• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Wordpress toolkit (log or details)

V

Vipa

Basic Pleskian
Hey,

I have several wordpress installations running under wordpress toolkit.
One of them is showing a security warning for file and folder permissions.
After hitting optimize security status changes to green and stays green for some hours/days and then it is showing the warning again.

Is there a log or some additional details showing which files/folder the warning is about?
Can't find anything and I would really like to investigate where this is coming from.

Thanks
 
I'm not familiar with how the extension internals work, but what you could do is to list the contents of the hosting, run the optimization, list the contents again and compare:

Code: 
ls -alsR ~<domain_user>/httpdocs > /tmp/list_pre.txt
<run the optimization>
ls -alsR ~<domain_user>/httpdocs > /tmp/list_post.txt
diff -ruN /tmp/list_pre.txt /tmp/list_post.txt
rm /tmp/list_p*.txt

This will catch changed file sizes, timestaps and permissions, moved, added or deleted files. It's a KISS approach, but should do just fine in this case. It won't show any WP database changes, if any, though.

Another approach is to monitor the directory for changes using the inotifywatch utility (found in the inotify-tools), run:

Code: 
inotifywait -r -e attrib,modify,create,delete,move -m ~<domain_user>/httpdocs
and than run the optimization. But this will show just which files were changed, not how were they changed. Again, it won't show any WP database changes.

For the database, following the KISS principle, you could similarly make a SQL dump before and after and do the diff on it. Although I don't really expect any database changes.
 
Last edited:
Great, thanks! I am gonna try this next time it happens.
This should only concern file permissions not database, so I guess I should be fine on this side.
 
Thanks to you I was able to locate the source. It was: SI CAPTCHA Anti-Spam Plugin.
Plugin has a new owner and was used to include spam code.

I think it would be useful for users if they could determine the files with changed permission inside the plesk UI.
 
You must log in or register to reply here.

Similar threads

G
Question WP installs are quarantined daily.
Replies
4
Views
656
Bobbbb
B
S
Resolved Cannot log in with WP Toolkit, pathing problem
Replies
6
Views
3K
Peter Debik
P
W
Issue scheduled task ERROR | /opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/wp-toolkit/scripts/instances-auto-update.php'
Replies
3
Views
927
Wolfgang Reidlinger
W
G
Issue Database Malware or False Positive?
Replies
2
Views
409
Gene Steinberg
G
P
Question Connecting a second domain
Replies
2
Views
225
pleskatarian
P
Back
Top