• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Wordpress toolkit (log or details)

V

Vipa

Basic Pleskian
Hey,

I have several wordpress installations running under wordpress toolkit.
One of them is showing a security warning for file and folder permissions.
After hitting optimize security status changes to green and stays green for some hours/days and then it is showing the warning again.

Is there a log or some additional details showing which files/folder the warning is about?
Can't find anything and I would really like to investigate where this is coming from.

Thanks
 
I'm not familiar with how the extension internals work, but what you could do is to list the contents of the hosting, run the optimization, list the contents again and compare:

Code: 
ls -alsR ~<domain_user>/httpdocs > /tmp/list_pre.txt
<run the optimization>
ls -alsR ~<domain_user>/httpdocs > /tmp/list_post.txt
diff -ruN /tmp/list_pre.txt /tmp/list_post.txt
rm /tmp/list_p*.txt

This will catch changed file sizes, timestaps and permissions, moved, added or deleted files. It's a KISS approach, but should do just fine in this case. It won't show any WP database changes, if any, though.

Another approach is to monitor the directory for changes using the inotifywatch utility (found in the inotify-tools), run:

Code: 
inotifywait -r -e attrib,modify,create,delete,move -m ~<domain_user>/httpdocs
and than run the optimization. But this will show just which files were changed, not how were they changed. Again, it won't show any WP database changes.

For the database, following the KISS principle, you could similarly make a SQL dump before and after and do the diff on it. Although I don't really expect any database changes.
 
Last edited:
Great, thanks! I am gonna try this next time it happens.
This should only concern file permissions not database, so I guess I should be fine on this side.
 
Thanks to you I was able to locate the source. It was: SI CAPTCHA Anti-Spam Plugin.
Plugin has a new owner and was used to include spam code.

I think it would be useful for users if they could determine the files with changed permission inside the plesk UI.
 
You must log in or register to reply here.

Similar threads

carlsson
Resolved Panic! Site crashed and restoring backup fails
Replies
18
Views
346
carlsson
carlsson
G
Question WP installs are quarantined daily.
Replies
4
Views
725
Bobbbb
B
S
Resolved Cannot log in with WP Toolkit, pathing problem
Replies
6
Views
3K
Peter Debik
P
W
Issue scheduled task ERROR | /opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/wp-toolkit/scripts/instances-auto-update.php'
Replies
3
Views
1K
Wolfgang Reidlinger
W
G
Issue Database Malware or False Positive?
Replies
2
Views
471
Gene Steinberg
G
Back
Top