Eve

Hi James,

Extra files would be ones that you added, for example, in my root web directory I have added some tools and scripts that I use for testing. Also, some managed hosting services modify or add files to the installation.

In the case of flagged files that you know are ok, you can mark them as fixed on the main Sucuri Dashboard page to tell the scanner to ignore them on future scans.

If your host makes changes, they’ll be able to validate the files they add/modify.

I hope this helps!

Kind regards,
Eve

Hi Troy,

Ah, those changes are likely done on purpose by the host ?? If you are at all concerned about the core changes, I’d check with the host.

You’re very welcome.

Kind regards,
Eve

Hi there,

The core integrity scanner checks the core WordPress folders/files searching for added, modified, and deleted files. There is no need to touch any of these core files so any inconsistency notified after the scan should be considered suspicious.

It’s recommended that you replace your WordPress files with a newly downloaded copy. You’ll find instructions for that here: https://codex.www.ads-software.com/Updating_WordPress

I hope this helps!

Eve

I was not able to reproduce this issue. And it looks like Clef is shutting down.

In Sucuri Security -> Settings -> API Service you’ll see the ability to test your site’s API communication. Is the connection for sitecheck.sucuri.net failing?

If you’ve moved the site (changed the installation path) you might be using an old/inaccessible copy of the sucuri settings folder. You can check SUCURI_DATA_STORAGE by going to Sucuri Security -> Site Info -> Config. Variables.

Are you able to visit https://sitecheck.sucuri.net/ and scan your site?

Hi there,

Are you running a performance plugin? That looks to be ‘cache minification’ actions. You would need to validate the activity with the plugin author.

Regards,
Eve

Hi James,

“Core integrity” in the dashboard shows half the files indicated as “modified”

Are you saying that your core WordPress files are modified? Or that your site has extra files in the in the root directory? If the WordPress core files are showing as modified, it is advisable to download a fresh copy from the WordPress repository. If you have ‘extra’ files, doing the restore won’t change anything. You need to evaluate those files and determine if they are a legitimate part of your site.

I would advise looking at the alert content rather than the alert percentage breakdown.

I hope this helps!

Eve

Hi there,

You can set up to 60 seconds for the Malware scan timeout in Sucuri Security -> Settings -> Scanner

The default is 30 seconds.

Eve

Hi there,

First, the API key is tied to the domain (or subdomain), so swapping keys is not recommended. Are other WordPress emails working for your live site? Do you receive other Sucuri plugin alerts, failed logins?

You can check the SUCURI_DATA_STORAGE path in Site Info -> Config Variables. Is the path what you expect? Are the files in the sucuri folder accessible?

Eve

Hi bamajr,

From this:

Notification:
Spnl_log (private to published); identifier: 1528; name: API Action cron

it looks like one of your plugins is running a cron job. You’d need to validate this behavior with the plugin author. The Sucuri plugin is only reporting the behavior, it can’t say if it’s legitimate or not.

You can adjust the alerts types and frequency in Sucuri Security -> Settings -> Alerts

Regards,
Eve

Kind regards,
Eve

• This reply was modified 8 years ago by Eve.

Hi there,

I recommend checking the server error logs for information about the failure. Your host should be able to help you with this.

Please post if you are still having the problem and have any further information.

Hi there,

This is not directly related to the plugin. The plugin is reporting results from SiteCheck. If you feel SiteCheck is not reporting correct version information you can send an email to [email protected].

Kind regards,
Eve

Hi there,

The Sucuri plugin is reporting the activity of the SiteGround cache plugin. You would need to confirm the behavior with the plugin author to be sure it’s expected.

Since you have enabled the email alerts for new or modified content, the plugin will send you an alert if any of these post-types are created and/or updated. You may want to ignore some of them as some 3rd-party extensions create temporary data in the posts table to track changes in their own tools.

In this case, you can choose to ignore by go to Settings -> Ignore Alerts and click Ignore next to Post. This is not a recommendation to ignore these changes, it’s an option.

I hope this helps!

Kind regards,
Eve