Eve

Hi Filip,

If you go to Last Logins -> Failed Logins then you can block those users. Just tick next to the username and hit Block Select Users.

Thanks!
eve@sucuri

Hi there,

That user is expected to be there. You’ll see “system” user taking care of “under the hood” WordPress tasks. Nothing unusual. ??

Thanks!
eve@sucuri

Hi there,

Unfortunately, it’s impossible to determine the origin from only a code sample. Also, as the forum here is only for plugin usage support, I’ll need to refer you to our contact page where you can report security issues to our Research Team. https://sucuri.net/company/contact-us

Thanks!
eve@sucuri

Hi Jonas,

I understand that the redirect could be malicious. I was just suggesting a legitimate alternative. ??

Regarding the /wp-includes/.htaccess, I have raised the topic of the scanning exclusion with the developer.

eve@sucuri

Hi there,

What are the permissions for /wp-content/uploads/sucuri and /sucuri-settings.php?

eve@sucuri

Hi Jonas,

Sorry for any confusion. The interception and blocking are part of the Sucuri CloudProxy services.

eve@sucuri

Hi Jonas,

Checking the code, I see the plugin integrity scanner is ignoring the /wp-includes/.htaccess file.

The .htaccess redirect you mentioned looks like it could be generated by an SEO plugin trying to protect your site from 404s by redirecting search engine traffic to your homepage. Does that make sense? Regardless, that particular redirect doesn’t look malicious.

eve@sucuri

Hi greencode,

Are you using the latest version of the plugin? Do you have a valid API key? Can you please reply with the exact error message, or screenshot with pastebin (or similar) would be great.

Settings -> API Service scroll down to Test API Calls. https://wordpress.sucuri.net/api/ is working?

Thanks!

Hi Ghalib,

Thanks for your interest in helping! What language? I’ll make sure folks see this thread and your offer.

Hi there,

I downloaded the Timely calendar plugin and tested with our plugin. I was not able to reproduce the problem. I was able to delete events without error.

Are you using the latest versions of both plugins? Can you give the exact steps to reproduce the error?

Thanks!
Eve@Sucuri

Hey Danny,

Thanks for the report and your patience! We’ve looked into this issue, were able to reproduce it and will be including the fix in the next release of the plugin.

The settings are actually being updated as you can see in /uploads/sucuri/sucuri-settings.php. The problem was only with the UI and displaying the updated values.

Kind regards,
Eve@Sucuri

Hi there Brian,

There are a few of us here at Sucuri that have been testing the plugin with the latest version of WordPress and have found no issues.

I hope this helps! Let us know if you have any other questions.

Best regards,
Eve@Sucuri

Hi there,

I’m not sure I fully understand what your are doing and your setup. Can you please let us know the exact steps to reproduce the scenario?

We’ll be happy to assist if you can give us a little more information. ??

Best regards,
Eve@Sucuri

Hi there,

Have you looked at the file structure and tried to locate the wp-login.php file?

Hi there!

What version of the plugin are you using?