Hi there,
Are you running a performance plugin? That looks to be ‘cache minification’ actions. You would need to validate the activity with the plugin author.
Regards,
Eve
Yes, I was thinking it was the case but why do it all the time?
I use a plugin called Hummingbird by WPMUDEV.
Hi there,
You would need to ask the author about the behavior. The Sucuri plugin is just the messenger. 🙂 You can always adjust your alert settings to change and/or limit the number of alerts you receive.
Eve
Like many other plugins, HB simply stores it’s data in an internal post type to avoid creating extra db tables (a best practice). Any audit plugin could pick those changes up as post updates, if they don’t configure them to ignore that post type or internal post types.
It seems like your plugin could avoid creating unnecessary audit logs by skipping internal post types by default.
$args = array(
‘labels’ => $labels,
‘description’ => ‘WPHB Minify Groups (internal use)’,
‘public’ => false,
‘publicly_queryable’ => false,
‘show_ui’ => false,
‘show_in_menu’ => false,
‘query_var’ => false,
‘rewrite’ => false,
‘capability_type’ => ‘post’,
‘has_archive’ => false,
‘hierarchical’ => false,
‘supports’ => array()
);
Hey WPMU DEV!
Thanks for the feedback. However, skipping those internal post types could leave a security hole for database entries to be created with that post type in order to evade the Sucuri notifications.
So, in this case, we recommend disabling notifications from Wphb_minify_group in Settings -> Ignore Alerts.
I hope that helps!
Thanks,
Eve
Thank you very much for your answers. I will disable that in my Sucuri alerts.
Thanks for the replies everyone 🙂
I will disable Sucuri alerts for notifications from Wphb_minify_group.
-
This reply was modified 4 years, 1 month ago by
mboverhof.
@evahost
I’m Ignacio, Hummingbird developer. I would like to know more details about your response as I don’t fully understand it.
“skipping those internal post types could leave a security hole for database entries to be created with that post type in order to evade the Sucuri notifications.”
Why could it leave a security hole?
It is just an internal post type that is not public at all.
Thanks
Hi Ignacio,
We prefer not to ignore by default any activity that could allow a malicious user to create entries in the database.
But we understand that some plugins create temporary data in the posts table, that’s why we’ve made it possible to ignore or whitelist specific activity.
Kind regards,
Eve
