yorman

Is there a setting I can change to help with this?

You can turn off the “API Service Communication” from the settings page.

It may be an intermittent issue, you may want to enable it again maybe next week or so.

How come a bot can update a page?

A web crawler cannot do that by itself.

What I think is happening is that your website is designed in such a way that when a HTTP request hits the FAQ page the code is reacting by applying a modification. It is not possible to know what was the modification using the information above, but I could think of some:

• Maybe the post table has a visitor counter column that is counting the number of visits, which means that every time a HTTP request is detected, the content of the table is modified and this triggers the security alert.
• Maybe there is another plugin running in the background that is modifying an existing column in the database, I have seen some 3rd-party themes updating the “created_at” and “updated_at” columns.
• Maybe there is a bug in your code that is mistakingly triggering the execution of the publish_page WordPress hook which is what the Sucuri plugin uses to detect changes in the posts and pages.
• etc […]

Your web developer may have more information.

At this point, it’s not possible for me to give you a better answer because I don’t know how your website was built. I will be marking this ticket as resolved, but if you have the PHP source code of the FAQ page and are willing to share it we can re-open the ticket and continue the investigation.

Yes, there is an option in the settings page called “Receive email alerts for changes in the post status”. Once enabled, you can configure which changes you want to receive alerts about using the panel “Ignore Posts Changes” located in the same page.

Currently, the plugin reports the changes in the post. I have an item in my TODO list to implement a diff checker to report the differences between the old and new content the same way the WordPress integrity checker works. This feature will be released in the next version of the plugin.

I will have to talk with our designers about this because…

The “Sucuri API Key” and the “Sucuri Firewall API Key” are two different things.

Sucuri API Key

This key is the one that you can generate for free using the big “Generate API Key” button at the top of the plugin’ page. It takes your domain name and email address and creates an unique identifier for your installation. This key is used to store the event logs in a secure remote storage system managed by Sucuri Inc. When you click the “Recover” button, this is the key that you get back via email.

Sucuri Firewall API Key

This key is the one that you can generate from the Sucuri Firewall dashboard [1] which you can have access to if you are a paying customer. This key is used to authenticate your website against the firewall API to block malicious attacks, visualize the current settings and monitor the traffic in real time. You can only generate and/or recover this key if you are a Sucuri customer.

I go to Sucuri > Settings where I can copy the API Key (in green) and go back to Sucuri Security > Firewall (WAF) and paste that code

Please don’t do this. It will not work.

You can only use the “Sucuri API Key” to authenticate here [2].

You can only use the “Sucuri Firewall API Key” to authenticate here [3].

Since then I updated to WordPress 4.9.4 and the same thing was still happening. I uninstalled, deleted files when prompted, reinstalled Sucuri and then retrieved the API key via email and the same thing is occurring still.

Yes, this is because you are trying to use the free API key to activate a feature that is only available to paying customers. If you don’t have access to the Sucuri Firewall you will not be able to activate that feature with the key that you are getting via email. The key that you currently have can only be used to activate the audit logs.

I’ve got this message at Sucuri Security > Dashboard: “Core WordPress Files Were Modified”. But the info enderneath of that is out-of-date still shwoing an Outdated WordPress under 4.8

I think there are two things here that are adding more to the confusion.

The message “Core WordPress Files Were Modified” is shown because your installation contains six files in the document root that are not part of a normal WordPress installation. Below is a description of each file, you will have to decide to either delete them or mark them as false/positives using the option “mark as fixed”.

• .user.ini: I have no idea what this is.
• fantversion.php: Fantastico website installer.
• sitemap.backup.xml.gz: Regular sitemap.xml file (backup).
• wordfernce-waf.php: Rudimentary firewall script by Wordfence.
• wp-admin/error_log: Generic PHP error log file.
• wp-includes/error_log: Generic PHP error log file.

I’m pretty sure I just need to get this API Key issue fixed so that Sucuri can scan again.

The malware scanner is automatically activated without an API key. You just need the key to activate the audit logs, and if you are a paying customer, you will need another API key to activate the firewall. If what you want is to get rid of that “Outdated WordPress” warning, then just delete this file [4] using the tool available in the settings page under the “Data Storage” panel, this will force the plugin to scan the website once again skipping the cache (the cache is alive for 20 minutes in your server, and 48 hours in the Sucuri servers).

[1] https://waf.sucuri.net/
[2] https://wordpress.sucuri.net/api/
[3] https://waf.sucuri.net/api?v2
[4] /wp-content/uploads/sucuri/sucuri-sitecheck.php

There is an option in the plugin’ settings page that allows you to change the timezone that the plugin uses to display the dates. They are actually registered in our server in PDT but for some reason it gets changed by some hosting providers due to misconfigured PHP installations.

I have been investigating this bug for quite a while and have applied multiple patches to try to fix it, but so far no complete solution have been found, there is always an user that reports an inconsistency in their logs, there seems to be many edge cases.

Give the “Timezone” setting a try and see how it goes.

Here someone said it works [1] give it a try maybe it works for you too.

[1] https://wordpress.org/support/topic/time-settings-2/#post-10074559

There is an option in the plugin’ settings page that allows you to change the timezone that the plugin uses to display the dates. They are actually registered in our server in PDT but for some reason it gets changed by some hosting providers due to misconfigured PHP installations.

I have been investigating this bug for quite a while and have applied multiple patches to try to fix it, but so far no complete solution have been found, there is always an user that reports an inconsistency in their logs, there seems to be many edge cases.

Give the “Timezone” setting a try and see how it goes.

Your current session will expire once the form is submitted.

The message is in red for awareness, it’s not an indication of a problem.

I will ask one of our designers to change the color to something less aggressive, maybe yellow. The message itself is trying to warning you that, if you click that button, your current session will immediately expire because the WordPress security keys will change. You will be able to log into your admin panel once again after the keys are modified.

Unfortunately, the plugin doesn’t offers any option or tool to allow you to block HTTP requests coming from a specific source. This features are already implemented in our firewall (which is a paid service), to avoid duplication of code we have opted to leave these features out of the plugin.

However, you can use Fail2Ban — http://www.fail2ban.org/

Or a WordPress Firewall plugin (there are some free options out there).