Facebook
Twitter- Server operating system version
- Windows Server 2016 Standard
- Plesk version and microupdate number
- Plesk Obsidian Version 18.0.57 Update #5
I'm starting this new thread as suggested in the response to my OP in the wp-toolkit-general-discussion
talk.plesk.com
FOLLOWING ARE THE DETAILS I ORIGINALLY POSTED
I am running WP Toolkit version: 6.2.14-7878. Plesk Obsidian Version 18.0.57 Update #5.
I operate a small hosting operation. I recently migrated a few sites from an older server to one that is running Windows 2016. There are 9 WP installs on this server.
After the migration. I'm finding that each morning there are a few WP installations that have suddenly gone into quarantined status.
When I select "Check WordPress Integrity" followed by "Verify Checksums" (without reinstalling the Core files) I get a timeout error. But if I run the reinstall process, and then hit "Verify Checksums", it comes up clean.
For starters, I don't understand why checking the integrity of the install times out, while totally reinstalling the code runs just fine. But more importantly, are there any actions I can take that will help avoid this (DAILY) situation where I have to go through 3-4 sites and reinstall the code each day?
-----------------------------------------
@Aleksey Filatev replied as follows:
WP Toolkit retrieves actual data about each registered WordPress each day. Usually, this operation takes a few seconds, but in some circumstances (in a wide range, from malfunctioning plugins to real malware), it can take much longer. In this case, the website will be marked as quarantined (which means WP Toolkit will not communicate with this website further) to isolate the impact of possible malicious code on the server.
You are experiencing the same symptoms while checking the integrity. I wonder if it really helps to reinstall the core files. You can check it by running the refresh website data manually right after reinstalling the core (which means not waiting while it is executed by the daily task). Will it succeed or run into a timeout?
Also, it is possible that the quarantined state was initiated by attempting to update your website. Update operation is more time-consuming than just requesting website data, and the timeout for this operation is much longer (30 minutes). Do you configure automated updates for affected websites?
In case your website, in fact, works as expected but slower than usual (but you are confident that it is expected), you can increase timeouts in the configuration file (panel.ini).
-----------------------------------------
I pointed out that all are set for auto-update.
Akismet Anti-spam: Spam Protection 5.3.1
Bad Behavior 2.2.24
Better Search Replace 1.4.5
Botnet Attack Blocker 2.0.0
Child Theme Configurator 2.6.5
Classic Editor 1.6.3
Classic Widgets 0.3
Custom Meta Widget 1.5.1
Growmap Anti Spambot Plugin 1.5.6
Multi Device Switcher 1.8.5
TLS 1.2 Compatibility Test 1.0.1
Wordfence Security 7.11.1
----------------------------------------
I subsequently installed the Panel.ini Editor. I then updated these to 180 per that article. After doing so, I waited overnight and confirmed that the 2 sites still became quarantined.
[ext-wp-toolkit] wpCliTimeoutRegular 60
[ext-wp-toolkit] wpCliTimeoutMaintenanceTimeout 60
----------------------------------------
As of this morning, the blogs which are the subject of my concerns here were in quarantined status again.
There are 4 sites that are having this issue, but as of this morning, only 2 of those were quarantined. One which I will refer to as LP has been on this server for years. The other, ES, moved to this server a couple weeks ago. Historically, neither of these were being quarantined until my recent effort to consolidate 4-5 sites from an older server to the current server. They are being quarantined daily at this point.
Other than bumping the time from 180 to a longer value, are there any other options?
---------------------------------------
@Bobbbb then replied:
Might want to start a new thread under the Plesk for Linux/Windows sections. Wouldn't hurt to (at least temporally) install the Wordfence extension just to verify those sites are free of known malware.
---------------------------------------
I can confirm that Wordfence is in fact installed - that's a standard in my shop - I require Wordfence to be installed in all WP installations.
WP Toolkit - General Discussion
Hi, users have access to the manage automatic WordPress updates even if they are not authorized to do this (hosting plan does not permit it). When will this bug be fixed?
talk.plesk.com
FOLLOWING ARE THE DETAILS I ORIGINALLY POSTED
I am running WP Toolkit version: 6.2.14-7878. Plesk Obsidian Version 18.0.57 Update #5.
I operate a small hosting operation. I recently migrated a few sites from an older server to one that is running Windows 2016. There are 9 WP installs on this server.
After the migration. I'm finding that each morning there are a few WP installations that have suddenly gone into quarantined status.
When I select "Check WordPress Integrity" followed by "Verify Checksums" (without reinstalling the Core files) I get a timeout error. But if I run the reinstall process, and then hit "Verify Checksums", it comes up clean.
For starters, I don't understand why checking the integrity of the install times out, while totally reinstalling the code runs just fine. But more importantly, are there any actions I can take that will help avoid this (DAILY) situation where I have to go through 3-4 sites and reinstall the code each day?
-----------------------------------------
@Aleksey Filatev replied as follows:
WP Toolkit retrieves actual data about each registered WordPress each day. Usually, this operation takes a few seconds, but in some circumstances (in a wide range, from malfunctioning plugins to real malware), it can take much longer. In this case, the website will be marked as quarantined (which means WP Toolkit will not communicate with this website further) to isolate the impact of possible malicious code on the server.
You are experiencing the same symptoms while checking the integrity. I wonder if it really helps to reinstall the core files. You can check it by running the refresh website data manually right after reinstalling the core (which means not waiting while it is executed by the daily task). Will it succeed or run into a timeout?
Also, it is possible that the quarantined state was initiated by attempting to update your website. Update operation is more time-consuming than just requesting website data, and the timeout for this operation is much longer (30 minutes). Do you configure automated updates for affected websites?
In case your website, in fact, works as expected but slower than usual (but you are confident that it is expected), you can increase timeouts in the configuration file (panel.ini).
-----------------------------------------
I pointed out that all are set for auto-update.
Akismet Anti-spam: Spam Protection 5.3.1
Bad Behavior 2.2.24
Better Search Replace 1.4.5
Botnet Attack Blocker 2.0.0
Child Theme Configurator 2.6.5
Classic Editor 1.6.3
Classic Widgets 0.3
Custom Meta Widget 1.5.1
Growmap Anti Spambot Plugin 1.5.6
Multi Device Switcher 1.8.5
TLS 1.2 Compatibility Test 1.0.1
Wordfence Security 7.11.1
----------------------------------------
I subsequently installed the Panel.ini Editor. I then updated these to 180 per that article. After doing so, I waited overnight and confirmed that the 2 sites still became quarantined.
[ext-wp-toolkit] wpCliTimeoutRegular 60
[ext-wp-toolkit] wpCliTimeoutMaintenanceTimeout 60
----------------------------------------
As of this morning, the blogs which are the subject of my concerns here were in quarantined status again.
There are 4 sites that are having this issue, but as of this morning, only 2 of those were quarantined. One which I will refer to as LP has been on this server for years. The other, ES, moved to this server a couple weeks ago. Historically, neither of these were being quarantined until my recent effort to consolidate 4-5 sites from an older server to the current server. They are being quarantined daily at this point.
Other than bumping the time from 180 to a longer value, are there any other options?
---------------------------------------
@Bobbbb then replied:
Might want to start a new thread under the Plesk for Linux/Windows sections. Wouldn't hurt to (at least temporally) install the Wordfence extension just to verify those sites are free of known malware.
---------------------------------------
I can confirm that Wordfence is in fact installed - that's a standard in my shop - I require Wordfence to be installed in all WP installations.
