I submitted a ticket but, of course, no one will help me because I’m using the free version. But the response also included this: “Our scanning/monitoring may be (correctly or incorrectly) notifying you about that being an issue.” Well, free version or not, aren’t you interested if it’s scanning/monitoring correctly or incorrectly?
A developer friend of mine seems to think that “it looks a false positive where Google is trying to crawl your site and Sucuri thinks it’s a DoS attack.”
Well, I can’t submit a ticket, no one is answering here, and no one is answering on the Google support forum. I guess my only option is to replace Sucuri with something else because I don’t know what else to do. I already have over 400 emails with these notifications and thanks, but I don’t want any more.
The free Sucuri plugin does not check for DoS attacks, you need the WAF (Firewall) ‘add-on’ for that, which is a paid-for service.
It looks to me that you website has some code that is perhaps logging visits, and Sucuri is interpreting that as a post update. Btw, Post Update notifications can be switched off in Settings > Alerts, but I wouldn’t suggest doing that until this is fixed.
I would suggest some rudimentary troubleshooting:
(1) Deactivate all plugins (except Sucuri, obviously), does the issue persist?
(2) Change your theme, does the issue persist? (note: this is just a quick way of replacing your theme’s functions.php file, which runs every time WordPress runs i.e. every visit)
(3) Use a cron plugin to review your cron jobs, I believe (not 100% sure) that a cron job can be run on every visit.
I know this isn’t the answer, I don’t have the answer, but my guess is that *your website is doing this*, rather than some malware.
Good luck.
Thanks, tictag. I appreciate the answer. I’m going to try to do everything you suggested.