I have a self-referring scripts or misconfigured plugins

I received an email from Siteground stating, "You have a self-referring scripts or misconfigured plugins that are using your server IP and generating traffic as well." and provided this screenshot. I was hoping I could get assistance with figuring out what's causing this and how to resolve it..? :slight_frown:

https://drive.google.com/a/siteground.com/file/d/0B8NTc9rBev-pN0hfSHJsclZmZzg/view?usp=drivesdk

  • Denitsa

    Hello Sammy,

    I'm very sorry for the confusion I might have caused! I was referring to those:

    The first one shows the admin-ajax.php script and that it has been called repeatedly. To leverage those call, I suggested following an article. That advises on installing the Heartbeat Control plugin (installed just like your everyday regular normal WP plugin).
    Then to configure it, go to Tools -> Heartbeat Control. It's shown with steps in the last part of the article (if you check the webpage again, you'll be able to zoom on the screenshots):

    The second thing I was talking about was the wp-cron.php script visible on your screenshot too. In the article I linked, there's a video on disabling it in order to prevent the resource usage caused by it.

    You need to open the wp-config.php file either via FTP or using cPanel as explained in the article, then add the line
    define('DISABLE_WP_CRON', 'true');
    somewhere around line 37, that should be just below the line that says
    define('DB_COLLATE', '');
    Then there's a detailed explanation with screenshots on substituting that via cPanel.

    Have there been reports about Defender causing this type of issue already from other customers?

    No, this is rather strange and shouldn't be something caused by the Defender plugin usually. I see you have support access granted for feedbackscout.com, is this the site in question? If yes, will it be okay if I troubleshoot this further via your WP admin, I may need to instal some plugins such as the Query Monitor plugins to see the resource usage in detail?

    Looking forward to hearing back!

    Regards,
    Denitsa

  • Sammy

    Thanks for the clarification Denitsa. I appreciate that very much.

    Well, I hope this is good news, but after I didn't hear back from you here, I reached out, one last time, to Siteground's support. After being tossed around from support to support person (ugh!), I finally got to a person that said he believes he's found the problems and had resolved them. He also provided a brief explanation. Fortunately, his explanation seemed logical and didn't overcomplicate the matter (so glad it wasn't a huge disaster). I thought I'd post here what the support person (Soron Filimon) explained (thank you Soron!).

    I'm interested to know your thoughts on the action that was taken..?
    -----------------------------------
    Hello Sammy,

    I managed to fix the issue without restoring the website from our backups. The changes I did are:
    Code:

    1. Replaced the current .htaccess file with a new one containing the default Wordpress code. Old .htaccess can be fount in public_html/feedbackscout.com/.htaccess.TID2217238

    Code:
    2. Changed the CloudFlare status for SSL support to Full(Strict) as it was Flexible. It has to be set to Full(Strict) since you have a SSL certificate enabled for this website.

    At this time, https://feedbackscout.com/wp-admin is working as expected.

    You may need to clear your browser's cache before accessing the website.

    If you need further assistance on this or any other matter do not hesitate to contact us again.

    -----------------------------------

    Thanks Again Denitsa!

    Regards,
    Sammy

  • Sajid

    Hi Sammy,

    1. Replaced the current .htaccess file with a new one containing the default Wordpress code. Old .htaccess can be fount in public_html/feedbackscout.com/.htaccess.TID2217238

    I am concerned about this point. Since there is some server sided rules to enable some security modules like Prevet PHP execution.

    So this might cause that not to work. You may need to revisit WP Defender -> Security Tweaks page and follow the recommendations again.

    Same for any other plugin that writes some rules in .htaccess file like Hummingbird plugin.

    Hope that helps! Feel free to post a reply if you need further assistance :slight_smile:

    Best Regards,
    Sajid - WPMU DEV Support