Plugin ignores set email recipients when network activated

[mundschenk-at]

When the plugin is network activated, the settings are only displayed in the network admin area. Alerts, however, are sent separately for each site on the network, and the settings for email recipients are completely ignored.

Additional info: This is a multisite network with completely separate domains (not sub-domains).

[cixtor]

Commit 070bf8f addresses this issue, the technical details are available in the description of this pull-request. Feel free to download the dev archive to test these changes now, or wait until we release a new public version of the plugin; thanks for the report.

[mundschenk-at]

I'm not sure that the pull request actually addresses this problem. Having only settings on the network is fine - I actually don't want to have to set up each site separately. However, the security warnings are then erroneously sent to the site admins instead of the mail addresses configured on the network backend.

Also, but this is a separate question, I don't quite understand the need to store site options in a PHP file instead of the database.

[mundschenk-at]

I just tried this again with Sucuri 1.8.3. Unfortunately, still the same problem. There are only the network-wide settings (which is fine), but they are not applied properly.

[nobleclem]

Still a problem in 1.8.8. Just had a false positive alert sent to a site admin. I suspect its the one that triggered the scanning event.

Doing some digging it seems to be related to their use of get_option('admin_email') vs get_site_option('admin_email'). In general all of the CRUD option function calls should be the site versions of them. I currently don't see an easy way of fixing this without affecting other requests in a non-hacking way.