Hardener/Scan issues from Defender

Having a few problems with Defender:

1) Hardener always says I'm not running the current version on Wordpress?

Also get 2 other issues: Prevent Information Disclosure and Prevent PHP execution, but there is no clear information. Both say "Your website currently run on , which has not yet supported. Please contact our support for more information"

2) When Scan finishes there are 2 errors in code somewhere that show up at the top of the screen, but I can't see them entirely. I don't know where or what they are related to.

Screenshots attached for all issues.

  • faydra_deon
    • WordPress Warrior

    It may have everything, a few things and/or nothing to do with the errors, but it's good information for the staff to know.

    They can troubleshoot your issue faster if there are known issues with this or that particular host or this or that type of hosting.

    Some issues are totally host-related, even though our first thought is that it's the plugin/theme that we've loaded and can't get to work properly. Some hosts block this or that script or port and others block other scripts or ports. Different hosts also have different versions (older/newer) of PHP/MySQL. Some restrict memory limits. Some are more liberal with limits. Some hosts of WordPress-specific hosting allow you access to everything. Some restrict your access to certain things and they control that functionality. All of these are things that can affect how plugins/themes work or don't work with the WordPress platform.

    Again, your host may have nothing to do with the errors, but if that's the case then that's something that can be eliminated early in the troubleshooting process.

    Faydra...

  • Nastia
    • Support Rock Star

    Hello Katrina, I hope you are doing well today!

    It looks like Defender can't read the current version of the WordPress. I see you are using another security plugin - WordFence, would you please disable it and test again?

    Using more than one security plugins on your installation may cause issues.

    Let us know how it goes!

    Cheers,
    Nastia

    • Enduring Epilepsy (Katrina)
      • Recruit

      I gave it a shot... Same results. :worried: Sorry to say I'm becoming very concerned about the investment in WPMU.

      I'm having this problem with Defender and had another issue with Hummingbird, that we found I can't use the minification if I want to use the WPMU themes with another of my plugins. (Not thrilled about that, trying to improve the site overall.)

      Is this common? Will these issues be fixed with updates? or would it be better if I use basic WP themes?

    • Enduring Epilepsy (Katrina)
      • Recruit

      I gave it a shot... Same results. :worried: Sorry to say I'm becoming very concerned about the investment in WPMU.

      I'm having this problem with Defender and had another issue with Hummingbird, that we found I can't use the minification if I want to use the WPMU themes with another of my plugins. (Not thrilled about that, trying to improve the site overall.)

      Is this common? Will these issues be fixed with updates? or would it be better if I use basic WP themes?

      • faydra_deon
        • WordPress Warrior

        Just FYI, both Defender and Hummingbird are new plugins in the WPMU DEV respository. Hummingbird was introduced to the community on 25 February 2016. Defender was introduced to us on 03 March 2016. Apologies if you already know that.

        I mention it in answer to your questions of "Is this common? Will these issues be fixed with updates? or would it be better if I use basic WP themes?"

        Most developers create plugins and test them with the default WordPress themes moreso than any other themes, unless they have their own themes, like Upfront, so the plugins most likely work fine with all WordPress default themes or at least the latest WordPress default theme.

        As for the issues being common, I would say there are going to be lots of issues until the plugins are tried and tested more and more on different hosts, with different themes and in conjunction with other plugins, and eventually issues will be fixed and updated as they arise.

        If you look at the bottom of the following page: https://premium.wpmudev.org/project/wp-defender/ you'll see a lot of "coming soon" features.

        To your other three questions:

        How often does Defender scan the site? You can schedule scans, so it's up to you.
        Does it block unauthorized login attempts? I didn't see anything on the page I mention above about it blocking unauthorized login attempts.
        Does it look over files for conflicts or issues? It does "scan core files for changes" and can also "repair and restore changed files."

        I use a plugin called IP Blacklist Cloud to block unauthorized login attempts, and I also use WP Security Audit Log to get a line-item-by-line-item list of everything that happens on my site.

        I'd say you'd need those two plugins, or ones similar to them, if you're going to go with just Defender and disable Wordfence.

        I hope that helps.

        Faydra...

  • Enduring Epilepsy (Katrina)
    • Recruit

    I just signed up for WPMU so I've got a lot of plugins installed right now while I familiarize myself with the WPMU ones.

