    WordPress Solid Security Plugin <= 9.0.0 is vulnerable to Sensitive Data Exposure

    btw since a week I’m also not able to use my pro license because the solid WP setting page is not appearing, and the support is not very helpful.

    Given this actually I’m not very satisfied with the plugin, I’m considering switching to other solutions.

Viewing 3 replies - 1 through 3 (of 3 total)
  • nlpro

    (@nlpro)

    9 months ago

    Hi @oceandigitals,

    According to the Solid Security (Basic) 9.0.1 Changelog:

    Security: Don’t disclose the login URL when using Hide Backend on a site with comments enabled and comment registration required. Thanks to Naveen Muthusamy for disclosing this issue.

    According to the Solid Security Pro 8.0.3 Changelog:

    Security: Don’t disclose the login URL when using Hide Backend on a site with comments enabled and comment registration required. Thanks to Naveen Muthusamy for disclosing this issue.

    So IMHO best thing to do is to update to the latest plugin release (which at the time of writing this post is):

    • Solid Security Basic 9.0.3
    • Solid Security Pro 8.0.4

    If the “solid WP setting page is not appearing” issue persists even after updating to the latest SolSec Pro release, please log in to the SolidWP Member Panel and create a support ticket (if not already).

    +++ To prevent any confusion, I’m not SolidWP +++

    Webzzz

    (@webzzz)

    9 months ago

    No it also happen on a few of our servers too all in all need to clean now over 14 different installations, and totally forget I have ever spent on this company for lifetime license ended very very fast, and guess what? now I’m forced to what? pay you monthly? yearly? why ? because you changed name? at least give us one site license for new plugin to be lifetime or something like this now you just robed us all!

    Horrible company practices, no one should ever trust them again.

    • This reply was modified 9 months ago by Webzzz.
    • This reply was modified 9 months ago by Webzzz.
    Plugin Author Matt Cromwell

    (@webdevmattcrom)

    9 months ago

    HI there @oceandigitals

    That is true that 9.0 had a minor secuirty issue. While that’s never ideal I believe the speed at which we resolved it is important context to this conversation. Even Chrome experiences security vulnerabilities, but it’s always about the response to these things.

    Solid Security is designed to help you prevent malware before it happens, and while we do leverage Google Safe Browsing for basic malware scans the focus of the product is on prevention.

    If you have an open support ticket, let me know the number and I’ll respond today first thing. The experience you are having is not normal and we can help you have success for sure.

    @webzzz I responded to your review and I’d love to continue helping you if possible. Clearly there’s some sort of misunderstanding because your claims are wildly off-base from what our actual practices are. Please reach out so we can clear these things up amicably.

    Thank you all!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘A security plugin with a security issue’ is closed to new replies.