wpcrontrol behavior and security

  • Resolved pineapplepalm

    (@pineapplepalm)


    1 month ago

    Hi John,

    Noticed a few points from a plugin check
    missing_direct_file_access_protectionPHP file should prevent direct access. 
    WordPress.Security.NonceVerification.RecommendedProcessing form data without nonce verification.

    Can you share whether you’re hoping to ensure these are tied up? I think we might need to keep WPC on our production site, and these notices and warnings/errors cause a little concern.

    Quick question: Is we pause or delete a scheduled cron with your plugin installed, what happens to it if we deactivate or delete WPCr ? Do they remain or revert?

    Thanks in advanced.

Viewing 1 replies (of 1 total)
  • Plugin Author John Blackbourn

    (@johnbillion)

    WordPress Core Developer

    1 month ago

    Plugin deactivation is covered here: https://wp-crontrol.com/docs/deactivation/

    The reports about direct file access and missing nonces appear to be false positives. WP Crontrol has a pretty strict set of security and code scanning configuration, but I’ll double check to be sure.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.