No data on dashboard

  • I added the Solid Security plugin to a WordPress website as usual. The plugin is active, but doesn’t seem to work as normal.

    On the dashboard is says: “No data” in the exclusions and the bans overview graph. Also, I can start a site scan, which starts with “Plugins”, but then nothing happens; it just keeps idling endlessly. Last, vulnerabilities are listed, but when I choose any action (deactivate or ignore) again the button starts to show moving stripes and then nothing happens anymore; it just keeps idling endlessly.

    WordPress and plugins are all using the latest version. I use Chrome browser on Windows 11.

    Any idea what is wrong? I’ve never encountered this before on other websites where I use this plugin. Thanks!

    Best regards, Alex

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support kmarusek

    (@kmarusek)

    Hey Alex,

    I’d gladly help troubleshoot this with you.

    To start, lets get a look at the site scan logs, you should be able to locate those via Security > Logs > Important Events, here you should see Site Scan. Click the “View Details” button on the left of the event, then “Show Raw Details”. Copy that information and paste it in your reply for me to review.

    You may want to share the url of the site I can attempt to trigger a lockout. It could potentially be a conflict of some sort as well, you could start by enabling wp-debug and if there’s no errors present, start doing a conflict test on the site to see if any plugins are interfering with Solid Security.

    Best,

    Kevin
    SolidWP Support

    Thread Starter boriskrielen

    (@boriskrielen)

    Hi Kevin,

    Thank you for the help! Much appreciated. Here’s the raw data you mentioned:

    id => 205
    module => site-scanner
    type => critical-issue
    code => vulnerable-software
    timestamp => 2024-10-21 20:47:27
    init_timestamp => 2024-10-21 20:47:17
    remote_ip => 2a06:2ec0:1::130
    user_id => [empty string]
    url => wp-cron
    memory_current => 92499368
    memory_peak => 92574336
    data => Array
    results => Array
    url => https://www.vasaprevia.nl
    version => 1.1
    entries => Array
    blacklist => Array
    0 => Array
    report_details => https://transparencyreport.google.com/safe-browsing/search?url=www.vasaprevia.nl
    status => clean
    vendor => Array
    slug => google
    label => Google Safe Browsing
    vulnerabilities => Array
    0 => Array
    type => plugin
    software => Array
    slug => responsive-lightbox
    label => Responsive Lightbox
    latest_version => null
    issues => Array
    0 => Array
    title => WordPress Responsive Lightbox & Gallery plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability description => Cross Site Scripting (XSS) vulnerability discovered by Robert DeVore (Patchstack Alliance) in WordPress Plugin Responsive Lightbox (versions <= 2.4.8) affected_in => <= 2.4.8 fixed_in => [empty string]
    references => Array
    0 => Array
    slug => patchstack
    label => PatchStack
    refs => Array( 1 )
    1 => Array
    slug => cve
    label => CVE
    refs => Array( 1 )
    type => Array
    label => Cross Site Scripting (XSS)
    slug => [empty string]
    id => ps-21549
    created_at => 2024-10-15T10:14:13+00:00
    updated_at => 2024-10-15T10:14:13+00:00
    published_at => 2024-10-15T10:13:55+00:00
    score => [double] 5.9
    score_group => [empty string]
    score_vector => [empty string]
    is_exploited => [boolean] false
    patched_in_ranges => Array()
    patch_priority => [integer] 1
    link => https://itsec-site-scanner.ithemes.com/vulnerability-details/djIubG9jYWwuX2RocE9ld0ZDSGpLMjZvZE9UcFgzM3MybXJ3a1pIVEpJSEtSdXFYWlJhZUp5MnYxVTNabzhXamMwVTdWbnlnbG42aWx4S3BGOFFTQ1Bab1F6dGl0ZEJHNFZlLXFibnhOT3Z4MnNQeGdDcC1XMWJ4MHlUN3hIQUVrWU5YaVlmRHE1M2NLeHVWR19LX0tzOS0tMVpJT0Q4T2lHNlVvbHlUZFF5aUh5aWl4NkhHRlV3Yi1kd1BISmU2S2NPZElwQkNrdnI0b1QyMGJTZ1VYVEMyVC1VbU1sczBlem56QUdjdEZha2F3Y19NYXpLa0dOX2xtVHVyZjdSY0ctU0NNQWNSTTBibWRVblY0Q1Bqc0ZmMWptRjlDcDM4b1FaUUNsWjdMdjRieXRkcWdmUkE5WFZuSU1SMGtVYTF2MHhtcDFZNHZuR2EtWkE2QmpXaVE3T2d0ejJLWElLYjZMQ2VZNFdBODMtSkZOMTNlYmNIZXo5M294TFVYM2tzWEd5OFdZTHJINjYtZ2g3TFE%253D
    errors => Array()
    cached => [boolean] false

    I use this Responsive Lightbox & Gallery plugin on several sites and Solid Security doesn’t list it as a vulnerability on those sites.

    The URL of the website = https://www.vasaprevia.nl

    Also I just noticed that I cannot use any of the Solid Security tools like “Change WordPress salts” etc. They all give a red warning “Cookie check failed”.

    I’ll do the other checks asap. Thnx again for your help!

    Best regards, Alex

    Hi @boriskrielen,

    On the dashboard is says: “No data” in the exclusions and the bans overview graph.

    This is actually as designed and good news. It means there have not been any recent lockouts or bans. I think the fact that you (probably) have the Hide Backend module enabled and the WordPress core XMLRPC feature disabled, contributes to this desireable result. It means your site is not currently suffering from automated brute force attacks.

    If you would temporarily disable the Hide Backend module, it would make the WordPress login page accessible again. I (or anyone/bots) could then attempt a number of failed login attempts which would then lead to 1 or more (IP) lockouts. Ultimately banning the IP of the attacker. Once such brute force attempts occur on your site, you will start seeing the lockouts/bans data in the SolSec plugin Dashboard page. Trust me ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.