[ Avaa Bypassed ]




Upload:

Command:

hmhc3928@18.222.112.45: ~ $
��`+&�2%�23�2%#36I3;�3�3�3�34484	O4Y4t4�4�4�4�4=�6)7�I8�;�=��?��@5�B'�BC%E1EMEUE^E'xE�E�E�E�EF)%FOF mF��F-sG�G#�G#�G�G$H38HlH�tH.I25I
hKvK}K�K$�K	�K�KB�MF%N3lO	�P�P�P	�P�P�P3�P
"Q-Q"4QWQ$]Q'�Q(�Q�QV�Q:ES;�S��S�T�Ts�TqAUW�U
VV)V)8VbV�V6�V"�V4�V1WAW�SW��W�X�Y*�Y7"ZZZsZzZ5�["�\H�\^8]	�_"�_�_�_C�_5`*T``
�`�`7�`	�`�`�`	
a
a"a(a1a8a.DaHsa1�a	�a�ab,bBDb�b�b��btc��d�e�e�e�e�e�e$�eff3f;fQf1Wf4�f�f�f �f>�f+gHg
Og1]g�g�g	�h
�h	�h0�h&�h'"iJiYiki)�i'�i�i�i:jk>j�k�k�k$�k$l1l8lElYlml�l	�l�l6�l*�l*m0>m*om+�m+�m1�m+$nWPn:�nB�n&o<oHo	Qo[otoW�og�o4Kp�p�p�p	�p�p
�p�p�p�p�p	qqs�6sku/{v^�w�
y)�z�z�z
{{,{TI{�|�|
�|/�|�|�|(}7>} v}(�}�}��}(l������
����f��)(�6R�p����	�-
�.8�
g�Yr�8̃�(�;�U�e�v�������
���ńX�l���������І.��)0�Z�,^�������������χ�����0�E� Y�z���/��׈C�6�L�]��j�#P�t�{����������5j�!��ŽҎێ%��/�N�V�p�������Ǐُ$�$�	3�=�$J�1o�	����(����7���1�0�*7�bb�>Œ.�X3�.��_��2�SN�6��8ٔ4�6G�4~�5��3�5�3S�?��CǖE�:Q�;��ȗؗ��
	��!�:�"C�f�+~�����˘
ט��������#'�K�T��d��
�C�]�
m� x�0��	ʛ	ԛPޛ/�8�
N��Y�
G�U�g�!��(��"ϝ#�V�/m����� ğ(���_��T�VX�|��},����2�9�T�l�/�� ��ۣ"��"�3�H�a�q� }���9��"��v�������å�ϥ\S�5��+�<�
O�)Z�$��$��1ά/�\0�(��O���*
�Q5����6\�����>���/��Ѻ�3f�Y��#���4�4F�.{�N��9��E3�Sy��������#�#2�gV�����+��8�TV�&��>������������y���	��	����������"�4�I�N�W�f���&��������T��J<�<����g��NI���!��H��
"�0�9�?�X�`�Cl�	����.��6��X(�������.��&���������4�%=� c���-��+��G�� A�b�*��&������W[�C��<���4�E��;��\:���#��������� �9�O�e�y����� ��������
��
�&�5�M�U�de�%��3��%$�6J�;����������9�	P�Z�u���������=��*��J���������5��'��'3OW`'z����)'Q o��-u�#�#�$3:n�v027
jx�$�	��B�F'	3n
	���	���3�
$/"6Y$_'�(��V�:G;�����s�qCW�

+):d�6�"�4�3C�U���*�7$\u|5�"�H�^:	�"���C�7*V�
��7�	���	
$*3:.FHu1�	��.BF����v��� � � � � � $� !!5!=!S!1Y!4�!�!�! �!>�!-"J"
Q"1_"�"�"	�#
�#	�#0�#&�#'$$L$[$m$)�$'�$�$�$:%k@%�&�&�&$�&$'3':'G'['o'�'	�'�'6�'*�'*(0@(*q(+�(+�(1�(+&)WR):�)B�)(*>*J*	S*]*v*W�*g�*4N+�+�+�+	�+�+
�+�+�+�+�+,,!.�9.k0/~1^�2�
4)�5�5�5
66/6TL6�7�7
�7/�7�78(87A8 y8(�8�8��8(o:�;�;�;
�;�;f�;)+<6U<p�<�=	>-
>.;>
j>Yu>8�>?(?>?X?h?y?�?�?�?
