Support » Plugin: Sucuri Security - Auditing, Malware Scanner and Security Hardening » What do ‘Wpephpcompat_jobs (private to published)’ emails mean?

  • Resolved Erik Hill

    (@playball25)


    At the risk of sounding like an utter and complete noob.. not even sure if people still use the term ‘noob’, does anyone know what these alerts mean from Sucuri?

    Wpephpcompat_jobs (private to published)

    I received a notification like this with an identifier and the name of the plugin for each of the installed and active plugins I’m using on my site.

    Doesn’t seem to be alarming but just don’t know what these emails mean if anyone can help.

    Thanks!

    • This topic was modified 9 months, 3 weeks ago by  Erik Hill.
    • This topic was modified 9 months, 3 weeks ago by  Erik Hill.
Viewing 15 replies - 1 through 15 (of 15 total)
  • Erik. It’s not just you. I received several emails yesterday just like this and I would also like to know what they mean. I received one email each for about 9 plugins installed on a site. I’m not sure how a plugin can change from private to published.

    I just submitted a support ticket with Sucuri. I’ll update as soon as I have info.

    Thanks Erik.

    I´m getting the same message and I don´t understand it either. Any indications on what it means would be greatly appreciated.

    Add me – came back from a weekend away to loads of these alerts tagged with either localhost or the IP address of a user (presumably because its using WP_cron?).

    Wasted a bunch of time (mine and my web host’s support) so far trying to figure out if I was under attack. Something seems to be doing PHP7 compatibility checks – not sure if this is Sucuri or Sucuri is just notifying. Perhaps its a WP core thing?

    Stuart

    I’ve also had emails regarding this for a number of websites of mine. All of the plugins were set from private to published. I have also opened a ticket with Sucuri.

    I’ve had the same on several websites. The alerts included both
    ‘Wpephpcompat_jobs (private to published)’
    and shortly after a corresponding ‘Post deleted’. My host assures me this was nothing that they were running and that they believe it was related to my wp-cron process that maybe needed a re-initialization of some sort or due to some other update / dependency actions that were (automatically or not) imposed via your website’s internal mechanics.

    Hi there,

    The Sucuri plugin is reporting the activity of the SiteGround cache plugin. You would need to confirm the behavior with the plugin author to be sure it’s expected.

    Since you have enabled the email alerts for new or modified content, the plugin will send you an alert if any of these post-types are created and/or updated. You may want to ignore some of them as some 3rd-party extensions create temporary data in the posts table to track changes in their own tools.

    In this case, you can choose to ignore by go to Settings -> Ignore Alerts and click Ignore next to Post. This is not a recommendation to ignore these changes, it’s an option.

    I hope this helps!

    Kind regards,
    Eve

    I’ve been trying to get some help with this over at Siteground also. I don’t think it is what you say for a couple of reasons:-

    1. I don’t have any caching plugins
    2. Siteground support say it’s not.

    The Wpephpcompat_jobs thing occurred on 27 Feb and has not recurred. That’s WP Engine’s PHP Compat plugin from what I can tell. I don’t have this plugin unless perhaps it’s bundled into something else.

    https://en-gb.wordpress.org/plugins/php-compatibility-checker/

    Just checking again with SG whether it’s something they are running.

    I also do not have the SiteGround caching plugin installed on the site which is sending the alerts.

    Did anyone else who had this happen at SiteGround on the 27th have the HackAlert service? Wondering if these alerts were generated during the process when SG recently changed the scanning service from HackAlert to SG Site Scanner.

    If that’s an optional service, it’s not one I’ve selected knowingly and I did get the alerts. I’ve been back and forth with SG (who have impressed me with their willingness to help investigate something btw).

    The last theory was that another plugin was perhaps running the PHP compat plugin code for some reason. I can imagine that a plugin author might want to understand what percentage of their base is PHP 7 ready perhaps or maybe one of the security plugins is doing it as part of security scans.

    I even said to SG that I’d understand if they were running compatibility checks themselves but they said they weren’t. I can’t think how to look into which plugin may have done this other than posting on every support forum for each plugin.

    Stuart

    From SiteGround after many back and forth tickets:

    SG Optimizer, the latest version introduced a Wpephpcompat checker and it is likely the cause and nothing to be alarmed about.

    For anyone who did not check their Securi logs, there were two entries per plugin. One that set from from private to published and another that deleted the published version. They happened within a minute or so of each other.

    stuartb3502

    (@stuartb3502)

    Thanks for the update. I saw SG’s latest mailshot promoting upgrading to PHP 7 and went “hmm”. Very disappointed that on several occasions on my ticket with them Siteground have either failed to mention this or denied they had done anything when I asked them whether they were running a PHP compatibility check. Whilst much of what they do is terrific they have a horrible blindspot about informing customers before they do something. This is the 3rd occasion since October when they’ve done something without notice which I’ve at least had to waste time on trying to figure out what is happening.

    Plugin Author yorman

    (@yorman)

    Hello everyone, as someone else mentioned in a previous comment, the event that the Sucuri plugin is reporting is referring to a modification in the database performed by the “PHP Compatibility Checker” plugin maintained by WPEngine [1]. I can’t comment on specifics about the event because the Sucuri plugin is just reporting that something changed in the database but it doesn’t cares about the origin of the modification. I suggest you all to contact WPEngine to know what is the meaning of these modifications.

    Marking as resolved, feel free to re-open if you have more questions.

    [1] https://wordpress.org/plugins/php-compatibility-checker/

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘What do ‘Wpephpcompat_jobs (private to published)’ emails mean?’ is closed to new replies.