• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Wordpress toolkit (log or details)

V

Vipa

Basic Pleskian
Hey,

I have several wordpress installations running under wordpress toolkit.
One of them is showing a security warning for file and folder permissions.
After hitting optimize security status changes to green and stays green for some hours/days and then it is showing the warning again.

Is there a log or some additional details showing which files/folder the warning is about?
Can't find anything and I would really like to investigate where this is coming from.

Thanks
 
I'm not familiar with how the extension internals work, but what you could do is to list the contents of the hosting, run the optimization, list the contents again and compare:

Code: 
ls -alsR ~<domain_user>/httpdocs > /tmp/list_pre.txt
<run the optimization>
ls -alsR ~<domain_user>/httpdocs > /tmp/list_post.txt
diff -ruN /tmp/list_pre.txt /tmp/list_post.txt
rm /tmp/list_p*.txt

This will catch changed file sizes, timestaps and permissions, moved, added or deleted files. It's a KISS approach, but should do just fine in this case. It won't show any WP database changes, if any, though.

Another approach is to monitor the directory for changes using the inotifywatch utility (found in the inotify-tools), run:

Code: 
inotifywait -r -e attrib,modify,create,delete,move -m ~<domain_user>/httpdocs
and than run the optimization. But this will show just which files were changed, not how were they changed. Again, it won't show any WP database changes.

For the database, following the KISS principle, you could similarly make a SQL dump before and after and do the diff on it. Although I don't really expect any database changes.
 
Last edited:
Great, thanks! I am gonna try this next time it happens.
This should only concern file permissions not database, so I guess I should be fine on this side.
 
Thanks to you I was able to locate the source. It was: SI CAPTCHA Anti-Spam Plugin.
Plugin has a new owner and was used to include spam code.

I think it would be useful for users if they could determine the files with changed permission inside the plesk UI.
 
You must log in or register to reply here.

Similar threads

R
Resolved WP Toolkit/Wordpress Toolkit - older version screenshot issue
Replies
4
Views
3K
rhall
R
M
Input Enhancing visibility of protection status in WordPress Toolkit
Replies
0
Views
649
Maarten
M
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
563
Raul A.
R
P
Multiple instances of .wp-toolkit when smart update is activated
Replies
1
Views
2K
Kaspar@Plesk
Kaspar@Plesk
learning_curve
Resolved Permissions on some of the files packaged by Plesk are incorrect[ERROR] - Post 18.0.69 Upgrade
Replies
19
Views
998
learning_curve
learning_curve
Back
Top