{"id":2596,"date":"2016-02-29T14:47:25","date_gmt":"2016-02-29T21:47:25","guid":{"rendered":"http:\/\/www.whitefirdesign.com\/blog\/?p=2596"},"modified":"2016-02-29T14:47:25","modified_gmt":"2016-02-29T21:47:25","slug":"sitelocks-strange-cleanup-idea","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2016\/02\/29\/sitelocks-strange-cleanup-idea\/","title":{"rendered":"SiteLock&#8217;s Strange Cleanup Idea"},"content":{"rendered":"<p>While reviewing reports of WordPress plugin vulnerabilities for our <a href=\"https:\/\/www.pluginvulnerabilities.com\/\">Plugin Vulnerabilities service<\/a>\u00a0recently we came across an <a href=\"https:\/\/wpdistrict.sitelock.com\/blog\/authentication-failure-in-file-browser-manager-backup-database-wordpress-plugin\/\">odd report<\/a>\u00a0from SiteLock.\u00a0The claimed security issue in the plugin resolved around the fact that:<\/p>\n<blockquote><p>The File Browser plugin begins its security by determining if the plugin\u2019s readme file is present. If it finds readme.txt, it then examines user levels to authenticate the user.<\/p><\/blockquote>\n<p>Their concern with that was:<\/p>\n<blockquote><p>But if the plugin\u2019s readme file was renamed or removed, the authentication process fails and grants complete access to the plugins\u2019 core functionality.<\/p><\/blockquote>\n<p>That would be a problem, but this really doesn&#8217;t seem like it is something likely to happen. Unless someone could take advantage of another security vulnerability that allows the deletion of arbitrary files, there really isn&#8217;t any reason that file should be change, right? Well SiteLock thinks so:<\/p>\n<blockquote><p>But the reliance on the presence of the readme file was dangerous as it\u2019s not uncommon for a site owner or web developer to remove unnecessary text files, like readmes, as part of a site cleanup.<\/p><\/blockquote>\n<p>We have never heard of doing something like that, so we are not sure what the context is supposed be. But if they are talking a hack cleanup (they are a security company after all) that definitely wouldn&#8217;t be something you should be doing.<\/p>\n<p>With WordPress plugins you can clean them in several ways: upgrading them (all the old files in the plugin&#8217;s directory in \/wp-content\/plugins\/ get deleted during that), deleting the plugin&#8217;s files and replacing them with a clean copy, or comparing the plugin&#8217;s files with a clean copy and removing any malicious code (which gives you the advantage of seeing if the hacker made any changes). Deleting the readme.txt files, without replacing them, wouldn&#8217;t happen with any of those.<\/p>\n<p>When you start messing with\u00a0non-malicious files that can lead to bad things happening, like breaking the website, something <a href=\"http:\/\/www.whitefirdesign.com\/blog\/2015\/06\/03\/sitelock-also-managed-to-break-a-website\/\">SiteLock has managed to do in the past<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While reviewing reports of WordPress plugin vulnerabilities for our Plugin Vulnerabilities service\u00a0recently we came across an odd report\u00a0from SiteLock.\u00a0The claimed security issue in the plugin resolved around the fact that: The File Browser plugin begins its security by determining if the plugin\u2019s readme file is present. If it finds readme.txt, it then examines user levels &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2016\/02\/29\/sitelocks-strange-cleanup-idea\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;SiteLock&#8217;s Strange Cleanup Idea&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[39],"class_list":["post-2596","post","type-post","status-publish","format-standard","hentry","category-bad-security","tag-sitelock"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2596","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=2596"}],"version-history":[{"count":3,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2596\/revisions"}],"predecessor-version":[{"id":2599,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2596\/revisions\/2599"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=2596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=2596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=2596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}