Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

My Jetpack: Protect Card Shows "Partial" Scan Status when Nothing has been Scanned #41803

Open
bobmatyas opened this issue Feb 13, 2025 · 4 comments
Open

My Jetpack: Protect Card Shows "Partial" Scan Status when Nothing has been Scanned #41803

bobmatyas opened this issue Feb 13, 2025 · 4 comments
Labels
Customer Report Issues or PRs that were reported via Happiness. aka "Happiness Request", or "User Report" [Experiment] AI labels added [Feature Group] Support All things related to customer support. [Feature] Protect Also known as Brute Force Attack Protection [Feature] Scan [Package] My Jetpack [Plugin] Protect A plugin with features to protect a site: brute force protection, security scanning, and a WAF. [Pri] Low [Status] Auto-allocated [Type] Bug When a feature is broken and / or not performing as intended

Comments

@bobmatyas
Copy link
Contributor

Impacted plugin

Protect

Quick summary

In "My Jetpack", by default the Scan status says the protection level is "Partial" when Jetpack is first installed:

Image

However, nothing has been scanned. When you mouseover the info icon, it shows this text:

Image

I don't believe anything has actually been checked at this point

Steps to reproduce

  1. Install Jetpack on a test site
  2. Connect to WordPress.com
  3. Go to My Jetpack and see the misleading status

Site owner impact

Between 20% and 60% of the total website/platform users

Severity

Minor

What other impact(s) does this issue have?

No revenue impact

If a workaround is available, please outline it here.

No response

Platform (Simple and/or Atomic)

Self-hosted
@bobmatyas bobmatyas added [Package] My Jetpack [Plugin] Protect A plugin with features to protect a site: brute force protection, security scanning, and a WAF. [Type] Bug When a feature is broken and / or not performing as intended Customer Report Issues or PRs that were reported via Happiness. aka "Happiness Request", or "User Report" Needs triage Ticket needs to be triaged labels Feb 13, 2025
@bobmatyas bobmatyas moved this from Needs Triage to Triaged in Automattic Prioritization: The One Board ™ Feb 13, 2025
@bobmatyas bobmatyas removed the Needs triage Ticket needs to be triaged label Feb 13, 2025
@bobmatyas
Copy link
Contributor Author

@Automattic/jetpack-martech Is this something you all handle?

@github-actions github-actions bot added [Pri] Low [Feature Group] Support All things related to customer support. [Feature] Protect Also known as Brute Force Attack Protection [Feature] Scan labels Feb 13, 2025
@github-actions GitHub Actions
Copy link
Contributor

OpenAI suggested the following labels for this issue:

  • [Feature Group] Support: The issue pertains to user support, as it addresses a misleading status displayed within the Jetpack plugin that may cause confusion among users.
  • [Feature] Protect: The issue directly relates to the Protect feature of Jetpack, as it involves the scan status displayed by this security feature.
  • [Feature] Scan: The misleading status of 'Partial' scan when nothing has been scanned relates specifically to the scanning functionality of the Protect feature in Jetpack.

@robertsreberski
Copy link
Contributor

Hey @elliottprogrammer , you've worked on it at some point, do you have an idea whether this is a correct behaviour?

We've just talked with @IanRamosC on Roadmap call about it, and concluded that it is an expected use case, cause Protect does not scan the website but rather compare plugin versions and code towards the database (what matches the description in the tooltip).

Maybe what we would need here is to adjust the wording to avoid any confusion.

@bobmatyas
Copy link
Contributor Author

@robertsreberski Thanks for looking at this.

The tooltip shows when the Protect plugin isn't installed, though, and therefore (as far as I know) no plugins have been compared against our vulnerability database.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Customer Report Issues or PRs that were reported via Happiness. aka "Happiness Request", or "User Report" [Experiment] AI labels added [Feature Group] Support All things related to customer support. [Feature] Protect Also known as Brute Force Attack Protection [Feature] Scan [Package] My Jetpack [Plugin] Protect A plugin with features to protect a site: brute force protection, security scanning, and a WAF. [Pri] Low [Status] Auto-allocated [Type] Bug When a feature is broken and / or not performing as intended
Projects
Automattic Prioritization: The One Board ™
Status: Triaged
Milestone
No milestone
Development

No branches or pull requests
3 participants
@robertsreberski @matticbot @bobmatyas