yorman

@megamenu the only reason for us to reset the settings during the deactivation process is to clear up any data that the plugin created during and after the installation. Many people complained in the past because they were trying to uninstall the plugin but it kept some of its files in the system. Because the distinction between “uninstall” and “deactivate” on WordPress is small, the function that I wrote to trigger the reset of the settings is shared by these two actions.

However, after thinking about this issue for some time, I concluded that it’s better to leave the files untouched during the deactivation and/or uninstallation. If people start complaining again because the data was not cleared up, the solution is easy, they can simply delete the files by themselves.

I will make the corresponding changes to solve this problem.

I just checked your website and can confirm that you have added the HTTP security headers correctly. If the plugin is still showing a warning it must be because the results of the initial scan are cached. The cache expires after 20 minutes, if it is taking longer, you can force the expiration from the “Data Storage” panel located in the settings page, the file is called “sucuri-sitecheck.php”.

Let me know if you need more information.

There’s just a handful of places in the code with the PHP version:

FILENAME                   | LINE | CODE
src/sitecheck.lib.php      | 155  | $data['details'][] = … phpversion();
src/settings-webinfo.php   | 41   | 'PHP_version' => PHP_VERSION,
src/settings-hardening.php | 197  | … sprintf('PHP %s …', PHP_VERSION);
src/settings-hardening.php | 199  | if (…(PHP_VERSION, '5.6.0') >= 0)) {

We are either calling the built-in PHP phpversion() function or printing the built-in PHP_VERSION constant. Anything else is either coming from the external web scanner SiteCheck, or from a misconfigured PHP installation in the server.

Scan your website using this tool — https://sitecheck.sucuri.net

If it reports that your website is using a different version of PHP than you are expecting, then the problem is coming from the API, probably from cached data. This cache expires after 48 hours or so. If the version reported by this tool is correct, then the problem is coming from the built-in PHP_VERSION constant, in which case it’s up to your hosting provider to fix it.

Let me know if you need more information.

You may want to chat with one of our support agents here [1].

The API key that you get after the activation of the WordPress plugin has no relationship with the customer’s data. Because anyone can create a free key, associating this data to a customer is not necessary. Then, it is not possible to transfer this data.

Technically speaking, we could log into the server and change the email address used to generate the key, but as far as I know only two people in the company have access to these servers, and they may not be available for a single transfer. You can, however, explain your case to one of our support agents and they may escalate it to the correct person.

My suggestion, generate a new API key and start from scratch.

You can export the existing logs and import them again into the system with the new key, but the dates will not match the original ones, so this may not be very useful.

Let me know if you need more information.

[1] https://sucuri.net (bottom-right corner of the page)

The plugin caches the result of the malware scan in this file [1].

The cache is automatically reset after 20 minutes but you can force it earlier from the “Data Storage” panel located in the plugin’ settings page. You can also delete the file manually via FTP, SFTP, or the file manager provided by your hosting panel.

[1] /wp-content/uploads/sucuri/sucuri-sitecheck.php

I have the same error log, which […] I can safely delete

That’s correct, but I think you should understand the purpose of the file before the deletion. When you write code in PHP, the interpreter logs all the errors and warnings from that code in those “error_log” files. While you can safely delete them, if you don’t fix the code that is generating the warnings, the “error_log” file will keep appearing in the same directory.

I also have a file with a green flag called bk.zip which I have no clue where it came from or how to check if its safe or not.

If I were you, I would download the Zip file into my computer, and inspect its content (without extracting) to see if the name of the files make sense to me. Taking a wild guess, bk.zip sounds like backup.zip, maybe you generated a backup file and forgot about it, or one of the support agents who manages your hosting account created it and forgot to delete it, it has happened to me in the past.

I’m getting the warning that my hosting provider is disabling external execution of the diff utility

The error is printed when the plugin cannot execute a command called “diff” [1][2] that is usually available in every Unix-like operating system. If your web server is running on Windows you will have no access to this tool, but if your web server is running on Linux, macOS Server, BSD, ARM or similar you should be able to execute this command from any part of the system. Unless you have the "exec()" PHP function disabled via “php.ini” [3].

how do I enable this?

Talk with your hosting provider to enable that function.

[1] https://github.com/Sucuri/sucuri-wordpress-plugin/blob/d7acfc6/src/command.lib.php#L58-L79
[2] https://github.com/Sucuri/sucuri-wordpress-plugin/blob/d7acfc6/src/command.lib.php#L81-L105
[3] https://github.com/Sucuri/sucuri-wordpress-plugin/blob/d7acfc6/src/command.lib.php#L43-L56