Google Recommending FancyBox Update

Your Account / Forums / Easy FancyBox Pro / Google Recommending FancyBox Update

  • Author
    Posts
    • April 26, 2016 at 2:11 am #6426

      I’ve just received an email from Google with the following title: Recommended FancyBox for WordPress update available for http://www.martinbaileyphotography.com/

      In the main body the mail says:
      Google has detected that your site is currently running FancyBox for WordPress 3.0.2 or below, an older version of FancyBox for WordPress. Outdated or unpatched software can be vulnerable to hacking and malware exploits that harm potential visitors to your site. Therefore, we suggest you update the software on your site as soon as possible.

      Is it possible to release an update for Easy FancyBox Pro with the latest version of FancyBox included? If not, can you provide instructions on how one should update FancyBox without breaking your plugin?

      I rely heavily on many of the Pro features in your paid plugin, so I don’t really want to switch to another plugin to get this update. Therefore, your help in getting this updated is very much appreciated.

    • April 26, 2016 at 2:11 am #6427

      Hi Martin, the Google message is talking about FancyBox for WordPress 3.0.2 (and older versions) which it considers insecure. The plugin can be found on https://wordpress.org/plugins/fancybox-for-wordpress/ but it has nothing to do with Easy FancyBox.

      If you have FancyBox for WordPress installed on your site, then please remove it. You should not be needing FancyBox for WordPress when running Easy FancyBox.

      If you do not have that plugin installed, then I have no idea why Google would think that you do… Maybe it’s just assuming that based on the fact there is a (minified) FancyBox script found in your page source. In that case, you can simply ignore the message.

    • April 26, 2016 at 2:11 am #6428

      Thanks for getting back to me Ravan.

      I realize that, but I don’t have any other FancyBox plugins installed, which is why I assumed Google was detecting something in Easy FancyBox.

      I can’t think what it might be either then. I’m a little uncomfortable just ignoring this, but I guess that’s all I can do for now, and hope I don’t get another mail from Google.

    • April 26, 2016 at 2:11 am #6429

      I don’t have any other FancyBox plugins installed, which is why I assumed Google was detecting something in Easy FancyBox.

      Then indeed it can only be that Google assumes you are using FancyBox for WordPress based on the fact that the fancybox.js script is there. Both Easy FancyBox and FancyBox for WordPress use (almost) the same FancyBox script. I say almost because the one in Easy FancyBox has some small additional patches applied.

      But it’s not the javascript that had the security vulnerability that Google is concerned about. The issue was in the plugin itself. You can read more about the technical details on https://blog.sucuri.net/2015/02/analysis-of-the-fancybox-for-wordpress-vulnerability.html but what it means is that if you are not using that plugin (and that version or below), then this particular issue does not affect you.

      Google is simply warning you for an issue that is not present on your site by mistake. I suppose it’s their version of “better be safe than sorry” policy πŸ˜‰

      Hope that reassures you a bit πŸ™‚

    • April 26, 2016 at 2:11 am #6432

      Thanks for the additional information Ravan. This does help a lot.

      If Google is going to be sending out these email though, I imagine that more of your users will start to receive the email as well. Let’s see how this pans out.

  • You must be logged in to reply to this topic.