WP-Matomo icon indicating copy to clipboard operation
WP-Matomo copied to clipboard

Published 20 hours ago verified publisher icon braekling

Wp Matomo is a year out of date with WordPress

Open Iamayayron opened this issue 2 years ago • 5 comments

Hi,

I have WP Matomo on 20 of my websites, all have been working great until the past 3 WordPress updates, the most recent update, the plugin crashes websites when WordPress updates, and or you try to do any other Plugin updates. WordFense and a few other WordPress security services have detected a major vulnerability, as well WordPress sends back a report to your email when this plugin crashes the site. In those emails, it gives me a recovery link to the Site I have this plugin on, and it will disable it when I make the recovery because it has to many problems. When will this plugin be back up and working correctly with the current version of WordPress? I had to go back to adding the tracking code and using a 3rd party plugin for snippets and codes for Matomo even to track correctly.

Iamayayron avatar Feb 07 '23 16:02 Iamayayron

My site do not crash and works as intended. Have you got some logs or something to have a look at?

seraphyn avatar Feb 08 '23 15:02 seraphyn

That's your concern. The big concern is how out dated it is and its vulnerabilities with security. It's unsafe to use, do some homework, and learn your plugin has issues; just because it's working for you doesn't mean it's working for everyone else. WordFence security doesn't lie about its vulnerabilities with plugins or themes. Plugins 6 months to a year out of date shouldn't be used; they are threats to your site in general. WordPress even detects that it's unsafe.

Iamayayron avatar Feb 08 '23 15:02 Iamayayron

First, it is not my plugin. Second, if you are already complaining and saying that it doesn't work and has security holes, then my request for the logs is an understandable one, right?

So instead of bitching, maybe it would just be nice if you would inform me, as well as other users, and share your experiences in the form of logs.

Thank you and stay healthy

seraphyn avatar Feb 08 '23 15:02 seraphyn

Here is one report I have about 40 of them in the past 30 days on all 20 of my sites that have this plugin, and all have top-of-the-line security. This has only started in January of 2023, I no longer use this plugin because of this. Cyberthreats are real, and WordFence security doesn't take hacking likely.

Howdy!

Website https://xxxxxxx.com/ crash report on 2/6/2023 at 08:10am est.

Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site and notifies you with this automated email.

In this case, WordPress caught an error with one of your plugins, WP-Matomo Integration.

First, visit your website (https://xxxxxxxx.com/) and check for any visible issues. Next, visit the page where the error was caught (https://xxxxxxxxx.com/wp-admin/) and check for any visible issues.

Please contact your host for assistance with investigating this issue further.

If your site appears broken and you can't access your dashboard normally, WordPress now has a special "recovery mode". This lets you safely login to your dashboard and investigate further.

https://xxxxxxxxxx.com/member_access/?action=enter_recovery_mode&rm_token=Wy7mT5oIwGMqRm3npldPbN&rm_key=wOJukLPaQubgxvr51EroiU

To keep your site safe, this link will expire in 1 day. Don't worry about that, though: a new link will be emailed to you if the error occurs again after it expires.

When seeking help with this issue, you may be asked for some of the following information: WordPress version 6.1.1 Current plugin: WP-Matomo Integration (version 1.0.27) PHP version 8.0.24 WordFence version 7.8.2: Plug WP-Matomo Integration plugin /wp-content/plugins/WP_Piwik/ security vulnerability detected in plugin.

Error Details

An error of type E_ERROR was caused in line 29 of the file /home/www/xxxxxxxxx.com/wp-content/plugins/wp-piwik/classes/WP_Piwik/Widget/Ecommerce.php. Error message: Uncaught TypeError: number_format(): Argument #1 ($num) must be of type float, string given in /home/www/xxxxxxxxxx.com/wp-content/plugins/wp-piwik/classes/WP_Piwik/Widget/Ecommerce.php:29 Stack trace: #0 /home/www/xxxxxxxxx.com/wp-content/plugins/wp-piwik/classes/WP_Piwik/Widget/Ecommerce.php(29): number_format('-', 2) #1 /home/www/xxxxxxxx.com/wp-admin/includes/template.php(1409): WP_Piwik\Widget\Ecommerce->show('', Array) #2 /home/www/xxxxxxxxx.com/wp-admin/includes/dashboard.php(274): do_meta_boxes(Object(WP_Screen), 'side', '') #3 /home/www/xxxxxxx.com/wp-admin/index.php(203): wp_dashboard() #4 {main} thrown

Iamayayron avatar Feb 08 '23 16:02 Iamayayron

Why this should be a security problem is not yet clear to me.

And just by the way, if you already use software for free, it might be better not to just rant around, but to contribute a little in the form of bug reports.

According to your profile on github, nothing else has happened in the last four years than this contribution.

So, close the rant here and open a real bug report.

I as a user, not a developer, of the plugin would also be happy if the plugin evolves.

Thank you

seraphyn avatar Feb 08 '23 16:02 seraphyn