Are you referring to the files listed in the “Core Integrity” or the “Audit Logs” panel?
If the files are frequently listed under the audit logs then that may be a bug, not in the plugin but in the API service, I will contact one of my co-workers in the development team to check the code of the API if it is necessary.
If the files are listed under the core integrity panel then that is not a bug, that is how the plugin was designed. The plugin compares the checksums provided by WordPress itself of all the files contained in the official archives with the files present in the core directories (document root, wp-admin, and wp-includes). You can select the files that you trust and mark them as fixed, this will make the warning disappears.
Let me know if you want more information.
They are under the “Audit Logs” panel. “Core Integrity” doesn’t show any errors.
After first install, I originally had some show up under “Core Integrity” but I marked them as trusted and they have not reappeared.
I have a spreadsheet that lists the almost 50 files in the audit log (I think the log stops when it reaches 50 or so). that I can share with you if that will help.
Interesting, so it may be a bug. Send me a copy of the spreadsheet with the files that are being duplicated in the logs to info@sucuri.net (do not forget to reference this ticket) I will try to reproduce the issue in my development machine.
As I explained in my previous comment there is no much I can do from the plugin to fix that since that information comes from the API service, so I will forward this issue to my co-worker so he can check if there is a bug in the service or not.
Done.
I included a link to this post in the email so I hope that is what you needed
Hi once more…
I have figured out what the problem was and resolved it.
I have two websites – johnbishopimages.com and johnbishopimages.net. The .net account is my test platform while .com is production. I have recently promoted a new website design and content from .net to .com. I did so by copying all of the files on the server from one domain to the other then migrating the SQL database after correcting URLs.
The result was that both .com and .net ended up using the same Sucuri API key. Once I removed and re-added the API key on the .com domain (the one copied over from .net) everything cleared up!
Don’t know if the API can check to see if the same key is being used by more than one domain but that would have prevented this from happening in the beginning. As a systems engineer and software geek, I believe that good software shouldn’t break. And good security software must anticipate and handle all sorts of unexpected situations. This one should have been a no brainer…
John
;-j
Make sense, thanks for the explanation. I am not the maintainer of the plugin’s API service so I will pass this ticket to my co-worker, he manages the code of that part of the project.
Hello, my co-worker responded to an email that I sent yesterday regarding this issue and he says that he will not fix this because according to his tests the API service that powers the Sucuri plugin is working as expected and that creating this feature is not worth the time and would cause more issues than resolve them.
He recommended to keep in mind that the API keys are not reusable between two different servers and that everyone have to remember to change them when the site is migrated.
So unfortunately I will have to mark this ticket as resolved even when it is not, there is nothing else I can do here since (as I mentioned in my previous message) I am not the maintainer of the code of that API service, so I can not fix this issue by myself.
Thanks for pursuing this. In retrospect all I can say is that I’m glad I found my own solution.
Again, as a software developer, I focus heavily on robust, high-quality code. This is even more crucial when developing security software. I find the reasons for not doing this difficult to accept and not at all practical but there you are… accept them I must.
I believe his response API keys are not reusable between two different servers isn’t completely accurate. Both my sites run on the same server under the same userid, one as the primary domain, one as an addon domain. Both have the same IP address. I think it would be more correctly stated that API keys are not reusable between two different domains.
Hopefully, now that this is resolved, should someone have this problem down the road, you will be able to help them more quickly!