�?��?[AoA�A�A�A�A�A.�AB)3B]B,aB�B�B�B�B�B�B�B�B�BCCC3CHC \C}C�C/�C�CC�C9DOD`D�mD#SGwG~G�G�G�G��G5mI!�I�I�I�I%�IJ2JQJYJsJ�J�J�J�J�J$�J$K	6K@K$MK1rK	�K�K(�K�K�K7�K�4L3M*:MbeM>�M.NX6N.�N_�N2OSQO6�O8�O4P6JP4�P5�P3�P5 Q3VQ?�QC�QER:TR;�R�R�R�R�R
SS$S=S"FSiS+�S�S�S�S
�S�S�STTT"T#*TNTWT�gTVVCV`V
pV {V0�V	�V	�VP�V2W;W
QW�\W
JXXXjX!�X(�X"�X#�XVY/pZ�Z�Z �Z(�Z�[_�[T\W[\|�\}0]��]6^=^X^p^/�^ �^�^"�^_&_7_L_e_u_ �_�_9�_"�_`v`�`�`�`�`��`\Wb5�c+�c<d
Sd)^e$�g$�g1�g/h\4h(�kO�m
p*qQ9q��q6`s��s�Bt��t/�u�u�w3jxY�x#�z�}44J.N�9�E7�S}�р����'�#6�gZ�‚Ղ+��8!�TZ�&��>ք����͊��}���	��	ĐΐԐ���"�8�M�R�[�j���&����ёؑT�J@�<��ȓg�NM���!��Hݔ
&�4�=�C�\�d�Cp�	����.ƕ6��X,�������.��&֚������4�%A� g���-��+ѝG�� E�f�*��&��֟ߟW_�C��<���8�E��;�\>���#��ƥߥ��$�=�S�i�}����� ��ЦԦ�
��
�&�9�Q�Y�r*`(U%���?�P�ZKg]5S*���,�#'�o|�1H��0��,���6�NBB�G�)7����9M�%�\vn[�+Nl�?��qiw�$Ie9-������O���
x����YJt�
j��>+���R:aV)���77��0��<2s[��O�E��F��9w�
U_�S�XC�h������QO��T�L<
��V��F���(������B�������a�'
�@]���	��H�|�bZ�?��_3(���m�CJd�D�L��P���8s� d2��-���&3�AH�{!8��������lm��pf���!f���\E��cUMI��W�z�"{�'��n�R=#�����8@Y#	]`�^~>G��/I�$�W�PJX�M�p1~D/"���6<D�T�e�x��%�.S)����	\�t���"���V��Eh�-�v����i��4�2�Z4���,R0b������[XQY=1&>cN���:o} u�.y6�:�^zA54�! ����*���.Tr�3��;�yGj��@��gA}�;_+�;k=&������5�q
�`K�������CFL�/k���WuK�$���^Q%d out of %d files have been deleted.%d out of %d option have been successfully imported%d scheduled tasks have been removed.%d tasks has been re-scheduled to run <code>%s</code>.%d tasks has been scheduled to run in the next ten seconds.%s (every %d seconds)%s settings changed%s status has been changed%s was %s; ID: %s; name: %s%s: (multiple entries): %s%s: from '%s' to '%s',(not set)120 failed logins per hour240 failed logins per hour30 failed logins per hour480 failed logins per hour60 failed logins per hour<a href="https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing" target="_blank" rel="noopener">Password guessing brute force attacks</a> are very common against web sites and web servers. They are one of the most common vectors used to compromise web sites. The process is very simple and the attackers basically try multiple combinations of usernames and passwords until they find one that works. Once they get in, they can compromise the web site with malware, spam , phishing or anything else they want.<b>%d</b> out of <b>%d</b> files were successfully processed.<b>WARNING!</b> This procedure can break your website. The reset will not affect the database nor the settings of each plugin, but depending on how they were written the reset action might break them. Be sure to create a backup of the plugins directory before the execution of this tool.<br><br>

<em>Explanation: Someone failed to login to your site. If you are getting too many of these messages, it is likely your site is under a password guessing brute-force attack [1]. You can disable the failed login alerts from here [2]. Alternatively, you can consider to install a firewall between your website and your visitors to filter out these and other attacks, take a look at Sucuri Firewall [3].</em><br><br>

[1] <a href='https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing'>https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing</a><br>
[2] <a href='%s'>%s</a> <br>
[3] <a href='https://sucuri.net/website-firewall/?wpalert'>https://sucuri.net/website-firewall/</a><br>
<em>[1]</em> More information about the <a href="https://sucuri.net/website-firewall/" target="_blank" rel="noopener">Sucuri Firewall</a>, features and pricing.<br><em>[2]</em> Instructions and videos in the official <a href="https://kb.sucuri.net/firewall" target="_blank" rel="noopener">Knowledge Base</a> site.<br><em>[3]</em> <a href="https://login.sucuri.net/signup2/create?CloudProxy" target="_blank" rel="noopener">Sign up</a> for a new account and start protecting your site.<strong>Are you a developer?</strong> You may be interested in our API. Feel free to use the URL shown below to access the latest 50 entries in your security log, change the value for the parameter <code>l=N</code> if you need more. Be aware that the API doesn’t provides an offset parameter, so if you have the intention to query specific sections of the log you will need to wrap the HTTP request around your own cache mechanism. We <strong>DO NOT</strong> take feature requests for the API, this is a semi-private service tailored for the specific needs of the plugin and not intended to be used by 3rd-party apps, we may change the behavior of each API endpoint without previous notice, use it at your own risk.A WAF is a protection layer for your web site, blocking all sort of attacks (brute force attempts, DDoS, SQL injections, etc) and