Google flags up Wordpress as Security issue

  • Author
    Posts
  • #3065400

    I received a SEcurity e-mail warning from Google, stating that there were issues with Third Party developers with access to my system via google +.

    The wording was:- This app or service has extensive access to your personal information and its developer’s information hasn’t been verified by Google. You should remove it unless you’re sure that you trust it.

    Can anyone advise me if they have also received this warning, and how should I view this?

    To me, WordPress has been the one, dependable source for my blog. should I question this warning, or should I ignore it?

    #3065589

    aaadude
    Member

    Hi there,

    Just want to clarify, you received an email from Google for issues with regards to accessing your Google Plus profile? Are you using ‘Continue with Google’ button under WordPress.com while logging in?

    Do you get warnings while trying to login or has it been only the email so far?

    I myself use the same button to login with my Google account and haven’t had any issues so far – any further info you provide would be helpful.

    Thanks!

    Cheers.

    #3065593

    aadude,

    Whole email was :-
    [redacted]
    1 security issue found on your account

    We’ve upgraded the Security Checkup to give you specific, personalised recommendations to strengthen the security of your Google Account.
    Take the 2-minute checkup today to see the actions that you should take to make your account more secure.

    TAKE ACTION

    Security Check-Up is available in My Account

    (https://myaccount.google.com)

    When opened, WordPress was listed as being ‘Risky’, with the ‘remove access’ prominent.

    I am always logged in when using WordPress, no ‘continue with google’ button used at all.

    #3065679

    aaadude
    Member

    Thanks for the update, Mike.

    Could you check the following page and see if it has access to ‘Basic account info’ apart from anything else?
    https://myaccount.google.com/permissions

    I’m assuming there was a change in Google’s OAuth scope but it might only affect existing installs. I added mine yesterday so not sure if this affects others too so far.

    How do you login to WordPress.com by the way, as you’re already logged in all the time? If you could, please logout from the link below and try logging in again :
    https://wordpress.com/me
    (the ‘sign out’ button is on the left, below your username)

    If you’re not using the ‘Continue with Google’ button to login, and if you haven’t used your Google account to login with WordPress.com for a while, Google might assume it’s an access token that’s unused and hence terms it as Risky.

    Here’s what I see for my account on Google :
    https://imgur.com/1rIwyvE
    https://imgur.com/A1L2vAR

    Thanks!

    Cheers.

    #3065735

    aaadude
    Member

    Hi Mike,

    Just wondering if you’ve had a chance to check the permissions page again.

    If you’re not logging into your WordPress.com portal with your Google account, I recommend removing access to WordPress. When you try to use something that requires your Google account in the future, you’ll be logging into your Google account again to authenticate it and it would no longer show you that warning.

    I’ve also tried to remove access and add WordPress for authentication again, but I don’t get the warning myself.

    Thanks!

    Cheers.

The topic ‘Google flags up Wordpress as Security issue’ is closed to new replies.