Roberto Jobet

Hi again,

This morning I received the email notification message at 10 am as expected!

It seems now to work!

As I already told you in a previous thread, an automatic scan once a day is not enough…

In case of a compromission, I would prefer to receive a notification as soon as an unexpected file modification is carried out!

I really hope that you will include this feature in your next release!!

Thanks for the good work!

Regards,
Roberto

BTW as I said in my first message, clicking on “Launch Instant Scan” button a notification email is sent… so the email system is working fine!!

Regards,
Roberto

Hi Robert,

Thanks for the feedback!

1) No messages in spam folder
2) Email address OK
3) No
4) Default WP email system

The only thing to stress out is that I disabled WP’s default cron system. I prefer to set a cPanel cron job that triggers WP cron every hour.
This could be an issue for your plugin?

Thanks.

Regards,
Roberto

Hi Robert,

Thanks for the feedback.

I was looking for a file integrity monitoring plugin that would do just that: file integrity monitoring!
I don’t like security plugins doing every kind of things!

The integrity monitoring feature in WP Security Audit Log, can be manually disabled?

Regards,
Roberto

@robert681
Thanks for your reply.
I deleted wp security audit log folder, and I emptied (truncate) wp_wsal_metadata, wp_wsal_occurrences and wp_wsal_options tables.
Then installed back the plugin. Now everything works fine.

BTW during uninstall, as per WP directives, your plugin should delete all data from the DB including custom tables…
Is there any option in plugin’s settings to do this before uninstalling?

Thanks
Regards

@tomdkat
https://ithemes.com/important-ithemes-sync-vulnerability-patched/

Please note that in my case the configuration file path is: /home/user/public_html/.htninja

The setting you recommend (/home/user/.htninja ) didn’t work in my case (Overview’s configuration file line empty).

This maybe has something to do with the problem I have with blocking code?

Hi,
I’m using the .htninja-sample file.
The code you sent me is the same I sent you.

NinjaFW log still shows the remote WPscan attempt:
05/Sep/19 18:49:40 #4302844 HIGH – 104.237.147.13 GET /index.php – User enumeration scan (author archives) – [author=1] – wpninja.sicurezza-wordpress.it
05/Sep/19 18:49:40 #4259313 HIGH – 104.237.147.13 GET /index.php – User enumeration scan (author archives) – [author=2] – wpninja.sicurezza-wordpress.it

These lines mean that NinjaFW is *not* blocking these scannings?

Here are some other attempts logged by NinjaFW live log:
[04/Sep/19:22:27:15 +0200] – 104.211.30.57 “GET /” “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36” “-” “wpninja.sicurezza-wordpress.it”
[04/Sep/19:22:27:18 +0200] – 104.237.147.13 “GET /readme.html” “-” “Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11” “-” “wpninja.sicurezza-wordpress.it”
[04/Sep/19:22:27:18 +0200] – 104.237.147.13 “GET /wp-content/uploads/” “-” “Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11” “-” “wpninja.sicurezza-wordpress.it”
[04/Sep/19:22:27:18 +0200] – 104.237.147.13 “GET /wp-content/plugins/” “-” “Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11” “-” “wpninja.sicurezza-wordpress.it”

Hi,

This is an example of what WPscan does and what NinjaFW logs:

03/Sep/19 23:08:43 #2647995 HIGH – 104.237.147.13 GET /index.php – User enumeration scan (author archives) – [author=1] – wpninja.sicurezza-wordpress.it
03/Sep/19 23:08:43 #7373199 HIGH – 104.237.147.13 GET /index.php – User enumeration scan (author archives) – [author=2] – wpninja.sicurezza-wordpress.it

With the rule included in .htninja file, this IP should be blocked by this rule, right?

Why this rule is not triggered by NinjaFW?

Regards

Hi,

I think it would be much more honest, to say that this is a premium plugin, i.e. you must pay if you want to use it in a production server.

I have only 15 plugins installed, and just after scanning the first five, it stops saying: “You hit our free API usage limit.”

Just a waste of time…..

Regards

Hi @nagdy,

I replaced the keys with WP API site and now everything works fine.
Now I’ll try with a scheduled job.

The only issue with your plugin, is that I cannot change login url with a security plugin as I usually do. I have to disable this feature, in order to use the default login url (wp-login.php).
I’ve noticed that your plugin redirects to an unusual url:
https://example.com/wp-login.php?redirect_to=https%3A%2F%2Fexample.com%2Fwp-admin%2Ftools.php%3Fpage%3Dsalt_shaker&reauth=1

Any idea on how to solve this?

Thanks and keep up with the good work!!

Best regards

Hi @nagdy,

Why do you say that it could be a cron problem? I haven’t set any scheduled job for automated Salt changing, I’m just using the “Change Now” button.

Regarding the first issue, the problem was due to a security plugin that blocked the redirection to the login page.

I’ve installed the plugin into another site and the output is the same. The AUTH_KEY and AUTH_SALT are not changed, they remain the same as the previous one.
Your script should change every key and salt from the wp-config.php file, right?

Best regards

Hi Sanja,

Thanks for your feedback.

I visit my dashboard daily and I keep it open for the whole day. Moreover I have a Chrome’s extension to refresh the page every 30 min.

Since yesterday evening, I have 4 child sites with available updates but until now (2 pm) updates are not being installed by mainWP dashboard…
You say that mainwp_cronupdatescheck_action is scheduled to run every minute, that means that available updates should be installed almost immediately after mainWP dashboard knows about available updates in child sites!
Is that the way it should work?

I’m trying to understand a bit better about WP cron jobs, and it seems that the default WP cron process is triggered only when a site’s page is being visited by an user.

In my case, I’m the only user as I have a local installation.
I guess that visiting the WP dashboard means also that the WP cron process is triggered when I login into WP dashboard, right?

Then why available updates are not being installed in child sites?

Thanks

Hi,

Thanks for your feedback.

In the MainWP dashboard site, I’ve installed a cron plugin (Advanced cron manager) to see cron jobs already installed.
There are a few mainwp jobs… which one is the one that install available updates into child sites?

Moreover, in your knowledgebase doc, you recommend to set an uptime robot monitor to trigger regularly WP cron jobs.
How can you set it up , in case mainWP dashboard is installed in a local setup?

Thanks