Applicable to:
- Plesk for Linux
Symptoms
-
WordPress Toolkit scan is stuck indefinitely.
-
WordPress instances cannot be listed via CLI:
# plesk ext wp-toolkit --list
-
The following command shows WordPress Toolkit keeps scanning WordPress instance from example.com domain:
# ps awufx | egrep sw-engine-fpm\|wp-toolkit | egrep -v egrep
root 31045 0.0 0.0 471828 8544 ? Ss Apr12 0:03 sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
psaadm 9813 0.0 0.0 498088 46672 ? S 07:28 0:00 \_ sw-engine-fpm: pool plesk
sysuser 9860 83.3 0.0 330992 25612 ? R 07:28 367:22 | \_ /opt/plesk/php/7.0/bin/php -d safe_mode=off -d display_errors=off -d opcache.enable_cli=off -d open_basedir= -d error_reporting=341 -c /var/www/vhosts/system/example.com/etc/php.ini /usr/local/psa/admin/plib/modules/wp-toolkit/vendor/wp-cli/wp-cli/php/boot-fs.php --path=/var/www/vhosts/example.com/httpdocs instance info --format=json --check-updates=true -
Unable to manage domain example.com going to Domains > example.com, it keeps loading indefinitely.
-
Checking related processes with strace confirms that the processes are stuck:
# strace -p31045
Process 31045 attached
epoll_wait(9, {}, 1, 47) = 0
epoll_wait(9, {}, 1, 1000) = 0
epoll_wait(9,# strace -p9813
Process 9813 attached
select(20, [17 19], [], [], NULL# strace -p9860
Process 9860 attached -
WordPress instance installed in domain example.com is infected with malware:
# ls -lha /var/www/vhosts/example.com/httpdocs
-rw-r--r-- 1 sysuser psacln 395K Jun 14 2016 adminer.php
-rw-r--r-- 1 sysuser psacln 211K Jun 12 2018 .cnrig.cacert.pem
-rw-r--r-- 1 sysuser psacln 573 Oct 11 2017 index.php
-rw-r--r-- 1 sysuser psacln 3.3K Jun 16 2016 wp-config.php
-rw-r--r-- 1 sysuser psacln 6.4K Jun 1 2018 obiseug.php
-rw-r--r-- 1 sysuser psacln 6.4K Jun 1 2018 qtiuer.php
-rw-r--r-- 1 sysuser psacln 7.2K Nov 29 2017 readme.html
...
Cause
This is WordPress Toolkit extension bug ID #EXTWPTOOLK-2094 which is fixed since WordPress Toolkit 4.1.0. When WordPress Toolkit scans the WordPress instances, it is stuck infinitely on the same instance when a WordPress instance is infected by malware.
Resolution
As a workaround:
-
Connect to the server via SSH
-
Stop sw-engine service:
# service sw-engine stop
-
Kill all the stuck processes:
# for PID in `ps awufx | egrep sw-engine-fpm\|wp-toolkit | egrep -v egrep | awk '{print $2}'`; do kill -9 $PID; done
Verify that there aren't more stuck processes, in case there are more processes run again the previous command:
# ps awufx | egrep sw-engine-fpm\|wp-toolkit | egrep -v egrep
(Empty Output) -
Disable the affected WordPress instance renaming wp-config.php file:
# mv /var/www/vhosts/example.com/httpdocs/wp-config.php{,.disabled}
-
Start sw-engine service:
# service sw-engine start
Comments
2 comments
Hi!
Trying killing process reults in "kill: (<pif>) - No such process", because the wp-toolkit process is dying and restarting very fast.
Can't kill it, ether using kill with pid number nor pkill using names associated.
@Jorge have you tried the full command:
for PID in `ps awufx | egrep sw-engine-fpm\|wp-toolkit | egrep -v egrep | awk '{print $2}'`; do kill -9 $PID; done
If wordpress processes are restarting periodically please open a support ticket with us https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-
Please sign in to leave a comment.