From 8b46f89c8646a649a6106dd8c7a20021bef0e887 Mon Sep 17 00:00:00 2001 From: Phil Tyler Date: Thu, 15 Aug 2024 14:16:34 -0700 Subject: [PATCH 1/2] [SITE-1500] Remove WPScan integration with launchcheck --- .../04-wordpress-launch-check.md | 47 +------------------ .../2024-08-14-launchcheck-0-8-0.md | 12 +++++ 2 files changed, 14 insertions(+), 45 deletions(-) create mode 100644 source/releasenotes/2024-08-14-launchcheck-0-8-0.md diff --git a/source/content/guides/wordpress-pantheon/04-wordpress-launch-check.md b/source/content/guides/wordpress-pantheon/04-wordpress-launch-check.md index fca6740748..74cf491bb1 100644 --- a/source/content/guides/wordpress-pantheon/04-wordpress-launch-check.md +++ b/source/content/guides/wordpress-pantheon/04-wordpress-launch-check.md @@ -30,45 +30,6 @@ This mechanism does not actually perform requests on your site, and in doing so WP Launch Check is a site audit extension for WP-CLI designed for Pantheon customers, although it is fully usable outside of Pantheon. -## WPScan (Recommended) - -WP Launch Check uses the [WPScan API](https://wpscan.com/api) to check for outdated or vulnerable plugins. The service sends alerts when your plugins need to be updated. Follow the steps below to use this service. - -1. Obtain an [API token](https://wpscan.com/wordpress-security-scanner) from the WPScan website by creating an account. - -1. Add the token to your site's `wp-config.php` file using the following PHP code: - - ```php:title=wp-config.php - define( 'WPSCAN_API_TOKEN', '$your_api_token' ); - ``` -1. Define the environment. - - You'll also need to define which environment you want WPScan to run on using the `PANTHEON_WPSCAN_ENVIRONMENTS` constant. This constant is required to use the WPScan functionality, and allows you to decide whether or not scans are done on multiple environments, or just one. - - To scan one environment: - - ```php:title=wp-config.php - define( 'PANTHEON_WPSCAN_ENVIRONMENTS', 'live' ); - ``` - - To scan multiple environments: - - ```php:title=wp-config.php - define( 'PANTHEON_WPSCAN_ENVIRONMENTS', ['dev', 'test', 'live'] ); - ``` - - To scan all environments: - - ```php:title=wp-config.php - define( 'PANTHEON_WPSCAN_ENVIRONMENTS', '*' ); - ``` - - - -Scanning multiple or all environments exhausts your daily API request quota faster. - - - ## Run Launch Check Manually You can manually perform a site audit with WP Launch Check from the command line using [Terminus](/terminus). @@ -120,10 +81,6 @@ The `wp_options` table stores several types of data for your site, including: If your website is running slow and you receive the following message in the database stats: `consider autoloading only necessary options`, review [Optimize Your wp-options Table and Autoloaded Data](/optimize-wp-options-table-autoloaded-data). -### Probable Exploits - -This check will display a list of exploited patterns in code, the file name that has the exploit, line number, and match. - ### Object Cache This tells you if Object Caching and Redis are enabled. @@ -139,11 +96,11 @@ Performance and Elite WordPress site(s) that are currently running WP Redis are ### Plugins -This check lists all your enabled plugins and alerts you when they need to be updated. It also checks for any vulnerabilities. +This check lists all your enabled plugins and alerts you when they need to be updated. - **Green:** All of your plugins are up-to-date - **Yellow:** Highlighted plugins need to be updated -- **Red:** Displays all vulnerabilities and unsupported plugins +- **Red:** Displays unsupported plugins #### Unsupported Plugins diff --git a/source/releasenotes/2024-08-14-launchcheck-0-8-0.md b/source/releasenotes/2024-08-14-launchcheck-0-8-0.md new file mode 100644 index 0000000000..34ab8bba14 --- /dev/null +++ b/source/releasenotes/2024-08-14-launchcheck-0-8-0.md @@ -0,0 +1,12 @@ +--- +title: WP Launch Check and WordPress Status Page Update +published_date: "2024-08-15" +categories: [wordpress] +--- + +WP Launch Check has been updated to remove outdated security checks, including WP Scan integration. The platform's WP Scan integration was removed in 2022, and removed from WP Launchcheck's plugin/theme output in 2023. + +* The outdated "Probable exploits" section of the Site Status page within the Pantheon Dashboard has been removed. +* The WP Launch Check `secure` command is no longer available + +We are actively developing a new WordPress vulnerability monitoring and notification service powered by [Patchstack](https://patchstack.com/). Stay tuned for more details soon. \ No newline at end of file From 5e40c36eb13825cdfa8f78cb90d807630ab39f15 Mon Sep 17 00:00:00 2001 From: Chris Reynolds Date: Mon, 26 Aug 2024 14:14:35 -0600 Subject: [PATCH 2/2] bump date --- ...-14-launchcheck-0-8-0.md => 2024-08-26-launchcheck-0-8-0.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename source/releasenotes/{2024-08-14-launchcheck-0-8-0.md => 2024-08-26-launchcheck-0-8-0.md} (95%) diff --git a/source/releasenotes/2024-08-14-launchcheck-0-8-0.md b/source/releasenotes/2024-08-26-launchcheck-0-8-0.md similarity index 95% rename from source/releasenotes/2024-08-14-launchcheck-0-8-0.md rename to source/releasenotes/2024-08-26-launchcheck-0-8-0.md index 34ab8bba14..fb7c903fa6 100644 --- a/source/releasenotes/2024-08-14-launchcheck-0-8-0.md +++ b/source/releasenotes/2024-08-26-launchcheck-0-8-0.md @@ -1,6 +1,6 @@ --- title: WP Launch Check and WordPress Status Page Update -published_date: "2024-08-15" +published_date: "2024-08-26" categories: [wordpress] ---