Since version 1.7.18 the plugin stopped using the database to store its settings [1], now it writes in a plain text file located (by default) at /wp-content/uploads/sucuri/sucuri-settings.php. When the plugin needs access to a setting it tries to get its value from this file, if the setting is not there it goes to the database, if the setting is found in the database it migrates it to the file and deletes it from the database.
When you see the message “Sucuri: Storage is not writable”, can you grant write permissions to that folder? You can also change the location of that directory from the general settings page, I suggest you to move it one level up the document root to prevent unwanted access to the files that the plugin creates there, if you don’t want to change the directory it is fine, the plugin adds an exit point on each file to prevent unauthorized access.
[1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/8
Dear yorman,
I’ve changed the location of the directory where the file is located to: /wp-content/uploads/sucuri/sucuri-settings.php. Now the message “Sucuri: Storage is not writable” stopped to appear.
But the message “Plugin not fully activated yet. Please generate the free API key to enable audit logging, integrity checking, email alerts and other tools.” continues appearing.
Also, I’ve seen that, when trying to change my preferences on the Settings page (for example, didn’t receive alerts for integrity core checks or for successful login attemps), appears the message “Sucuri: A total of 2 alert events were changed”, but nothing change.
What about that? Thanks
Same problem exactly here. Sucuri did not create the file sucuri-settings.php. It does not have 755 permissions on that folder and file, but still I get the error.
I’ve checked the permissions of the /wp-content/uploads/sucuri/sucuri-settings.php file, and it is 755. The same for the folders. Apaprently it isn’t a permissions issue.
@monickels not sure if it was a typo but in your comment you said “It does not have 755 permissions”, if that is true then you are saying that the directory can’t be used by the plugin to write the settings. Generally 0x755 is enough, but in some servers it requires 0x775 or even 0x777 but all this depends on the default configuration of your hosting provider.
@xaviergimeno the message “A total of 2 alert events were changed” is part a bug and part expected behavior. Right now the plugin is not checking if it was able to write the new settings before it displays that message, I just fixed this here [1] feel free to install the development version of the plugin or wait until the changes are publicly release with a new version.
For the time being, you can check if the plugin can actually use the directory and file mentioned above executing the code that you can store in the root of your site. Make sure to delete this file after you run the test:
<?php
$dir = 'wp-content/uploads/sucuri';
$file = $dir . '/sucuri-settings.php';
header('Content-Type: text/plain');
printf("Dir %s writable\n", (is_writable($dir) ? 'is' : 'is not'));
printf("File %s writable\n", (is_writable($dir) ? 'is' : 'is not'));
[1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/18/commits/f9fab29
[2] https://github.com/cixtor/sucuri-wordpress-plugin/archive/master.zip
Dear yorman,
since there is a new version of the plugin in progress, and I’ve no hurry, I will wait until your work finished and the version are released.
So, thanks again. You’re the best.
@xaviergimeno we released version 1.8.1; can you check it out to see if it fixes the issues that you are experiencing in your website?
With 1.8.1 the message “Plugin not fully activated yet. Please generate the free API key to enable audit logging, integrity checking, email alerts and other tools.” continues appearing.
Also, when trying to change my preferences on the Settings page (for example, didn’t receive alerts for integrity core checks or for successful login attemps), nothing change.
So, the issues remain the same.
Thnaks yorman.
@xaviergimeno can you confirm again if this directory [1] and this file [2] are writable by the PHP script? That is the only explanation I can give to the issues that you are experiencing, even with the update of the plugin.
[1] /wp-content/uploads/sucuri/
[2] /wp-content/uploads/sucuri/sucuri-settings.php
Both [1] and [2] have 755 permissions. Apparently, this aspect is correct. It is very weird.
However, I’ve seen that some files inside the /wp-content/uploads/sucuri/ folder (concretely the 7 files in this folder: .htaccess, index.html, sucuri-auditqueue.php, sucuri-blockedusers.php, sucuri-integrity.php, sucuri-lastlogins.php, sucuri-trustip.php) have 644 permissions.
I have submitted this commit [1] to the repository to include information in the general settings page that will help in the troubleshooting of these issues. Additionally, I submitted this change [2] to allow some users to force the plugin to keep using the database to store its settings, people like you that are not able to use plain text files can use this option to force the plugin to work as it was doing before the changes added with version 1.7.8.
Please install the development version of the code from here [3] and let me know if these two changes help you resolve the issues that you are experiencing.
[1] https://github.com/cixtor/sucuri-wordpress-plugin/commit/233854d
[2] https://github.com/cixtor/sucuri-wordpress-plugin/commit/af46d6a
[3] https://github.com/cixtor/sucuri-wordpress-plugin/archive/master.zip
Apparently, with the version in progress all issues are fixed. Just checked and all works fine.