Support » Plugin: iThemes Security » Neverending Daily Security Digest mails

  • Ithemes is impossible to use like this. I have over a dozen sites with ithemes on all of them. From time to time, some site will start sending “Daily Security Digest” continuously – there might be three mails received per MIN in some cases. This is an ongoing issue for past few years, across multiple versions. At various times, I’ve gone to each of the sites and unchecked the:

    During periods of heavy attack, iThemes Security can generate a LOT of email. The Security Digest reduces the number of emails sent so you can receive a summary of lockouts and file change detection scans.

    But then suddenly the mails will start coming. I’ll log back into the site and sometimes see that this setting has been somehow enabled again, even thought I’ve explicitly turned it off. Note that however, checking or unchecking – nothing stops “Daily Security Digest” mails. Its impossible to figure out the pattern, when does it occur and why. Is enabling this setting causing the mails to come, or disabling this setting.

    This is seriously irritating and the only recourse I have is to remove this plugin if there is no solution being provided by devs.

    Thanks.

Viewing 10 replies - 1 through 10 (of 10 total)
  • For debugging purposes you can add the line below to the wp-config.php file:

    define('ITSEC_DEBUG', true);

    The result is that at the bottom of every iTSec email there is a line of text added like below:

    Debug info (source page): WP-Cron

    or

    Debug info (source page): http://www.example.com/

    This will enable you to determin whether the emails send are triggered by any site page request or by WP Cron. This will point you (or iThemes) in the right direction for troubleshooting the issue.

    Don’t forget to disable the ITSEC_DEBUG constant afterwards.

    To prevent any confusion, I’m not iThemes.

    Thread Starter zehawk

    (@zehawk)

    This is the must infuriating thing. AGAIN this stupid setting has turned on by itself.

    Security Digest

    Enabled True
    Subject Daily Security Digest
    Schedule Daily

    Last sent on February 19, 2020 9:35 am

    Thread Starter zehawk

    (@zehawk)

    @nlpro Thank you! I’ll try that out but would you please explain how it would help. Its quite evident that the mails are coming from this plugin in particular and there should be no reason for this endless Daily Security Digest mails which start suddenly and will stop equally suddenly.

    Thread Starter zehawk

    (@zehawk)

    Oh, its turned on yet again. Wow.

    Thread Starter zehawk

    (@zehawk)

    So here’s the new message at the bottom of the mail:

    Debug info (source page): <domain>/wp-admin/admin.php?page=itsec-logs&filters=type%7Cimportant
    Debug info (source page): <domain>/wp-json/ithemes-security/v1/admin-notices?_locale=user

    Ok. So there was an email send on an iTSec plugin Logs page request, and
    the same email was send on an iTSec specific REST API request (probably to retrieve iTSec plugin specific admin notices info). The iTSec plugin Logs page request probably initiated the iTSec specific REST API request. So both requests seem to trigger the same email to be send. Not good.

    Adding the ITSEC_DEBUG line to the wp-config.php did a little bit more.

    Perhaps you already noticed there is now a new Security/Debug menu option in the WordPress Dashboard.

    Navigate to the Security/Debug menu option and then copy/paste the information from the System Info section. Don’t forget to censor/anonymize any data you don’t feel comfortable in sharing.

    Is there anything displayed under the Scheduler section ? If so copy/paste that info into this topic.

    Thread Starter zehawk

    (@zehawk)

    Thank you @nlpro, here’s the info you asked for:

    Note: Security digest has turned on again with schedule daily

    ———–

    More message from various mails:

    Debug info (source page): <domain>/contact/
    Debug info (source page): <domain>/sitemap.xml
    Debug info (source page): WP-Cron
    Debug info (source page): <domain>/Modules/Header/Content/Images/header-logo-showcase.svg
    Debug info (source page): <domain>/de/impressum/

    Right after I logged in:

    Debug info (source page): <domain>/wp-login.php?itsec-hb-token=<>
    Debug info (source page): <domain>/wp-admin/admin-ajax.php
    Debug info (source page): WP-Cron
    Debug info (source page): <domain>/wp-admin/admin-ajax.php

    So every site hit is generating an email.

    ———–

    Sytem Info section:

    ### iThemes Security ###
    Build: 4116
    Pro:
    Modules: ban-users, brute-force, backup, network-brute-force, wordpress-tweaks, 404-detection, ssl, and system-tweaks
    Cron:
    Cron Status:
    Scheduler: ITSEC_Scheduler_Page_Load
    Features:

    ———-

    Scheduler section:

    ID Fire At Schedule
    purge-log-entries 2020-03-24 00:09:04 (20 mins) daily
    purge-lockouts 2020-03-24 00:05:04 (16 mins) daily
    clear-locks 2020-03-23 23:54:04 (5 mins) daily
    health-check 2020-03-23 23:56:04 (7 mins) daily
    ——————————————————
    ITSEC_Scheduler_Page_Load

    Ok, it’s clear your iTSec plugin is currently configured to use the Page_Load scheduler (Scheduler: ITSEC_Scheduler_Page_Load) to manage scheduled events. I don’t think this is causing your issue(s) with the Daily Digest email (and setting). BUT the default scheduler for the iTSec plugin is WP Cron. There are obvious reasons for using WP Cron as the default scheduler. Potentially long running events like database backup or file change detection are off loaded to WP Cron. This means page requests to the site are not slowed down by these events.

    So why is your env using the Page_Load scheduler if WP Cron is the default ?

    Initially (after installing and activating the iTSec plugin) it has probably been using the WP Cron scheduler (remember it’s the default, unless you have disabled WP Cron). However sites with little to no traffic run the risk of auto switching to using the Page_Load scheduler at some point in time ! In my opinion this is a bug in the plugin code.

    I would certainly recommend to force the iTSec plugin to use the WP Cron scheduler. And who knows what positive impact switching to the WP Cron scheduler will have for the Daily Digest.

    To force the iTSec plugin to use the WP Cron scheduler add the line below to the wp-config.php file:

    define('ITSEC_USE_CRON', true);

    Doublecheck the System Info (and/or Scheduler) section on the plugin Debug page. It should now show:

    Scheduler: ITSEC_Scheduler_Cron

    As to the Daily Digest issue(s) I’ll need some additional info from the Debug page. Under the Settings section select ‘global’ and then click on the Load button. Copy/paste the info displayed into this topic. Don’t forget to obscure/anonymize any data you don’t want to share 😉

    • This reply was modified 2 years, 4 months ago by nlpro.

    Adding the line below to the wp-config.php file should decrease the number of Daily Digest emails considerably:

    define('ITSEC_NOTIFY_USE_CRON', true);

    Note it does not entirely resolve the issue. For a complete solution more info is required.

    Thread Starter zehawk

    (@zehawk)

    This is really strange, so the first site which was bombarding me with Daily Security Digest suddenly stopped on Sunday 29th and then I started getting large number of mails from another one of my sites, while the first is totally silent. Totally nuts. Since this is such a colossal waste of time, I’ve started switching over to another extension on all my sites – All In One WP Security & Firewall.

    @nlpro I cant thank you enough for going out of your way to provide solutions and debug this issue, though you are not even from iThemes. Thank you!

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Neverending Daily Security Digest mails’ is closed to new replies.