Eve

Hey there,

@strackerphil-1 is correct. The site seal is a benefit to Sucuri monitoring customers.

Hi Akemi,

Can you please clarify, do you need assistance with the Sucuri plugin?

We don’t have enough information about your setup to help with specific access issues, and the forum is for plugin-specific questions.

Please let us know if we can help with any plugin questions or issues.

Kind regards,
Eve

Hi Henrique,

There’s currently not a way to specify custom paths for these directories. You can manually harden them by creating an .htaccess file inside the directory and adding the following:

<FilesMatch “\.(?i:php)$”>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>

Please note that hardening these directories can break your site. If you have issues after hardening these directories, simply delete the .htaccess files that you added.

I hope that helps! I’ll pass along the suggestion for customized paths.

Kind regards,
Eve

Hi there,

I’m sorry for the issues. Since you are a Sucuri customer, please submit a ticket with Sucuri, so that we can better help you with this issue. If you already have a ticket about this problem, please update it for help with your plugin configuration.

Thanks,
Eve

Hi mark36265,

The plugin does provide a variety of security information about your site; check Hardening, Remote Scanner Results, Audit Logs and more. But that information is not compiled into a standalone report. I’ll consider this a request and pass that along to the developers. ??

Thanks!
Eve

Hi whateverbatch,

WordFence and Sucuri are two different plugins. Its sounds like you might need to get some help from them?

The latest version of the Sucuri plugin is 1.8.3 and can be downloaded here.

https://www.ads-software.com/support/plugin/sucuri-scanner

Let us know if you need some help it.

Kind regards,
Eve

Hi there,

I’m sorry you’re having issues. Can you confirm, are you using the latest version of the plugin 1.8.3?

https://www.ads-software.com/plugins/sucuri-scanner/

And you can check your servers communication over the API services by going to Settings -> API Service -> scroll down to the bottom, select all APIs and hit ‘Test API Calls’.

Thanks,
Eve

Hi Ignacio,

We prefer not to ignore by default any activity that could allow a malicious user to create entries in the database.

But we understand that some plugins create temporary data in the posts table, that’s why we’ve made it possible to ignore or whitelist specific activity.

Kind regards,
Eve

Hi kuleanadesign,

Yes, please update to the latest version of the plugin 1.8.3. It works with WordPress 4.7.3. Many Sucurians and customers are happily running that combo.

Kind regards,
Eve

Hi Perrine,

Is a file that’s used to store information about your site’s plugins. You might be able to check the file details to learn which plugin is related to the issue.

I hope this helps.

Kind regards,
Eve

Hi supaiku,

I was unable to reproduce the issue on my test multisite.

To disable alerts for failed logins go to Settings -> Alerts -> then scroll down to Alert Events. Finally, make sure the following is deselected:

‘Receive email alerts for failed login attempts (you may receive tons of emails)’

The default location for the settings files is ‘/wp-content/uploads/sucuri’. The alerts settings are saved in sucuri-settings.php. Is the file date/time being updated when you change and save the alert settings? Can you see the following in your sucuri-settings.php file:

“sucuriscan_notify_failed_login”:”disabled”

If you can’t see the change in the settings file, it could be a permissions problem with the ‘sucuri’ folder or sucuri-settings.php file.

I hope this helps! Please post again if you are still having issues.

Kind regards,
Eve

Hey WPMU DEV!

Thanks for the feedback. However, skipping those internal post types could leave a security hole for database entries to be created with that post type in order to evade the Sucuri notifications.

So, in this case, we recommend disabling notifications from Wphb_minify_group in Settings -> Ignore Alerts.

I hope that helps!

Thanks,
Eve

Hi elliekennard,

No, there’s no problem disabling PHP in the /uploads/sucuri directory.

Kind regards,
Eve

Hi there,

Thanks! I’ll pass this suggestion along to the devs.

Kind regards,
Eve

Hi there,

You would need to ask the author about the behavior. The Sucuri plugin is just the messenger. ?? You can always adjust your alert settings to change and/or limit the number of alerts you receive.

Eve