Title: Breaking Site Functionality Last modified: August 30, 2016 --- # Breaking Site Functionality * Resolved [GµårÐïåñ](https://wordpress.org/support/users/guardian74/) * (@guardian74) * [10 years, 5 months ago](https://wordpress.org/support/topic/breaking-site-functionality/) * As of this morning, it has begun breaking the site with every administrative action or post action causing this error: * Sucuri: (1446376855) Send_log: connect() timed out!. This generally happens when the API service fails to respond in time, you currently have configured the plugin to discard the network connection after 300 seconds. Wait a few minutes until the issue is resolved by itself, or change the timeout limit from the general settings page of the plugin, the option is named “API request timeout”. * Which suggests that it is communicating with an outside service and sending information OUT (which is troubling as it has no business sending any information out of your site to anywhere) to make matters worse is that since this service is not able to receive this unsolicited transfer of information, its breaking functionality on the user side. * If you are going to take information from the users without their consent and send them to your servers, at least make it so that when your servers are offline and not responding it doesn’t come back and break usage on their end. This is absurd. I have to disable it to get anything done. * [https://wordpress.org/plugins/sucuri-scanner/](https://wordpress.org/plugins/sucuri-scanner/) Viewing 5 replies - 1 through 5 (of 5 total) * [yorman](https://wordpress.org/support/users/yorman/) * (@yorman) * [10 years, 5 months ago](https://wordpress.org/support/topic/breaking-site-functionality/#post-6706435) * > An API key is required to activate some additional tools available in this > plugin, the keys are free and you can virtually generate an unlimited number > of them as long as the domain name and email address are different. The key > is used to authenticate the HTTP requests sent by the plugin to a public API > service managed by Sucuri Inc. Do not generate the key if you disagree with > this. * This information is only sent by the plugin to the Sucuri API service if **and only if** you have agreed to generate the free API key; as you are complaining about this it means that you did not read that short text located below the form used to generate the key. * I will talk with our infrastructure engineers to see why the connection issues are happening, * [yorman](https://wordpress.org/support/users/yorman/) * (@yorman) * [10 years, 5 months ago](https://wordpress.org/support/topic/breaking-site-functionality/#post-6706444) * Hello, my co-worker sent a message several hours ago to all the Sucuri team about a networking issue with one of our providers that affected multiple boxes used by CloudProxy [1] and other internal projects like wordPress.sucuri.net; this should be fixed at the moment. I will plan a modification of the code that powers the plugin to handle a situation like this _(the connection issue)_ a bit better in the future. * Thread Starter [GµårÐïåñ](https://wordpress.org/support/users/guardian74/) * (@guardian74) * [10 years, 5 months ago](https://wordpress.org/support/topic/breaking-site-functionality/#post-6706480) * I have read it and the API being used is fine as long as it doesn’t break the workflow when there is an exception on the server’s end. If it fails it should either fail silently or log it without breaking the functionality causing the post that is being made to be lost because it gets replaced with an error dialog. Plus why would it need to verify the certificate of the site you are on and within its admin panel making a post? If there is an external service is involved, fine, but no external calls, no need to verify anything. * [yorman](https://wordpress.org/support/users/yorman/) * (@yorman) * [10 years, 5 months ago](https://wordpress.org/support/topic/breaking-site-functionality/#post-6706490) * I agree with you about the first part, that the plugin must fail silently if the server where the API service is being hosted fails to respond to the request, I am working right now to modify the code that powers that part of the plugin to improve the error handling, I will try to finish that this week. * About the second question, the SSL certificate verification is necessary to prevent MITM [1], as you are concerned about the privacy of the data that is being sent to the Sucuri servers having this option enabled is a good thing. If you disable it and keep the API key the plugin will continue sending the data attached to the event logs triggered by WordPress and a malicious user could get in the way and steal that information _(which is not sensitive at all but you would still prefer to prevent that leak of information)_. * Marking as not resolved for now. * [1] [https://en.wikipedia.org/wiki/Man-in-the-middle_attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) * Thread Starter [GµårÐïåñ](https://wordpress.org/support/users/guardian74/) * (@guardian74) * [10 years, 5 months ago](https://wordpress.org/support/topic/breaking-site-functionality/#post-6706496) * I am aware of what a MITM attack is and in the case of creating a post on the admin section and publishing does not expose itself to this. Your assertion is false in that regard. * If anything, the MITM can occur more likely during the communication between my server and your server than it can on my OWN authenticated server using local permissions that have ZERO to do with anything that can be intercepted because data is handled internally, not being sent anywhere. * What IS being sent, is information to you, however benign, which if someone can compromise YOUR server by hijacking DNS records or whatever, is where the potential for MITM can be introduced. During the Point A (Me) to Point B (You) communication. Not during the Point A (Me) to SELF. * Anyway, you are doing what you need to do to fix it, that’s enough discussion on it I suppose. BTW, I don’t educate myself with half baked Wiki articles, I have more reliable sources for that, and have for 2.5 decades in the field. Thanks though. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Breaking Site Functionality’ is closed to new replies. * ![](https://ps.w.org/sucuri-scanner/assets/icon-256x256.png?rev=2875755) * [Sucuri Security - Auditing, Malware Scanner and Security Hardening](https://wordpress.org/plugins/sucuri-scanner/) * [Frequently Asked Questions](https://wordpress.org/plugins/sucuri-scanner/#faq) * [Support Threads](https://wordpress.org/support/plugin/sucuri-scanner/) * [Active Topics](https://wordpress.org/support/plugin/sucuri-scanner/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/sucuri-scanner/unresolved/) * [Reviews](https://wordpress.org/support/plugin/sucuri-scanner/reviews/) * 5 replies * 2 participants * Last reply from: [GµårÐïåñ](https://wordpress.org/support/users/guardian74/) * Last activity: [10 years, 5 months ago](https://wordpress.org/support/topic/breaking-site-functionality/#post-6706496) * Status: resolved