helping it remain malware and blocklist free. This test checks if your site is using Sucuri Firewall to protect your site.A powerful Web Application Firewall and <b>Intrusion Detection System</b> for any WordPress user and many other platforms. This page will help you to configure and monitor your site through the <b>Sucuri Firewall</b>. Once enabled, our firewall will act as a shield, protecting your site from attacks and preventing malware infections and reinfections. It will block SQL injection attempts, brute force attacks, XSS, RFI, backdoors and many other threats against your site.A test alert was sent to your email, check your inboxA total of %s alert events were changedA web cache (or HTTP cache) is an information technology for the temporary storage (caching) of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag. A web cache system stores copies of documents passing through it; subsequent requests may be satisfied from the cache if certain conditions are met. A web cache system can refer either to an appliance, or to a computer program. &mdash; <a href="https://en.wikipedia.org/wiki/Web_cache" target="_blank" rel="noopener">WikiPedia - Web Cache</a>API %s secsAPI Communication via ProxyAPI KeyAPI Key:API Service CommunicationAPI is not available; using local queueAPI key is missingAPI key is not availableAPI key recovery (email sent)API key recovery (failure)API key recovery for domain: %sAPI key successfully generated and saved.API key was generated and setAPI key was successfully set: %sAPI service communication is disabled, if you just updated the plugin this might be a good opportunity to test this feature once again with the new code. Enable it again from the "API Service" panel located in the settings page.API service communication was <code>%s</code>Access File IntegrityAccess control file does not existsAccess control file is not writableAccess denied by %sAccess denied; cannot manage optionsAccess file is not writable, check the permissions.Action:Add your <a href="https://waf.sucuri.net/?settings&panel=api" target="_blank" rel="noopener">Firewall API key</a> in the form below to start communicating with the firewall API service.AdminsAfter you apply the hardening in either the includes, content, and/or uploads directories, the plugin will add a rule in the access control file to deny access to any PHP file located in these folders. This is a good precaution in case an attacker is able to upload a shell script. With a few exceptions the <em>"index.php"</em> file is the only one that should be publicly accessible, however many theme/plugin developers decide to use these folders to process some operations. In this case applying the hardening <strong>may break</strong> their functionality.Alert SubjectAlertsAlerts Per HourAlerts RecipientAll Core WordPress Files Are CorrectAll UsersAll the HTTP requests used to communicate with the API service are being sent using the WordPress built-in functions, so (almost) all its official features are inherited, this is useful if you need to pass these HTTP requests through a proxy. According to the <a href="https://developer.wordpress.org/reference/classes/wp_http_proxy/" target="_blank" rel="noopener">official documentation</a> you have to add some constants to the main configuration file: <em>WP_PROXY_HOST, WP_PROXY_PORT, WP_PROXY_USERNAME, WP_PROXY_PASSWORD</em>.Allow redirection after login to report the last-login informationAn API key is required to activate some additional tools available in this plugin. The keys are free and you can virtually generate an unlimited number of them as long as the domain name and email address are unique. The key is used to authenticate the HTTP requests sent by the plugin to an API service managed by Sucuri Inc.An API key is required to prevent attackers from deleting audit logs that can help you investigate and recover after a hack, and allows the plugin to display statistics. By generating an API key, you agree that Sucuri will collect and store anonymous data about your website. We take your privacy seriously.AnonymousApply HardeningAprilArgumentsAttempt Date/TimeAttempt TimestampAttempt to reset password by attacking WP/2.8.3 bugAudit LogsAugustAvailable Plugin and Theme UpdatesBlockBlock PHP Files in Uploads DirectoryBlock PHP Files in WP-CONTENT DirectoryBlock PHP Files in WP-INCLUDES DirectoryBlock of Certain PHP FilesBlock the execution of PHP files in sensitive directories. Be careful while applying this hardening option as there are many plugins and theme which rely on the ability to execute PHP files in the content directory to generate images or save temporary data. Use