• Hello. My name is Yuta.

    I built several websites using WordPress 3.3.1 on different domains
    and installed WordPress File Monitor Plus (a security plugin).
    From all websites on all the domains I can receive the email alert
    if there is a revision to a file and set Data Save Method to file.

    However, on some domains I cannot receive email if I set the Method to database.

    Just in case I checked the database table,
    and it turned out that only when email is not sent, sc_wpfmp_admin_alert_content is not inserted into the table.

    So, I assume that the scan is going well all the time, but the report is not made in some cases.

    Does anyone know why this happens and how to fix this problem?

    Thank you in advance.
    Yuta Suzuki

Viewing 7 replies - 1 through 7 (of 7 total)
  • I recommend that you stick with file data save method. The database save method usually fails when you are scanning a lot of data.

    Future releases will default to file save method.

    Thread Starter Yuta Suzuki

    (@yuta-suzuki)

    Thank you for your response, Scott.

    I see. But why doesn’t this problem happen when file save mode is set?
    (Even with the file save mode, the plugin still needs to check a lot of files.)

    Is it related with the database timeout? And if so, isn’t it possible to fix the plugin so that the search finishes before the timeout?

    Please see the plugin FAQ https://www.ads-software.com/extend/plugins/wordpress-file-monitor-plus/faq/

    There is a section there about max_allowed_packet which explains this.

    Hi Scott, I want to add that maybe another FAQ-entry would be very helpful, since exporting the WP-CMS was impossible. The max_packet_size is fixed by webhoster, so there is not adaption possible.

    I tzracked it down to the wp_options table, and specific the serialized array of the WPFMP data.

    Enabling the debug log shows ths entry, inserted for reference when other users of this great security plugin encounter the same problem.
    [19-Feb-2012 16:23:14 UTC] WordPress database error Got a packet bigger than ‘max_allowed_packet’ bytes for query INSERT INTO wpcms_options (option_name, option_value, autoload) VALUES (‘sc_wpfmp_scan_data’, values….);

    ANother suggestions is, please insert a checksum in the DB of the contents of the .sc_wpfmp_scan_data-file! this is a safeguard to changing it easily via hacking the filesystem. Just another layer of defense-in-depth.

    maybe with an installation specific entry in wp_options (key is based upon MD5 of Site-Base-URL?), so this cannot be found easily by drive-by-infection attempts.

    @devstorm I don’t see how changing the name of .sc_wpfmp_scan_data to a random name will make it anymore secure?

    If a hacker has compromised your system and know that you are running WPFMP then all they would have to do is scan the data folder for any files. Whether its called .sc_wpfmp_scan_data or .abcdefg1234 doesn’t make it any more secure.

    Thread Starter Yuta Suzuki

    (@yuta-suzuki)

    @scott, @devstorm,

    Thank you for all your suggestion for the solution.
    I understand that MySQL max_allowed_packet limit is changeable,
    so I will try setting it as high as possible.
    If not possible, then I might have to set the file mode as an alternative.

    Scanning checksum data should be another good idea, but to do that, I have to revise the program so that checksum data can be inserted in DB table, and that will take a lot of time if I assign it to every website I own.
    (But if the future wpfmp will have that feature, then I want to try it!)

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘[Plugin: WordPress File Monitor Plus] no alert comes up in some cases’ is closed to new replies.