Plugin does not pass "wp plugin verify-checksums" validation

[julienloizelet]

See https://wordpress.org/support/topic/verify-checksums-fails-due-to-added-files/

For log and cache files, we could probably add a setting to choose another directory.

[roelvanmeer]

Hi Julien,

not sure if this needs a setting or just a different dir for the cache. I see several plugins that store their cache files in wp-content/uploads/<plugin>/cache, and logs in wp-content/uploads/<plugin>/logs. Drawback of a setting, (apart from having another setting) is that users would need to adjust the setting in order to ensure that the wp plugin verify-checksums crowdsec command succeeds.

My guess is it would be best to just use wp-content/uploads/crowdsec to store cache and log dirs, but I am not a WP plugin dev, so feel free to solve this however you think is best.

Best regards, Roel

[LtSich]

cache should not be stored in wp-content/cache/ ? Like wp-content/cache/crowdsec/ ?

[roelvanmeer]

Yes, you are absolutely right.

[julienloizelet]

Hi @roelvanmeer , thanks for your message.

Looking at what seems to be best practice (here and here for example), I think you're right: we should use wp-content/uploads/crowdsec/[logs|cache] as default folder.

Some plugins allow you to change the folder (by modifying wp-config.php , as shown here for example). If it's not too time-consuming to implement, we might also be able to offer such an option.

Thanks again

[julienloizelet]

Just for information, while I was working on it, I saw that we have another file that could invalidate the checksum verification: it's inc/standalone-settings.php which is created and updated on the fly for auto_prepend_file mode. We'll have to take care of that too.

[julienloizelet]

Hi,

this should be fine with the new 2.6.0 release: log and cache files will be stored in a wp-content/uploads/crowdsec folder and the inc/standalone-settings.php won't be created unless user activates the new setting Enable auto_prepend_file mode