the "Add PHP Files to the Allowlist" tool to add exceptions to individual files.Bookmark link added; ID: %s; name: %s; url: %s; target: %sBookmark link edited; ID: %s; name: %s; url: %s; target: %sBy default, the plugin will send the email alerts to the primary admin account, the same account created during the installation of WordPress in your web server. You can add more people to the list, they will receive a copy of the same security alerts.CIDR FormatCMS: %sCache to store the data associated to the installed plugins listed in the Post-Hack page. Expires after %s seconds.Cache to store the result of the malware scanner. Expires after %s seconds, reset at any time to force a re-scan.Cache to store the system logs obtained from the API service; expires after %s seconds.Cannot BackupCannot DownloadCannot InstallCannot delete <code>%s/readme.html</code>Cannot delete content directoryCannot delete uploads directoryCannot remove file from the allowlist; no permissions.Category created; ID: %s; name: %sChanges in <code>%s</code> post-type will be ignoredCheck HardeningCheck Updates NowCheck if the primary user account still uses the name "admin". This allows malicious users to easily identify which account has the highest privileges to target an attack.Check the box if your website is behind a known firewall service, this guarantees that the IP address of your visitors will be detected correctly for the security logs. You can change this later from the settings.Checks if the WordPress README file still exists in the website. The information in this file can be used by malicious users to pin-point which disclosed vulnerabilities are associated to the website. Be aware that WordPress recreates this file automatically with every update.Clear CacheClear cache when a post or page is updatedClear cache when a post or page is updated (Loading...)Codex WordPress HTAccessCommonConfigure the maximum number of email alerts per hour. If the number is exceeded and the plugin detects more events during the same hour, it will still log the events into the audit logs but will not send the email alerts. Be careful with this as you will miss important information.Congratulations! The rest of the features available in the plugin have been enabled. This product is designed to supplement existing security products. It’s not a silver bullet for your security needs, but it’ll give you greater security awareness and better posture, all with the intent of reducing risk.Consider Brute-Force Attack After:Consider brute-force attack after <code>%s</code> failed logins per hourCopy the JSON-encoded data from the box below, go to your other websites and click the <em>"Import"</em> button in the settings page. The plugin will start using the same settings from this website. Notice that some options are omitted as they contain values specific to this website. To import the settings from another website into this one, replace the JSON-encoded data in the box below with the JSON-encoded data exported from the other website, then click the button <em>"Import"</em>. Notice that some options will not be imported to reduce the security risk of writing arbitrary data into the disk.CopyrightCore WordPress Files Were ModifiedCore file marked as fixedCore file restoredCore files that will not be ignored anymore: (multiple entries): %sCore integrity API changed: %sCould not reset the last-logins data file.CriticalCustom FormatDNS LookupsDNS lookups for reverse proxy detection <code>%s</code>DashboardData StorageData is incorrectly encodedDate/TimeDate/Time:DebugDecemberDeleteDelete FileDelete scheduled tasks: (multiple entries): %sDeprecated on 1.8.12; it was used to store a list of blocked user names.Directories will be scanned: (multiple entries): DirectoryDirectory does not existsDirectory is not hardenedDirectory is not usableDirectory used to store the plugin settings, cache and system logsDisableDisabledDisables the theme and plugin editors to prevent unwanted modifications to the code. If you are having problems reverting this please open the wp-config.php file and delete the line with the constant DISALLOW_FILE_EDIT.Disabling the API service communication will stop the event monitoring, consider to enable the <a href="%%SUCURI.URL.Settings%%#general">Log Exporter</a> to keep the monitoring working while the HTTP requests are ignored, otherwise an attacker may execute an action that will not be registered in the security logs and you will not have a way to investigate the attack in the future.Do you want to get vulnerability disclosures? Subscribe to our newsletter <a