How does it work?
We’ve often encountered a situation where scanning the server for WordPress sites made the WordPress Toolkit completely unresponsive. After some digging, we found that, most of the time, it is malware infection on one or more WordPress sites on the server that causes this problem. This caused WordPress Toolkit not to properly access certain important files. So it was doomed to eternally wait for files, while not responding to any commands.
To address this issue, we added a reasonable timeout for certain WordPress Toolkit operations. The suspicious WordPress websites that WordPress Toolkit finds now go into quarantine mode:
1. Email notification is being sent. Notification text and recipients can be configured under Tools & Settings > Notifications > "WordPress installation is quarantined" for admin/reseller/customer.
2. WordPress Toolkit mark website as "Quarantined" under the Wordpress Toolkit (see image above).
3. WordPress Toolkit will skip website from all the automatic tasks such as an update and etc.
What if it is not a malware?
I receive notifications, but websites are not infected by malware, what can be done?
This might be caused by performance issues on one or several websites. For example, a plugin might continuously run a cron task which causes the timeout, which in turn causes the quarantine. Try increasing the value of the following option in the panel.ini file:
CONFIG_TEXT: [ext-wp-toolkit]
wpCliTimeoutRegular = 180
wpCliTimeoutMaintenanceTimeout = 180
Comments
13 comments
Hello Anton,
i actually increated time value from 60 to 300, but still no solution for the site in question, i even cleaned it from malware, but still no solution, can you please advise?
Hello @Prodesignerch
I suggest you check once again that WordPress configuration files for website is not corrupted, and there are no malware there. If everything looks good please submit ticket to us: https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-
For domains that are disabled/suspended in Plesk, how do we prevent those from generating the "Suspicious WordPress installation found" notice every day? We get this email from Plesk for the suspended domain:
The following WordPress installations are quarantined:
Website "Site Name" (https://site.domain): WordPress Toolkit was not able to finish running an operation on this site in 60 seconds, so the operation was terminated. This could mean that your WordPress installation might be infected with malware. Check the wp-config.php file of the installation for potential malware code or run an anti-virus scan. If you cannot find any traces of malware, try running the operation again later.
In the panel.ini editor it makes me change only the description and not the value.
Hello Chris Maxwell,
We will clarify the described behavior and will provide you the information.
Hi Ivano Diodati,
Please note that it is possible to edit the panel.ini file under the Editor tab of the Panel.ini Editor extension.
The Viewer tab shows just available and configured parameters. Indeed, it is possible to set just the Description there.
Hello Chris Maxwell,
I would like to inform you that there was confirmed a bug EXTWPTOOLK-5398.
Indeed, notifications are still sent for the suspended/disabled domains. Thank you for bringing our attention to this fact.
You may keep tracking of the Plesk Change Log to see when the bug will be fixed.
I was experimenting the same issue, so I installed the Panel .INI Editor and then checked all the timeout settings for [ext-wp-toolkit], please note that by default this key do not exist in the panel.ini file, so I added with the following parameters, please save the default vales in a text file before adding the customized values.
This vales are acording my web server actual performance, keep on mind some server are more faster than others, so you have to adjust the values tinking on that.
This my example of configuration.
[ext-wp-toolkit]
; WordPress Toolkit Settings for instances by Alfredo Funez
httpCheckTimeout = 30
httpCheckTimeoutCloudLinux = 60
httpTimeout = 30
remoteManagementAgentHttpRequestTimeout = 60
remoteManagementAgentInstallingPluginTimeout = 1600
remoteManagementAgentTimeoutBeforeAttempt = 30
wpCliTimeoutHeavy = 3600
wpCliTimeoutMaintenanceEnabled = true
wpCliTimeoutMaintenanceTimeout = 1800
wpCliTimeoutMedium = 1800
wpCliTimeoutRegular = 900
wpCliTimeoutRegularEnabled = true
wpCliTimeoutScanRemoteServerEnabled = true
wpCliTimeoutScanRemoteServerTimeout = 1800
After adding this values go to Wordpress extension and select filter of quaratined instances, the click on refresh button each one :
We have same issue . Our sites are down . How to fix. quick please ?
https://gyazo.com/812cd152f61bcdacd4986d76cae9e927
We have live sites running on plesk , what do we do now ?
If the plesk task manager is busy and cannot comply within $timeout it will disable the WP instance.
In such a case, there is absolutely no reason to assume malware. The whole thing seems like rough implementation of a good idea. please revisit this component.
This tool is not well explained. It's not clear what activates this problematic feature, what exactly it does, where is it configured on the server, and how can the serve owner fully control its own server, removing it.
I really hate it!
I believe this article has an error, it should be:
[ext-wp-toolkit]
wpCliTimeoutRegularTimeout = 180
wpCliTimeoutMaintenanceTimeout = 180
Please sign in to leave a comment.