• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Wordpress toolkit (log or details)

V

Vipa

Basic Pleskian
Hey,

I have several wordpress installations running under wordpress toolkit.
One of them is showing a security warning for file and folder permissions.
After hitting optimize security status changes to green and stays green for some hours/days and then it is showing the warning again.

Is there a log or some additional details showing which files/folder the warning is about?
Can't find anything and I would really like to investigate where this is coming from.

Thanks
 
I'm not familiar with how the extension internals work, but what you could do is to list the contents of the hosting, run the optimization, list the contents again and compare:

Code: 
ls -alsR ~<domain_user>/httpdocs > /tmp/list_pre.txt
<run the optimization>
ls -alsR ~<domain_user>/httpdocs > /tmp/list_post.txt
diff -ruN /tmp/list_pre.txt /tmp/list_post.txt
rm /tmp/list_p*.txt

This will catch changed file sizes, timestaps and permissions, moved, added or deleted files. It's a KISS approach, but should do just fine in this case. It won't show any WP database changes, if any, though.

Another approach is to monitor the directory for changes using the inotifywatch utility (found in the inotify-tools), run:

Code: 
inotifywait -r -e attrib,modify,create,delete,move -m ~<domain_user>/httpdocs
and than run the optimization. But this will show just which files were changed, not how were they changed. Again, it won't show any WP database changes.

For the database, following the KISS principle, you could similarly make a SQL dump before and after and do the diff on it. Although I don't really expect any database changes.
 
Last edited:
Great, thanks! I am gonna try this next time it happens.
This should only concern file permissions not database, so I guess I should be fine on this side.
 
Thanks to you I was able to locate the source. It was: SI CAPTCHA Anti-Spam Plugin.
Plugin has a new owner and was used to include spam code.

I think it would be useful for users if they could determine the files with changed permission inside the plesk UI.
 
You must log in or register to reply here.

Similar threads

M
Input Enhancing visibility of protection status in WordPress Toolkit
Replies
0
Views
289
Maarten
M
P
Multiple instances of .wp-toolkit when smart update is activated
Replies
1
Views
710
Kaspar@Plesk
Kaspar@Plesk
carlsson
Resolved Panic! Site crashed and restoring backup fails
Replies
18
Views
1K
carlsson
carlsson
G
Question WP installs are quarantined daily.
Replies
4
Views
1K
Bobbbb
B
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
1
Views
242
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top