href="http://sucuri.hs-sites.com/subscribe-to-security" target="_blank" rel="noopener">here</a>Does Not ExistDownloadE-mailE-mail:EditEmail format not supported.Email subject set to <code>%s</code>EnableEnable DNS Lookups On StartupEnabledEnvironment VariablesErrorError hardening directory, check the permissions.Error updating the maximum number of alerts per hourError:EventEvent identifier cannot be emptyEvents generated from this IP will be ignored: <code>%s</code>Execute Now (in +10 seconds)ExistsFailed loginsFailure connecting to the API service; try again.FebruaryFile Editor was not disabled using this tool. You must scan your project for a constant defined as DISALLOW_FILE_EDIT, then either delete it or set its value to False. Any plugin/theme can disable the file editor, so it is impossible to determine the origin of the constant.File PathFile Path:File SizeFile already exists and will not be overwritten.File parent directory is not writable.File should not be publicly accessible.Firewall (WAF)Firewall API Key:Firewall API key was not found.Firewall API key was successfully removedFirewall API key was successfully savedFirewall Audit LogsFirewall SettingsForce execution of scheduled tasks: (multiple entries): %sFormat of the subject for the email alerts, by default the plugin will use the website name and the event identifier that is being reported, you can use this panel to include the IP address of the user that triggered the event and some additional data. You can create filters in your email client creating a custom email subject using the pseudo-tags shown below.General SettingsGenerate API KeyGenerate New Security KeysGenerate new security keys (failure)Generate new security keys (success)GlobalHTTP Header:HTTP Proxy HostnameHTTP Proxy PasswordHTTP Proxy Port numHTTP Proxy UsernameHardeningHardening OptionsHardening applied to the <code>readme.html</code> fileHardening applied to the content directoryHardening applied to the library directoryHardening applied to the plugin and theme editorHardening applied to the uploads directoryHardening reverted in the content directoryHardening reverted in the library directoryHardening reverted in the plugin and theme editorHardening reverted in the uploads directoryHere you can see a list of all the successful logins of accounts with admin privileges.Here you can see a list of all the successful user logins.Here you can see a list of the users that are currently logged-in.Hide Post-Types TableHosting: %sHostnameHostname:Hover to see the PayloadHtaccess file found inI agree to the <a target="_blank" href="https://sucuri.net/terms">Terms of Service</a>.I have read and understand the <a target="_blank" href="https://sucuri.net/privacy">Privacy Policy</a>.I understand that this operation cannot be reverted.IDID: %sINVALIDIP AccessIP Added AtIP AddressIP Address (Hostname):IP Address (Username):IP Address AccessIP Address DiscovererIP Address:IP address discoverer will use DNS lookups to automatically detect if the website is behind the <a href="https://sucuri.net/website-firewall/" target="_blank" rel="noopener">Sucuri Firewall</a>, in which case it will modify the global server variable <em>Remote-Addr</em> to set the real IP of the website’s visitors. This check runs on every WordPress init action and that is why it may slow down your website as some hosting providers rely on slow DNS servers which makes the operation take more time than it should.IP has been trusted: %sIf this operation was successful you will receive a message in the email used during the registration of the API key <em>(usually the email of the main admin user)</em>. This message contains the key in plain text, copy and paste the key in the form field below. The plugin will verify the authenticity of the key sending an initial HTTP request to the API service, if this fails the key will be removed automatically and you will have to start the process all over again.If you are working in a LAN <em>(Local Area Network)</em> you may want to include the IP addresses of all the nodes in the subnet, this will force the plugin to stop sending email alerts about actions executed from trusted IP addresses. Use the CIDR <em>(Classless Inter Domain Routing)</em> format to specify ranges of IP addresses <em>(only 8, 16, and 24)</em>.If you do not have access to the administrator email, you can reinstall the plugin. The API key is generated using an administrator email and the domain of the website. Click the "Manual Activation" button if you already have a valid API key to authenticate this website with the remote API web service.If you experience issues generating the API key you can request one by sending the domain name