David Adams

127.0.0.1 is known as the localhost adapter, or loopback adapter – it basically means ‘don’t go out to the Internet, access a local webserver instead’. How this relates to the Sucuri plugin I have no idea.

I have seen this happen before when an IP address (or domain name) is redirected locally using your local machine’s ‘hosts’ file but if you don’t know what this is, it is very unlikely this is the cause. By default your hosts file is empty so you might as well check it. It is located in C:\Windows\System32\drivers\etc\hosts. Open it up in notepad and check for either your website’s IP or domain name.

The next thing to check would be whether your domain’s DNS zone is correctly pointing to your webserver (I am assuming that your website is hosted somewhere). You will first need to know your website’s IP address, you can usually find this by visiting your hosting provider’s ‘control panel’. With the IP address, open a command prompt and type ‘nslookup’ to run the ‘nameserver lookup’ application. Enter your website address e.g. mywebsite.com, the nslookup application should return with your webserver’s IP address.

I would be happy to be proven wrong, but from your description, I do not believe the Sucuri plugin has anything whatsoever to do with the issue you are having. Just my tuppence worth.

• This reply was modified 3 years, 9 months ago by David Adams.

I can’t comment on your security needs because I use the plugin as part of a paid subscription so I get priority support and usually get a response within a few hours, depending on timezones.

The API key can be generated within the plugin’s UI Sucuri Security > Settings > General Settings > API Key.

If you want to completely reset the Sucuri Security plugin you can delete its data folder on your website. It’ll be recreated on next page refresh.

Where email alerts go to (from the plugin) is not related to the WordPress admin notification email, it’s a specific setting in Sucuri Security > Settings > Alerts > Alerts Recipient.

If you want all 5 sites to notify the same email, change this setting on all 5 sites (or export/import settings).

Additional Note: I have now rolled back to v3.1.11 and everything works fine again.

Looking forward to the fix so that I keep my plugins up-to-date.

Regards,
David.

That’s fantastic news! Thank you ??

Shafayat,

Good call re trying another file! I did some further testing and out of 10 files tried, around 50% of them ‘worked (i.e. download manager correctly linked to the file) and 50% did did, reporting ‘undefined’.

It turns out that these files do not exist on the server, even though they are listed in WordPress Media Library.

That’s obviously a problem I need to solve, but what is clear is that this is NOT an issue with Download Manager.

Please feel free to close the ticket, and thank you for getting back to me.

Regards,
David.

Gentle chase…

I have tested this on a fresh WP installation, and it works fine, so, yes, it seems that something on my website is causing this problem.

As you correctly state, I have a lot of plugins, disabling/enabling each one to find the cause of this is quite an effort. Is there an easier way, using Query Monitor or something similar?

Un-check the “Allow redirection after login to report the last login information” option in Settings.

View post on imgur.com

Bug submitted. Closing this ticket.

Happy to install Query Monitor, I’ve used it in the past. I suppose I don’t want to go through the process of transferring all my custom code to Code Snippets (build/test etc) if I then end up un-installing it due to a performance issue. That’s really the point of this query.

It would certainly help me to decide whether the investment in time is warranted. May I take you up on your offer?

My website pages currently return in about 1.1 seconds, and there’s more that can be done to improve that. So there’s a pretty reasonable ‘visitor experience’ as they click around the site. If installing Code Snippet added, say, more than 0.5 seconds, that would be unacceptable because the user experience would suffer, just because of the ‘convenience’ of having custom code delivered in a more intuitive way i.e. to help me. If delivering 100 snippets impacted less than, say, 0.1 seconds, then I would install it tomorrow!

0.0003 seconds certainly sounds reasonable :-), though I do wonder how many snippets were included in your test. I will have around 100 if I implement this plugin. How much of a performance delay would 100 snippets create on each page load? 100 x 0.0003 seconds?

If you are a paid member you can submit a ticket via their website (click Support after you login). You’ll get a faster response submitting a ticket than via this forum.

From my basic understanding, the WAF should filter traffic prior to that traffic reaching your website – you shouldn’t see the traffic if the IP is blacklisted at the WAF.

The free Sucuri plugin does not check for DoS attacks, you need the WAF (Firewall) ‘add-on’ for that, which is a paid-for service.

It looks to me that you website has some code that is perhaps logging visits, and Sucuri is interpreting that as a post update. Btw, Post Update notifications can be switched off in Settings > Alerts, but I wouldn’t suggest doing that until this is fixed.

I would suggest some rudimentary troubleshooting:

(1) Deactivate all plugins (except Sucuri, obviously), does the issue persist?
(2) Change your theme, does the issue persist? (note: this is just a quick way of replacing your theme’s functions.php file, which runs every time WordPress runs i.e. every visit)
(3) Use a cron plugin to review your cron jobs, I believe (not 100% sure) that a cron job can be run on every visit.

I know this isn’t the answer, I don’t have the answer, but my guess is that *your website is doing this*, rather than some malware.

Good luck.

@yass45 , you might receive a better response if you review their contact details within their privacy policy.