Title: Modified plugin files without update! Last modified: August 21, 2016 --- # Modified plugin files without update! * [Tony Hunt](https://wordpress.org/support/users/godfodder/) * (@godfodder) * [12 years, 7 months ago](https://wordpress.org/support/topic/modified-plugin-files-without-update/) * I really love your plugin, I do, but you guys HAVE to start using the WP update process to modify/update your plugin. When you don’t, those of us that are running viable security applications get a TON of alarms on our sites when you update this plugin remotely using what I am guessing is an executable script within your plugin. * I am getting this FAR too often from this plugin: * Filename: wp-content/plugins/antispam-bee/antispam_bee.php File type: Plugin Issue first detected: 11 hours 33 mins ago. Severity: Warning Status New This file belongs to plugin “Antispam Bee” version “2.5.9” and has been modified from the file that is distributed by WordPress.org for this version. * Filename: wp-content/plugins/antispam-bee/readme.txt File type: Plugin Issue first detected: 11 hours 33 mins ago. Severity: Warning Status New This file belongs to plugin “Antispam Bee” version “2.5.9” and has been modified from the file that is distributed by WordPress.org for this version. * Filename: wp-content/plugins/antispam-bee/js/dashboard.js File type: Plugin Issue first detected: 19 hours 14 mins ago. Severity: Warning Status New This file belongs to plugin “Antispam Bee” version “2.5.9” and has been modified from the file that is distributed by WordPress.org for this version. * Could you please issue a updated version with these changes so that those of us with edit tracking on our webservers dont have a gazillion alarms going off when you edit your plugin (I assume through and auto-update script somewhere on the back-end of your plugin.) * Datasets Changed: [http://imgur.com/iBsiTZR](http://imgur.com/iBsiTZR) [http://imgur.com/zApdMmW](http://imgur.com/zApdMmW) [http://imgur.com/dS0u64Z](http://imgur.com/dS0u64Z) * Unfortunately, this is actually a pretty scary security issue and I’ll be removing your plugin if this issue isn’t resolved post-haste. * [http://wordpress.org/plugins/antispam-bee/](http://wordpress.org/plugins/antispam-bee/) Viewing 3 replies - 1 through 3 (of 3 total) * [Simon](https://wordpress.org/support/users/sdellenb/) * (@sdellenb) * [12 years, 7 months ago](https://wordpress.org/support/topic/modified-plugin-files-without-update/#post-4263078) * The changes you list have been commited to source control in the last 2 months, but there was no plugin update published, nor does Antispam Bee update files itself: * Datasets Changed: [http://imgur.com/iBsiTZR](http://imgur.com/iBsiTZR) -> [http://plugins.trac.wordpress.org/changeset/762449/](http://plugins.trac.wordpress.org/changeset/762449/) * [http://imgur.com/zApdMmW](http://imgur.com/zApdMmW) -> [http://plugins.trac.wordpress.org/changeset/791916/](http://plugins.trac.wordpress.org/changeset/791916/) * [http://imgur.com/dS0u64Z](http://imgur.com/dS0u64Z) -> [http://plugins.trac.wordpress.org/changeset/767317/](http://plugins.trac.wordpress.org/changeset/767317/) * I’m not so familiar with the new auto-update feature of WordPress, which could have played a role in your mess happening, but my sites still have the original Antispam Bee 2.5.9 files from August when I updated the plugin (installation and updates done through dashboard, nothing manual). * Thread Starter [Tony Hunt](https://wordpress.org/support/users/godfodder/) * (@godfodder) * [12 years, 7 months ago](https://wordpress.org/support/topic/modified-plugin-files-without-update/#post-4263079) * That’s a good point, however the changes cited actually occurred prior to the auto-update features’ integration. * The tracking system compares against the published version installed for changes… not versus the changesets, which I suspect is the underlying cause of the alert, however the files local to the webserver were definitely changed. * I’d say approximately 30% of the WP sites I manage (over 3 completely different hosts/datacenters) popped up with this. * I am going to see if some tests can be done with the tracking software just to be sure, but I’d like to see who else has run into this, if anyone. * [Bob](https://wordpress.org/support/users/toggerybob/) * (@toggerybob) * [12 years, 1 month ago](https://wordpress.org/support/topic/modified-plugin-files-without-update/#post-4263159) * I’m so glad to have found this issue on the forum. I’m at my wits end trying to keep up with plugin updates. Even the ones correctly updated through WordPress. * How is it that any plugin publisher can get away with this? I just go in and restore the original files, because I have no indication of what’s been changed. * Please help! Many thanks for your support. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Modified plugin files without update!’ is closed to new replies. * ![](https://ps.w.org/antispam-bee/assets/icon-256x256.png?rev=2898402) * [Antispam Bee](https://wordpress.org/plugins/antispam-bee/) * [Frequently Asked Questions](https://wordpress.org/plugins/antispam-bee/#faq) * [Support Threads](https://wordpress.org/support/plugin/antispam-bee/) * [Active Topics](https://wordpress.org/support/plugin/antispam-bee/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/antispam-bee/unresolved/) * [Reviews](https://wordpress.org/support/plugin/antispam-bee/reviews/) * 3 replies * 3 participants * Last reply from: [Bob](https://wordpress.org/support/users/toggerybob/) * Last activity: [12 years, 1 month ago](https://wordpress.org/support/topic/modified-plugin-files-without-update/#post-4263159) * Status: not resolved