and email address that you want to use to <a href="mailto:info@sucuri.net">info@sucuri.net</a>. Note that generating a key for a website that is not facing the Internet is not possible because the API service needs to validate that the domain name exists.If your server allows the execution of system commands, you can configure the plugin to use the <a href="https://en.wikipedia.org/wiki/Diff_utility" target="_blank" rel="noopener">Unix Diff Utility</a> to compare the actual content of the file installed in the website and the original file provided by WordPress. This will show the differences between both files and then you can act upon the information provided.Ignore Files And Folders During The ScansIgnore a file or directory:Ignore corrupted post dataIgnored AtIgnored At (optional)Import &amp; Export SettingsIn case you suspect having an infection in your site, or after you got rid of a malicious code, it’s recommended to reinstall all the plugins installed in your site, including the ones you are not using. Notice that premium plugins will not be automatically reinstalled to prevent backward compatibility issues and problems with licenses.InfoInfo:Installed v%sIntegrity diff utility has been <code>%s</code>Invalid API key formatInvalid cache key nameInvalid characters in the email subject.Invalid email format or the host is missing MX records.Invalid last-logins storage fileInvalid number of failed logins per hourInvalid template typeIt checks if your WordPress version is being leaked to the public via a HTML meta-tag. Many web vulnerability scanners use this to determine which version of the code is running in your website. They use this to find disclosed vulnerabilities associated to this version number. A vulnerability scanner can still guess which version of WordPress is installed by comparing the checksum of some static files.It seems that you disabled the email alerts for <b>new site content</b>, this panel is intended to provide a way to ignore specific events in your site and with that the alerts reported to your email. Since you have deactivated the <b>new site content</b> alerts, this panel will be disabled too.JanuaryJulyJuneLast ActivityLast LoginsLast login was at <b>%s</b> from <b>%s</b> <em>(%s)</em> <a href="%s" target="_self">view all logs</a>Last-Logins logs were successfully reset.Last-logins data file is not writable: <code>%s</code>Lines with a <b>minus</b> sign as the prefix <em>(here in red)</em> show the original code. Lines with a <b>plus</b> sign as the prefix <em>(here in green)</em> show the modified code. You can read more about the DIFF format from the WikiPedia article about the <a target="_blank" href="https://en.wikipedia.org/wiki/Diff_utility" rel="noopener">Unix Diff Utility</a>.LinksLinks: %dList of monitored post-types has been updatedList of monitored post-types has been updated.Loading...Local queue to store the most recent logs before they are sent to the remote API service.Local security logs, hardening and settings were deletedLog ExporterLog exporter file path was correctly setLog exporter was disabledLogged-in UsersLogged-in Users}Malware Scan TargetMalware Scan Target:Manual ActivationMarchMark as FixedMarking one or more files as fixed will force the plugin to ignore them during the next scan, very useful when you find false positives. Additionally you can restore the original content of the core files that appear as modified or deleted, this will tell the plugin to download a copy of the original files from the official WordPress repository. Deleting a file is an irreversible action, be careful.Maximum 10 per hourMaximum 160 per hourMaximum 20 per hourMaximum 40 per hourMaximum 5 per hourMaximum 80 per hourMaximum Alerts Per Hour:Maximum alerts per hour set to <code>%s</code>Maximum execution time:Maximum number of emails per hour reachedMayMedia file added; ID: %s; name: %s; type: %sMessage:Missing LibraryModified AtNONENameNever (no execution)New Security KeysNew status: %sNewest To OldestNewest WordPressNext DueNo anomaly detectionNo blackhat SEO spamNo files were foundNo last-logins data is availableNo malicious JavaScriptNo malicious iFramesNo scheduled tasks were selected from the list.No suspicious redirectionsNon-blocked requests are hidden from the logs, this is intentional.Non-core file deletedNonce is invalidNot WritableNote that the firewall has <a href="https://kb.sucuri.net/firewall/Performance/cache-exceptions" target="_blank" rel="noopener">special caching rules</a> for Images, CSS, PDF, TXT, JavaScript, media files and a few more extensions that are stored on our <a href="https://en.wikipedia.org/wiki/Edge_device" target="_blank" rel="noopener">edge</a>. The