Google Recommending FancyBox Update

Forums Easy FancyBox Pro Google Recommending FancyBox Update

Viewing 4 reply threads
  • Author
    Posts
    • #6426
      Martin Bailey
      Participant

      I’ve just received an email from Google with the following title: Recommended FancyBox for WordPress update available for http://www.martinbaileyphotography.com/

      In the main body the mail says:
      Google has detected that your site is currently running FancyBox for WordPress 3.0.2 or below, an older version of FancyBox for WordPress. Outdated or unpatched software can be vulnerable to hacking and malware exploits that harm potential visitors to your site. Therefore, we suggest you update the software on your site as soon as possible.

      Is it possible to release an update for Easy FancyBox Pro with the latest version of FancyBox included? If not, can you provide instructions on how one should update FancyBox without breaking your plugin?

      I rely heavily on many of the Pro features in your paid plugin, so I don’t really want to switch to another plugin to get this update. Therefore, your help in getting this updated is very much appreciated.

    • #6427
      RavanH
      Keymaster

      Hi Martin, the Google message is talking about FancyBox for WordPress 3.0.2 (and older versions) which it considers insecure. The plugin can be found on https://wordpress.org/plugins/fancybox-for-wordpress/ but it has nothing to do with Easy FancyBox.

      If you have FancyBox for WordPress installed on your site, then please remove it. You should not be needing FancyBox for WordPress when running Easy FancyBox.

      If you do not have that plugin installed, then I have no idea why Google would think that you do… Maybe it’s just assuming that based on the fact there is a (minified) FancyBox script found in your page source. In that case, you can simply ignore the message.

    • #6428
      Martin Bailey
      Participant

      Thanks for getting back to me Ravan.

      I realize that, but I don’t have any other FancyBox plugins installed, which is why I assumed Google was detecting something in Easy FancyBox.

      I can’t think what it might be either then. I’m a little uncomfortable just ignoring this, but I guess that’s all I can do for now, and hope I don’t get another mail from Google.

    • #6429
      RavanH
      Keymaster

      I don’t have any other FancyBox plugins installed, which is why I assumed Google was detecting something in Easy FancyBox.

      Then indeed it can only be that Google assumes you are using FancyBox for WordPress based on the fact that the fancybox.js script is there. Both Easy FancyBox and FancyBox for WordPress use (almost) the same FancyBox script. I say almost because the one in Easy FancyBox has some small additional patches applied.

      But it’s not the javascript that had the security vulnerability that Google is concerned about. The issue was in the plugin itself. You can read more about the technical details on https://blog.sucuri.net/2015/02/analysis-of-the-fancybox-for-wordpress-vulnerability.html but what it means is that if you are not using that plugin (and that version or below), then this particular issue does not affect you.

      Google is simply warning you for an issue that is not present on your site by mistake. I suppose it’s their version of “better be safe than sorry” policy 😉

      Hope that reassures you a bit 🙂

    • #6432
      Martin Bailey
      Participant

      Thanks for the additional information Ravan. This does help a lot.

      If Google is going to be sending out these email though, I imagine that more of your users will start to receive the email as well. Let’s see how this pans out.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.