Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancement: Change Auto-Fix Behavior on Premium Plugins and Themes #39679

Open
bobmatyas opened this issue Oct 8, 2024 · 5 comments
Open

Enhancement: Change Auto-Fix Behavior on Premium Plugins and Themes #39679

bobmatyas opened this issue Oct 8, 2024 · 5 comments
Labels
Customer Report Issues or PRs that were reported via Happiness. aka "Happiness Request", or "User Report" [Feature] Scan [Plugin] Protect A plugin with features to protect a site: brute force protection, security scanning, and a WAF. [Type] Enhancement Changes to an existing feature — removing, adding, or changing parts of it

Comments

@bobmatyas
Copy link
Contributor

Impacted plugin

Protect

What

At present, the auto-fixer in Jetpack Protect deletes vulnerable premium themes and plugins. This can result in broken websites. We should change this behavior.

How

We should consider alternatives to deleting premium plugins and themes. It would be preferable to mark them as threats that need a manual fix.

@bobmatyas bobmatyas added [Feature] Scan [Type] Enhancement Changes to an existing feature — removing, adding, or changing parts of it Customer Report Issues or PRs that were reported via Happiness. aka "Happiness Request", or "User Report" labels Oct 8, 2024
@github-actions github-actions bot added the [Plugin] Protect A plugin with features to protect a site: brute force protection, security scanning, and a WAF. label Oct 8, 2024
@bobmatyas
Copy link
Contributor Author

Customer on 8838970-zen reported that the auto-fixer broke their site

Copy link
Contributor

github-actions bot commented Oct 8, 2024

Support References

This comment is automatically generated. Please do not edit it.

@bobmatyas
Copy link
Contributor Author

This has come up in the past on p1698240606772889-slack-C02NZC27CA2

@davidcommarmond
Copy link

This is an issue for Agencies coming to the Automattic program from other programs where the security vendors either applied zero-day WAF rules ( Patchstack ), or just flagged the plugin as vulnerable. None are auto-deleting threats, and will certainly cause agencies new to your program getting Jetpack Complete to break their client's websites inadvertently.

@bobmatyas
Copy link
Contributor Author

This was a potential issue on 8780911-zen. Multiple premium plugins were installed and auto-fixers will delete the plugins.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Customer Report Issues or PRs that were reported via Happiness. aka "Happiness Request", or "User Report" [Feature] Scan [Plugin] Protect A plugin with features to protect a site: brute force protection, security scanning, and a WAF. [Type] Enhancement Changes to an existing feature — removing, adding, or changing parts of it
Projects
None yet
Development

No branches or pull requests

2 participants