Google Recommending FancyBox Update

Home Forums Easy FancyBox Pro Google Recommending FancyBox Update

This topic contains 4 replies, has 2 voices, and was last updated by  Martin Bailey 1 year ago.

  • Author
    Posts
  • #6426

    Martin Bailey
    Participant

    I’ve just received an email from Google with the following title: Recommended FancyBox for WordPress update available for http://www.martinbaileyphotography.com/

    In the main body the mail says:
    Google has detected that your site is currently running FancyBox for WordPress 3.0.2 or below, an older version of FancyBox for WordPress. Outdated or unpatched software can be vulnerable to hacking and malware exploits that harm potential visitors to your site. Therefore, we suggest you update the software on your site as soon as possible.

    Is it possible to release an update for Easy FancyBox Pro with the latest version of FancyBox included? If not, can you provide instructions on how one should update FancyBox without breaking your plugin?

    I rely heavily on many of the Pro features in your paid plugin, so I don’t really want to switch to another plugin to get this update. Therefore, your help in getting this updated is very much appreciated.

  • #6427

    RavanH
    Keymaster

    Hi Martin, the Google message is talking about FancyBox for WordPress 3.0.2 (and older versions) which it considers insecure. The plugin can be found on https://wordpress.org/plugins/fancybox-for-wordpress/ but it has nothing to do with Easy FancyBox.

    If you have FancyBox for WordPress installed on your site, then please remove it. You should not be needing FancyBox for WordPress when running Easy FancyBox.

    If you do not have that plugin installed, then I have no idea why Google would think that you do… Maybe it’s just assuming that based on the fact there is a (minified) FancyBox script found in your page source. In that case, you can simply ignore the message.

  • #6428

    Martin Bailey
    Participant

    Thanks for getting back to me Ravan.

    I realize that, but I don’t have any other FancyBox plugins installed, which is why I assumed Google was detecting something in Easy FancyBox.

    I can’t think what it might be either then. I’m a little uncomfortable just ignoring this, but I guess that’s all I can do for now, and hope I don’t get another mail from Google.

  • #6429

    RavanH
    Keymaster

    I don’t have any other FancyBox plugins installed, which is why I assumed Google was detecting something in Easy FancyBox.

    Then indeed it can only be that Google assumes you are using FancyBox for WordPress based on the fact that the fancybox.js script is there. Both Easy FancyBox and FancyBox for WordPress use (almost) the same FancyBox script. I say almost because the one in Easy FancyBox has some small additional patches applied.

    But it’s not the javascript that had the security vulnerability that Google is concerned about. The issue was in the plugin itself. You can read more about the technical details on https://blog.sucuri.net/2015/02/analysis-of-the-fancybox-for-wordpress-vulnerability.html but what it means is that if you are not using that plugin (and that version or below), then this particular issue does not affect you.

    Google is simply warning you for an issue that is not present on your site by mistake. I suppose it’s their version of “better be safe than sorry” policy 😉

    Hope that reassures you a bit 🙂

  • #6432

    Martin Bailey
    Participant

    Thanks for the additional information Ravan. This does help a lot.

    If Google is going to be sending out these email though, I imagine that more of your users will start to receive the email as well. Let’s see how this pans out.

You must be logged in to reply to this topic.