    Before I disable Wordfence, I need to know a few things:

    How often does Defender scan the site?
    Does it block unauthorized login attempts?
    Does it look over files for conflicts or issues?

    These are the main reasons I use Wordfence and why I hesitate to disable it. I have hackers from Russia, etc try to login all the time. It's the security settings for my login and Wordfence that keeps them out. I get at least 2-3 emails a week about an attempted login being blocked, added to my black list.

    Just very important right now. Need to cover all my bases.

  • Nastia
    • Support Rock Star

    Hello @enduringepilepsy

    W

    How often does Defender scan the site?

    At the current time, as faydra_deon have mentioned, the defender runs only once, after you choose to scan your page. If you choose to enable Automated Scans, it will be running automatically at the date and time you choose.

    In the future updates there will be an option to run scan non stop

    Does it block unauthorized login attempts?

    No, the plugin does not block unauthorized login attempts and it does not block user's IPs

    Does it look over files for conflicts or issues?

    The Defender scans for volnurable files that may become an easy target for attackers. It detects suspicious behavior in your system files.

    Regarding the Warnings shown, they mean that the Defender is trying to access and modify the .htaccess file and the permission is denied.

    Please access your directory using FTP or cPanel File Manager, and change wp-includes folder permissions level to 755

    More information about WordPress file Permissions:
    https://codex.wordpress.org/Changing_File_Permissions

    If you need an assistance with changing file permissions, please send to us your credentials. You can send credentials by using our secure contact form https://premium.wpmudev.org/contact/

    Please include the following information:

    - Mark to my attention, the subject line should contain only: ATTN: Nastia
    - WordPress admin username
    - WordPress admin password
    - Login url
    - FTP credentials (host/username/password)
    - Link back to this thread for reference
    - Any other relevant urls

    Select “I have a different question” for your topic.

    If you keep support access active then no need to send in wp-admin credentials.

    Look forward to hearing back!

    Cheers,
    Nastia

    • Enduring Epilepsy (Katrina)
      • Recruit

      Thank you Nastia. I'm at a critical point with my organization and building the site right now so having all of this information is very important. I didn't know what was causing the errors, so I will send you my info for changing the .htaccess file to get things ok.

      With regard to Defender, how long do you think until the additional features roll out? With making the changes to .htaccess would I be able to use both it and Wordfence? At least until the Defender features are released?

  • Hoang Ngo
    • Code Slayer

    Hi @enduringepilepsy,

    I hope you are well today and I'm sorry for the issue.

    I've just released a new version of Defender, can you please try? It should fix your current issue, I believe.

    If you have any additional issues, please let us know and we'll be happy to help.

    Best regards,
    Hoang

  • Hoang Ngo
    • Code Slayer

    @enduringepilepsy,

    I hope you are well today.

    Your CPU load seems high, so I turn off the scan. I would like to take a look at your site, as this might be relate to server config, can you please send in:

    - Mark to my attention - ATTN: Hoang Ngo
    - Link back to this thread
    - Include admin/network access
    - Include cPanel (I will need to look at the DB so need PHPMyAdmin or similar)
    - Include FTP
    - Include any relevant URLS for your site

    On the contact form, select "I have a different question", this ensures it comes through and gets assigned to me.

    Thanks!!.

    Best regards,
    Hoang

  • Hoang Ngo
    • Code Slayer

    Hi again,

    There is an issue on your server, which prevent WordPress function _version_check(). To know exactly the error, can you please grant write permission to my FTP account, apply to all files inside your webroot?

    I'm sorry for this inconvenience, and many thanks for your patience.

    Best regards,
    Hoang

  • Hoang Ngo
    • Code Slayer

    Hi Enduring Epilepsy (Katrina),

    I hope you are well today and I'm sorry for the confusion :slight_frown:.

    I mean, the FTP account you setup for me before, working. However, that account doesn't have enough permission to modify files inside wp-includes, wp-admin. So what I need is ability to modify all files inside your webroot.

    If you using cPanel, or other hosting control, you can send me, so I can update the permissions for the FTP account, I think that simpler for you?

    Can you please send in:

    - Mark to my attention - ATTN: Hoang Ngo
    - Link back to this thread
    - Include cPanel
    - Include any relevant URLS for your site

    On the contact form, select "I have a different question", this ensures it comes through and gets assigned to me.

    Thanks!

    Best regards,
    Hoang

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.