WP Defender continually scanning/reporting

I have automated weekly scans setup, however this morning I woke up to find 16 emails from WP Defender between 1.00am and 9.00am from one site. Reports indicate no errors as per below.

WP Defender here, reporting back from the front.
I've finished scanning your site for vulnerabilities and I found nothing - well done for running such a tight ship!
Keep up the good work! With regular security scans and a well-hardened installation you'll be just fine.

Does anyone know why this is happening

  • Nithin

    Hi netsolau,

    Hope you are doing good today. :slight_smile:

    Automated scans works based on wp-cron jobs, maybe your system have automatically queued some scans to be performed, but I'm not sure about it, without going through your configurations. Could you please grant support staff access so that we can take a closer look.

    You can grant access from WPMU DEV > Support > Support Access > Grant Access or see this manual.
    http://premium.wpmudev.org/manuals/wpmu-dev-dashboard-enabling-staff-login/

    Have a nice weekend. :slight_smile:

    Kind Regards,
    Nithin

  • Nithin

    Hi netsolau,

    Hope you are doing good today. :slight_smile:

    I checked your website, and I couldn't find any related issue that would have caused this. Could you please enable debug mode, so that I could forward these information to the developer.

    To enable it, open your wp-config.php file located inside your root directory, and look for define(‘WP_DEBUG’, false);. Change it to:

    define('WP_DEBUG', true);

    In order to enable the error logging to a file on the server you need to add:

    define( 'WP_DEBUG_LOG', true );
    define( 'WP_DEBUG_DISPLAY', false );

    The errors will be saved to a debug.log file inside the /wp-content/directory, you'll have to attach this file in your next reply in txt format.

    Please do note that the log file is only useful when the automated scans are performed while the debug mode is enabled. You'll have to either change the automated scan to a closer day, and check whether you are getting multiple emails, if yes, debug.log might log any errors related to it. Or you'll have to wait till your current scheduled time for automated scan to happen, inorder to share the debug.log file.

    Please let us know how that goes, let us know if you have any doubt. Have a nice day. :slight_smile:

    Kind Regards,
    Nithin

  • Rupok

    Hi netsolau, hope you had a wonderful day.

    In any case if it requires this much resources

    Actually defender doesn't require this much resource. I've a dedicated server with only 128MB RAM in total. Well, that site can't handle too much load, but defender is working fine on that site. I believe, this is your site specific issue as I could not regenerate this on my test site, even in a lower ram machine.

    I believe Hoang Ngo suggested this for a reason. Can you temporarily increase allocated memory (if possible) as he suggested and let us know the result? I'll ping Hoang Ngo to check this as soon as you confirm.

    Have a nice day. Cheers!
    Rupok

  • netsolau

    I cant temp increase this value, as its on a production cPanel server and not a test server. Minimum RAM for cPanel is 1GB, and we have 10 servers all on 8GB RAM. With 128M RAM its not an accurate reflection of a production system, and the load any one server could be under when a scan is performed. We are currently using iThemes Security and WordFence without this issue.

    I will try to put some time aside on a test site to get some more samples, I will report back here when I have that.

    In the meantime, I did see warnings on line 74 of plugins/wp-defender/app/module/scan-module/component/class-wd-core-integrity-scan.php
    ---
    foreach ( $files_need_scan as $file ) {
    [...]
    $checksum = md5_file( $file );
    }

    It shows "fails to open stream: No such file or directory". Despite this, the plugin sends an email advising that 0 issues were found and all is well. It sends 12 of these every 45 minutes or so.

    It would be good add some code to test if the file exists, then log the file name if it cant be opened.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.