Error on Scan report in defender

So I am setting up Defender. Everything seems to be going well except...I ran a scan and it found I have 3 issues in "Wordpress Core Integrity". When I click on the "Fix Issue" button I get an error page that says "Your server resource usage is too close to your limit. Please try again in 15 minutes." It has been saying this for 4 hours.

  • Hoang Ngo

    @davydsmith,

    I hope you are well today.

    That's because the Defender detect that your system CPU usage was too high. We can remove the limit by add this code to your theme functions.php or use mu-plugins

    add_filter( 'wd_limit_cpu', 'wd_limit_cpu' );
    function wd_limit_cpu() {
    	return 100;
    }

    Also, I saw your website currently running 5.2.17, which is a very very old version, perhaps please update to newer version, like php 5.4.

    If you have any additional issues, please let us know and we'll be happy to help.

    Best regards,
    Hoang

  • Davyd

    I use Bluehost as my host. there are a lot of choices for the upgrade of the PHP instance. I don't know what I am doing exactly, what should I choose?

    Here is the text from the page about Bluehost PHP Configuration:

    If you are not familiar with these options, do NOT change them.
    This can cause all PHP scripts on your site to stop functioning if misconfigured.
    NOTES:
    If you have custom handlers specified in ~/public_html/.htaccess, changing these settings can overwrite them. If you are not sure, make a backup of ~/public_html/.htaccess before changing settings.
    PHP 5.4
    All files with the extension .php will be handled by the PHP 5.4 engine.
    Legacy PHP with security updates. Compatible with most environments.
    PHP 5.4 (Single php.ini)
    Same as PHP 5.4, but all subdirectories will use ~/public_html/php.ini
    PHP 5.4 (FastCGI)
    All files with the extension .php will be handled by PHP 5.4 FastCGI processes.
    FastCGI for PHP makes all your PHP applications run through mod_fastcgi instead of mod_suphp. This eliminates the overhead of loading the PHP interpreter on every hit. Since it is always in memory ready for the next hit, the responses will be generated faster.
    PHP 5.6 [Beta, check site functionality for compatibility after enabling]
    All files with the extension .php will be handled by the PHP 5.6 engine.
    Latest version of PHP.
    PHP 5.6 (Single php.ini) [Beta, check site functionality for compatibility after enabling]
    Same as PHP 5.6, but all subdirectories will use ~/public_html/php.ini
    PHP 5.6 (FastCGI) [Beta, check site functionality for compatibility after enabling]
    All files with the extension .php will be handled by PHP 5.6 FastCGI processes.
    FastCGI for PHP makes all your PHP applications run through mod_fastcgi instead of mod_suphp. This eliminates the overhead of loading the PHP interpreter on every hit. Since it is always in memory ready for the next hit, the responses will be generated faster.
    Additional extensions available for Installation
    Http
    Magick Wand
    Mail Parse
    OAuth
    OCI8
    Upload Progress
    IonCube
    SourceGuardian
    Notice: Be aware that this only modifies your ~/public_html/php.ini file. If you apply these changes, please confirm that your other php.ini files are up-to-date for the appropriate version of PHP you're using. We highly suggest using the "Single php.ini" option for your desired version of PHP, to ensure that the proper php.ini is being applied for your site's software. If you choose to use PHP 5.4, you'll want to make sure your crons use "/usr/php/54/usr/bin/php" instead, as otherwise it will use PHP 5.2.
    Your current ~/public_html/php.ini will be backed up.

  • Adam Czajczyk

    Hello Davyd!

    Not sure what you mean by "use mu-plugins"

    An "mu-plugin" stands for Must Use plugin. That's basically a code in a file that sit's in a /wp-content/mu-plugins folder. It works pretty much the same way as a code added to functions.php file but it shows up on your plugin list (in "MU plugins" tab) and will work even if you switch theme.

    That said, if you added code to "functions.php" file it should work the same way.

    I don't think I can update the PHP, I think my host manages that. but will check.

    Usually this can be changed via server management panel such as e.g. cPanel. Some hosts doesn't allow their users to change though so if this is the case please get in touch with them and ask them if they could help you with this.

    Please let us know about it and in case PHP upgrade didn't help or they were not able to help you with this, we'll investigate the issue further.

    Best regards,
    Adam

  • Adam Czajczyk

    Hello Davyd!

    I'm really glad it's now working for you :slight_smile:

    As for detected files:

    - you may safely delete all "error..." files; these error logs come from your server and they'll just be recreated in case server would need to leave you any error information

    - the "ssv3_directory.php" file - that one doesn't seem to belong to your WP install unless you're using come plugin that works in a bit "uncommon" way. By design however, there shouldn't be no such file there and surely WP and any "properly written" plugin shouldn't be adding it in WP inistal root folder

    - the "500.php" file - the name suggests that this is an "error page" file for "500 Internal Server Error"; again, WordPress itself doesn't put such file in a root folder so I think that's a file that was either automatically added there by your server or a "leftover" from the default "placeholder site" that was created when you setup your hosting account

    - the /wp-admin/network/upgrade.php file - that's the core WP file an shouldn't be removed; it takes care of network-wide WP core updates/upgrades so this is an alert worth checking. What I'd do I would download a WordPress package (the very same version that's currently powering your site) and then compared content of that file: if both files are the same then that'd be a "false positive" an if there's a difference I'd then re-upload that file from downloaded package to your site and re-run Defender scan.

    I hope that helps!
    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.