Title: Security Attack error – Bad configuration – Excluding groups Last modified: April 28, 2023 --- # Security Attack error – Bad configuration – Excluding groups * Resolved [arcantide](https://wordpress.org/support/users/arcantide/) * (@arcantide) * [2 years, 11 months ago](https://wordpress.org/support/topic/security-attack-error-bad-configuration-excluding-groups/) * Hi there, * First of all, apologies for my english (I’m french) * In order to gain some performances on the website, I asked to my host provider to install Redis (A Docker in Plesk) * Also, as I’m on WordPress, I’ve install Redis Object Cache. * I try to maximize the loading performances for the plugin WooCommerce Bookings which always search in the database for available slots for example. This is a huge waste of time/ressources and I guess Redis could helps to optimize that. * But, when I activated the redis cache, everything started to be very slow (back- end and also the bookable product calendars – which was the goal of my installation of redis) * My shot provider told me error found in his logs: * > Possible SECURITY ATTACK detected. It looks like somebody is sending POST or > Host: commands to Redis. This is likely due to an attacker attempting to use > Cross Protocol Scripting to compromise your Redis instance. Connection aborted. * I don’t know why there is this security notice. * Also, I guess it could be relevant to set in the ignored groups everything instead of the data relative to WooCommerce and WooCommerce Bookings. * Here is the “diagnostique” of my installation: * ```wp-block-code Status: Connecté Client: PhpRedis (v5.3.7) Drop-in: Valid Disabled: No Ping: 1 Errors: [] PhpRedis: 5.3.7 Relay: Not loaded Predis: Not loaded Credis: Not loaded PHP Version: 8.0.28 Plugin Version: 2.3.0 Redis Version: 7.0.11 Multisite: No Metrics: Enabled Metrics recorded: 51 Filesystem: Working Global Prefix: "wpstg0_" Blog Prefix: "wpstg0_" WP_REDIS_HOST: "127.0.0.1" WP_REDIS_PORT: 6379 WP_REDIS_DATABASE: 0 WP_REDIS_TIMEOUT: 1 WP_REDIS_READ_TIMEOUT: 1 WP_REDIS_PREFIX: "test-henson" WP_REDIS_PLUGIN_PATH: "/var/www/vhosts/henson.fr/httpdocs/temp-eeh/wp-content/plugins/redis-cache" Global Groups: [ "blog-details", "blog-id-cache", "blog-lookup", "global-posts", "networks", "rss", "sites", "site-details", "site-lookup", "site-options", "site-transient", "users", "useremail", "userlogins", "usermeta", "user_meta", "userslugs", "redis-cache", "blog_meta" ] Ignored Groups: [ "counts", "plugins", "themes", "theme_json", "wordfence", "wordfence-ls", "WPML_ST_Package_Factory", "wpml-all-meta-product-variation" ] Unflushable Groups: [] Groups Types: { "blog-details": "global", "blog-id-cache": "global", "blog-lookup": "global", "global-posts": "global", "networks": "global", "rss": "global", "sites": "global", "site-details": "global", "site-lookup": "global", "site-options": "global", "site-transient": "global", "users": "global", "useremail": "global", "userlogins": "global", "usermeta": "global", "user_meta": "global", "userslugs": "global", "redis-cache": "global", "counts": "ignored", "plugins": "ignored", "themes": "ignored", "blog_meta": "global", "theme_json": "ignored", "wordfence": "ignored", "wordfence-ls": "ignored", "WPML_ST_Package_Factory": "ignored", "wpml-all-meta-product-variation": "ignored" } Drop-ins: [ "advanced-cache.php v by ", "Query Monitor Database Class (Drop-in) v3.12.2 by John Blackbourn", "maintenance.php v by ", "Redis Object Cache Drop-In v2.3.0 by Till Krüss" ] ``` * I also do not see the list of the plugins at the bottom of this diagnostique. * Is this normal? Because some of other tickets have it… * Tell me if I can provide more informations to help to solve my issue. * Kind regards Florent - This topic was modified 2 years, 11 months ago by [arcantide](https://wordpress.org/support/users/arcantide/). Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Author [Till Krüss](https://wordpress.org/support/users/tillkruess/) * (@tillkruess) * [2 years, 11 months ago](https://wordpress.org/support/topic/security-attack-error-bad-configuration-excluding-groups/#post-16696275) * Hey! * `Possible SECURITY ATTACK detected` is unrelated to this plugin. Your hosting provider can help you with that. * From your diagnostics, it looks like you’re connected. What’s the CPU usage of Redis Server, does it have enough resources? * Thread Starter [arcantide](https://wordpress.org/support/users/arcantide/) * (@arcantide) * [2 years, 11 months ago](https://wordpress.org/support/topic/security-attack-error-bad-configuration-excluding-groups/#post-16696417) * Hi and thanks for your help 🙂 * Well, that’s my host provider who told me this message war worrying him ^^ * Concerning your second, I actually have no more informations than this: * RAM is configured as unlimited for the tests and only 11Mb are used by the process on the 31Gb total space… * Could you please tell me what kind of informations we need to understand the source of this incorrect functioning? * Regards, Florent * Plugin Author [Till Krüss](https://wordpress.org/support/users/tillkruess/) * (@tillkruess) * [2 years, 11 months ago](https://wordpress.org/support/topic/security-attack-error-bad-configuration-excluding-groups/#post-16696467) * > Well, that’s my host provider who told me this message war worrying him ^^ * It’s unrelated to the Redis Object Cache plugin for WordPress. Securing Redis it the hosts responsibility. * > RAM is configured as unlimited for the tests and only 11Mb are used by the > process on the 31Gb total space… * How large is your SQL database? Does Redis grow past 11MB? * It may be the case that another plugin is constantly flushing the cache and it has to be rebuilt for every page load and that’s why your site is slow. * Thread Starter [arcantide](https://wordpress.org/support/users/arcantide/) * (@arcantide) * [2 years, 11 months ago](https://wordpress.org/support/topic/security-attack-error-bad-configuration-excluding-groups/#post-16697699) * Hi and thanks for your reply! * Database is around 1Gb but as we test the object cache on a staging site (and the prefix is correctly set in the options), let’s say we have around half of this weight. * The host provider says it never grows over 11Mb… * I’ll run some more tests but I don’t want to waste your time. If you have some ideas to where to search for answers, let me know 🙂 * Thanks again and have a nice day. Florent * Plugin Author [Till Krüss](https://wordpress.org/support/users/tillkruess/) * (@tillkruess) * [2 years, 11 months ago](https://wordpress.org/support/topic/security-attack-error-bad-configuration-excluding-groups/#post-16699530) * You may have a bad plugin that keep flushing the cache, so it’s always cold, check the FAQ: * [https://github.com/rhubarbgroup/redis-cache/blob/develop/FAQ.md](https://github.com/rhubarbgroup/redis-cache/blob/develop/FAQ.md) Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Security Attack error – Bad configuration – Excluding groups’ is closed to new replies. * ![](https://ps.w.org/redis-cache/assets/icon-256x256.gif?rev=2568513) * [Redis Object Cache](https://wordpress.org/plugins/redis-cache/) * [Support Threads](https://wordpress.org/support/plugin/redis-cache/) * [Active Topics](https://wordpress.org/support/plugin/redis-cache/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/redis-cache/unresolved/) * [Reviews](https://wordpress.org/support/plugin/redis-cache/reviews/) * 5 replies * 2 participants * Last reply from: [Till Krüss](https://wordpress.org/support/users/tillkruess/) * Last activity: [2 years, 11 months ago](https://wordpress.org/support/topic/security-attack-error-bad-configuration-excluding-groups/#post-16699530) * Status: resolved