[Resolved] WP-Remix 2.x security issue
Before last weekend, I wrote about a possible security leak in WP-Remix 2.x edition. There was some fuzz about it in the beginning where users/buyers of the theme didn’t get any real explanation. So I decided to write about it in my blog instead. The WP-Remix developers shed some new light on issue and I have to agree with them that the possibility of poor encoding service could be the reason of the security risk.
I have received an email from R.Bhavesh with a new file of the remix editor, which isn’t encoded at all. And I must say I liked this idea. R.Bhavesh and his developer team have had successfully attempt at re-encoding the file, but have decided to not to encode it.
Hi there,
As we are having a discussion over at http://wpremix.com/support/topic.php?id=395 about a possible backdoor issue with the wpremix 2 theme. The Remix Support explained that the code itself do not have any such issues but because of a poor encoding service, the issue occurred.
We tried different encoding service and got the solution as well but finally, we decided not to encode the remix editor code and send an update to the users. Before we send it to everyone, I am sending the update to selected few, just to test the things.
How to Update?
- a file “remix_advanced_editor.php” is attached with this mail.
- Please overwrite this file with the existing file in the wpremix 2 theme. The file is located in wpremix2/editor folder. so, your file path will be your wordpress directory/wp-content/themes/wpremix2/editor/remix_advanced_editor.php
- Log in to your wordpress admin panel and create/edit a page.
Please respond back within 2 days if you face any issues with the updated file. Once I get an approval from you guys, I will send the update to every buyer of the theme.
Please explain the result at wpremix forums as well.
Thanks,
Bhavesh
I do not have a WP-Remix theme license, so I cannot test the full extension of the new file (I no longer have the copy my friend gave me). I did ask my friend who has a license if I could run it on his test environment, but waiting for a reply back from him.
In the meantime, I have been going through the code of the new remix_advanced_editor.php. And I can say with good heart that it is safe and clean. With this new file you guys should have nothing to worry about. I might even get myself a license and a copy of it myself. Time will tell.
I will make an update as soon as soon as I have more information, or have a chance to test the functionality of the new file.
Hi, I read with enthusiasm, your post about WPRemix. There have been no further posts from you regarding testing the software. I LOVE the idea behind the software and I have a new project that I will be launching in December for it. I want to know whether it is safe to purchase. Also does it need one to know codes extensively?
Mcneri
@Mcneri
Thanks for you comment on the issue. There has been little activity for me over the past 6 weeks due to vacation. But some time ago, I put my site into “Beta” stage, where I decided to drop continue the testing of WPremix due to some plugin issues with the remix editor.
I did look through the new update of WPremix, in this case the remix editor especially. And with the update that was sent it, the code was clean and in good health.
I have, unfortunately, not been testing any new updates after this.
Instead I went with Arthemia Premium from Colorlabs which I adore sofar. I’m still working things out of it, but it gives me more freedom than WPremix ever did. I wrote some of it here –> Beta Stage
If you have any more questions, don’t hesitate to ask =D