For debugging purposes you can add the line below to the wp-config.php file:
define('ITSEC_DEBUG', true);
The result is that at the bottom of every iTSec email there is a line of text added like below:
Debug info (source page): WP-Cron
or
Debug info (source page): http://www.example.com/
This will enable you to determin whether the emails send are triggered by any site page request or by WP Cron. This will point you (or iThemes) in the right direction for troubleshooting the issue.
Don’t forget to disable the ITSEC_DEBUG constant afterwards.
To prevent any confusion, I’m not iThemes.
Thread Starter
zehawk
(@zehawk)
This is the must infuriating thing. AGAIN this stupid setting has turned on by itself.
Security Digest
Enabled True
Subject Daily Security Digest
Schedule Daily
Last sent on February 19, 2020 9:35 am
Thread Starter
zehawk
(@zehawk)
@nlpro Thank you! I’ll try that out but would you please explain how it would help. Its quite evident that the mails are coming from this plugin in particular and there should be no reason for this endless Daily Security Digest mails which start suddenly and will stop equally suddenly.
Thread Starter
zehawk
(@zehawk)
Oh, its turned on yet again. Wow.
Thread Starter
zehawk
(@zehawk)
So here’s the new message at the bottom of the mail:
Debug info (source page): <domain>/wp-admin/admin.php?page=itsec-logs&filters=type%7Cimportant
Debug info (source page): <domain>/wp-json/ithemes-security/v1/admin-notices?_locale=user
Ok. So there was an email send on an iTSec plugin Logs page request, and
the same email was send on an iTSec specific REST API request (probably to retrieve iTSec plugin specific admin notices info). The iTSec plugin Logs page request probably initiated the iTSec specific REST API request. So both requests seem to trigger the same email to be send. Not good.
Adding the ITSEC_DEBUG line to the wp-config.php did a little bit more.
Perhaps you already noticed there is now a new Security/Debug menu option in the WordPress Dashboard.
Navigate to the Security/Debug menu option and then copy/paste the information from the System Info section. Don’t forget to censor/anonymize any data you don’t feel comfortable in sharing.
Is there anything displayed under the Scheduler section ? If so copy/paste that info into this topic.
Thread Starter
zehawk
(@zehawk)
Thank you @nlpro, here’s the info you asked for:
Note: Security digest has turned on again with schedule daily
———–
More message from various mails:
Debug info (source page): <domain>/contact/
Debug info (source page): <domain>/sitemap.xml
Debug info (source page): WP-Cron
Debug info (source page): <domain>/Modules/Header/Content/Images/header-logo-showcase.svg
Debug info (source page): <domain>/de/impressum/
Right after I logged in:
Debug info (source page): <domain>/wp-login.php?itsec-hb-token=<>
Debug info (source page): <domain>/wp-admin/admin-ajax.php
Debug info (source page): WP-Cron
Debug info (source page): <domain>/wp-admin/admin-ajax.php
So every site hit is generating an email.
———–
Sytem Info section:
### iThemes Security ###
Build: 4116
Pro:
Modules: ban-users, brute-force, backup, network-brute-force, wordpress-tweaks, 404-detection, ssl, and system-tweaks
Cron:
Cron Status:
Scheduler: ITSEC_Scheduler_Page_Load
Features:
———-
Scheduler section:
ID Fire At Schedule
purge-log-entries 2020-03-24 00:09:04 (20 mins) daily
purge-lockouts 2020-03-24 00:05:04 (16 mins) daily
clear-locks 2020-03-23 23:54:04 (5 mins) daily
health-check 2020-03-23 23:56:04 (7 mins) daily
——————————————————
ITSEC_Scheduler_Page_Load
Ok, it’s clear your iTSec plugin is currently configured to use the Page_Load scheduler (Scheduler: ITSEC_Scheduler_Page_Load) to manage scheduled events. I don’t think this is causing your issue(s) with the Daily Digest email (and setting). BUT the default scheduler for the iTSec plugin is WP Cron. There are obvious reasons for using WP Cron as the default scheduler. Potentially long running events like database backup or file change detection are off loaded to WP Cron. This means page requests to the site are not slowed down by these events.
So why is your env using the Page_Load scheduler if WP Cron is the default ?
Initially (after installing and activating the iTSec plugin) it has probably been using the WP Cron scheduler (remember it’s the default, unless you have disabled WP Cron). However sites with little to no traffic run the risk of auto switching to using the Page_Load scheduler at some point in time ! In my opinion this is a bug in the plugin code.
I would certainly recommend to force the iTSec plugin to use the WP Cron scheduler. And who knows what positive impact switching to the WP Cron scheduler will have for the Daily Digest.
To force the iTSec plugin to use the WP Cron scheduler add the line below to the wp-config.php file:
define('ITSEC_USE_CRON', true);
Doublecheck the System Info (and/or Scheduler) section on the plugin Debug page. It should now show:
Scheduler: ITSEC_Scheduler_Cron
As to the Daily Digest issue(s) I’ll need some additional info from the Debug page. Under the Settings section select ‘global’ and then click on the Load button. Copy/paste the info displayed into this topic. Don’t forget to obscure/anonymize any data you don’t want to share 😉
-
This reply was modified 4 years, 12 months ago by
nlpro.
Adding the line below to the wp-config.php file should decrease the number of Daily Digest emails considerably:
define('ITSEC_NOTIFY_USE_CRON', true);
Note it does not entirely resolve the issue. For a complete solution more info is required.
Thread Starter
zehawk
(@zehawk)
This is really strange, so the first site which was bombarding me with Daily Security Digest suddenly stopped on Sunday 29th and then I started getting large number of mails from another one of my sites, while the first is totally silent. Totally nuts. Since this is such a colossal waste of time, I’ve started switching over to another extension on all my sites – All In One WP Security & Firewall.
@nlpro I cant thank you enough for going out of your way to provide solutions and debug this issue, though you are not even from iThemes. Thank you!
