Support » Plugin: Sucuri Security - Auditing, Malware Scanner and Security Hardening » Generate API Key & Storage is not writable messages

  • Resolved Xavier Gimeno Torrent

    (@xaviergimeno)


    Since last Update of the plugin (1.7.19) appears mistakenly on the plugin dashboard the following message: “Plugin not fully activated yet. Please generate the free API key to
    enable audit logging, integrity checking, email alerts and other tools.”
    But when I push the “Generate API key” button, after following the steps indicated, rightly appears the “Sucuri: We already have an API key created for this site. It has been sent to the email X for recovery.” Clearly, the first message it is an error, because I’ve entered the API key for my plugin some years ago.

    Secondly, with 1.8.0 Update, appears the message “Sucuri: Storage is not writable:” and then, the path (that I’ve have omitted here for security reasons)

    Anyone knows how to arrange these issues? Thanks.

    https://wordpress.org/plugins/sucuri-scanner/

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Author yorman

    (@yorman)

    Since version 1.7.18 the plugin stopped using the database to store its settings [1], now it writes in a plain text file located (by default) at /wp-content/uploads/sucuri/sucuri-settings.php. When the plugin needs access to a setting it tries to get its value from this file, if the setting is not there it goes to the database, if the setting is found in the database it migrates it to the file and deletes it from the database.

    When you see the message “Sucuri: Storage is not writable”, can you grant write permissions to that folder? You can also change the location of that directory from the general settings page, I suggest you to move it one level up the document root to prevent unwanted access to the files that the plugin creates there, if you don’t want to change the directory it is fine, the plugin adds an exit point on each file to prevent unauthorized access.

    [1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/8

    Dear yorman,

    I’ve changed the location of the directory where the file is located to: /wp-content/uploads/sucuri/sucuri-settings.php. Now the message “Sucuri: Storage is not writable” stopped to appear.

    But the message “Plugin not fully activated yet. Please generate the free API key to enable audit logging, integrity checking, email alerts and other tools.” continues appearing.

    Also, I’ve seen that, when trying to change my preferences on the Settings page (for example, didn’t receive alerts for integrity core checks or for successful login attemps), appears the message “Sucuri: A total of 2 alert events were changed”, but nothing change.

    What about that? Thanks

    Same problem exactly here. Sucuri did not create the file sucuri-settings.php. It does not have 755 permissions on that folder and file, but still I get the error.

    I’ve checked the permissions of the /wp-content/uploads/sucuri/sucuri-settings.php file, and it is 755. The same for the folders. Apaprently it isn’t a permissions issue.

    Plugin Author yorman

    (@yorman)

    @monickels not sure if it was a typo but in your comment you said “It does not have 755 permissions”, if that is true then you are saying that the directory can’t be used by the plugin to write the settings. Generally 0x755 is enough, but in some servers it requires 0x775 or even 0x777 but all this depends on the default configuration of your hosting provider.

    @xaviergimeno the message “A total of 2 alert events were changed” is part a bug and part expected behavior. Right now the plugin is not checking if it was able to write the new settings before it displays that message, I just fixed this here [1] feel free to install the development version of the plugin or wait until the changes are publicly release with a new version.

    For the time being, you can check if the plugin can actually use the directory and file mentioned above executing the code that you can store in the root of your site. Make sure to delete this file after you run the test:

    <?php
    $dir = 'wp-content/uploads/sucuri';
    $file = $dir . '/sucuri-settings.php';
    
    header('Content-Type: text/plain');
    printf("Dir %s writable\n", (is_writable($dir) ? 'is' : 'is not'));
    printf("File %s writable\n", (is_writable($dir) ? 'is' : 'is not'));
    

    [1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/18/commits/f9fab29
    [2] https://github.com/cixtor/sucuri-wordpress-plugin/archive/master.zip

    Dear yorman,

    since there is a new version of the plugin in progress, and I’ve no hurry, I will wait until your work finished and the version are released.

    So, thanks again. You’re the best.

    Plugin Author yorman

    (@yorman)

    @xaviergimeno we released version 1.8.1; can you check it out to see if it fixes the issues that you are experiencing in your website?

    With 1.8.1 the message “Plugin not fully activated yet. Please generate the free API key to enable audit logging, integrity checking, email alerts and other tools.” continues appearing.

    Also, when trying to change my preferences on the Settings page (for example, didn’t receive alerts for integrity core checks or for successful login attemps), nothing change.

    So, the issues remain the same.

    Thnaks yorman.

    Plugin Author yorman

    (@yorman)

    @xaviergimeno can you confirm again if this directory [1] and this file [2] are writable by the PHP script? That is the only explanation I can give to the issues that you are experiencing, even with the update of the plugin.

    [1] /wp-content/uploads/sucuri/
    [2] /wp-content/uploads/sucuri/sucuri-settings.php

    Both [1] and [2] have 755 permissions. Apparently, this aspect is correct. It is very weird.

    However, I’ve seen that some files inside the /wp-content/uploads/sucuri/ folder (concretely the 7 files in this folder: .htaccess, index.html, sucuri-auditqueue.php, sucuri-blockedusers.php, sucuri-integrity.php, sucuri-lastlogins.php, sucuri-trustip.php) have 644 permissions.

    Plugin Author yorman

    (@yorman)

    I have submitted this commit [1] to the repository to include information in the general settings page that will help in the troubleshooting of these issues. Additionally, I submitted this change [2] to allow some users to force the plugin to keep using the database to store its settings, people like you that are not able to use plain text files can use this option to force the plugin to work as it was doing before the changes added with version 1.7.8.

    Please install the development version of the code from here [3] and let me know if these two changes help you resolve the issues that you are experiencing.

    [1] https://github.com/cixtor/sucuri-wordpress-plugin/commit/233854d
    [2] https://github.com/cixtor/sucuri-wordpress-plugin/commit/af46d6a
    [3] https://github.com/cixtor/sucuri-wordpress-plugin/archive/master.zip

    Apparently, with the version in progress all issues are fixed. Just checked and all works fine.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Generate API Key & Storage is not writable messages’ is closed to new replies.