only way to flush the cache for these files is by clearing the firewall’s cache completely <em>(for the whole website)</em>. Due to our caching of JavaScript and CSS files, often, as is best practice, the use of versioning during development will ensure updates going live as expected. This is done by adding a query string such as <code>?ver=1.2.3</code> and incrementing on each update.Nothing was selected from the list.NoticeNovemberOctoberOld Security KeysOld status: %sOnce the API key is generate the plugin will communicate with a remote API service that will act as a safe data storage for the audit logs generated when the website triggers certain events that the plugin monitors. If the website is hacked the attacker will not have access to these logs and that way you can investigate what was modified <em>(for malware infaction)</em> and/or how the malicious person was able to gain access to the website.Only <b>%d</b> out of <b>%d</b> files were processed.Only GET and POST methods allowedPHP Version: %sPasswordPassword ChangePassword Guessing Brute Force AttacksPassword changed for user #%dPassword retrieval attempt: %sPatternPlugin %s: %s (v%s; %s%s)Plugin API Key RecoveryPlugin deleted:Plugin editor used in: %sPlugin installed: %sPlugin is PremiumPlugin updated:Plugins deleted: (multiple entries):Plugins updated: (multiple entries):Post TypePost Type IDPost deleted: (multiple entries): %sPost moved to trash; ID: %s; name: %s; status: %sPost-HackPost-Type AlertsPost-type has been successfully ignored.ProceedPublicationRe-configure scheduled tasks %s: (multiple entries): %sRead the official WordPress guidelines to learn how to restrict access to PHP files in sensitive directories - <a href="https://codex.wordpress.org/Nginx#Global_restrictions_file" target="_blank" rel="noopener">Nginx Global Restrictions For WordPress</a>ReasonReceive email alerts for available updatesReceive email alerts for changes in the post status <em>(configure from Ignore Posts Changes)</em>Receive email alerts for changes in the settings of the pluginReceive email alerts for core integrity checksReceive email alerts for failed login attempts <em>(you may receive tons of emails)</em>Receive email alerts for new user registrationReceive email alerts for password guessing attacks <em>(summary of failed logins per hour)</em>Receive email alerts for successful login attemptsReceive email alerts in HTML <em>(there may be issues with some mail services)</em>Receive email alerts when a <b>plugin is activated</b>Receive email alerts when a <b>plugin is deactivated</b>Receive email alerts when a <b>plugin is deleted</b>Receive email alerts when a <b>plugin is installed</b>Receive email alerts when a <b>plugin is updated</b>Receive email alerts when a <b>theme is activated</b>Receive email alerts when a <b>theme is deleted</b>Receive email alerts when a <b>theme is installed</b>Receive email alerts when a <b>theme is updated</b>Receive email alerts when a <b>widget is added</b> to a sidebarReceive email alerts when a <b>widget is deleted</b> from a sidebarReceive email alerts when a file is modified with theme/plugin editorReceive email alerts when the WordPress version is updatedReceive email alerts when your website settings are updatedRecommendationsRecover Via E-mailReferer:Refresh Malware ScanRegisteredRegistrationRemove WordPress VersionRequest:Requested action is not supported.Reset Installed PluginsReset Security Logs, Hardening and SettingsReset User PasswordRestore FileReverse IP:Reverse ProxyRevert HardeningReviewReview False PositivesRolesSaveScannerScanner ran a couple of minutes agoScheduleScheduled TasksScheduled tasks are rules registered in your database by a plugin, theme, or the base system itself; they are used to automatically execute actions defined in the code every certain amount of time. A good use of these rules is to generate backup files of your site, execute a security scanner, or remove unused elements like drafts. <b>Note:</b> Scheduled tasks can be re-installed by any plugin/theme automatically.ScriptsScripts: %dSecret keys updated successfully (summary of the operation bellow).Security AlertsSelect AllSelected files have been removedSelected files have been successfully processed.Send LogsSeptemberServer is not fast enough to process this action; maximum execution time reachedSettingsShow Post-Types TableSignature:Since the scanner doesn’t read the files during the execution of the integrity check, it is possible to find false positives. Files listed here have been marked as false positives and will be ignored by the scanner in subsequent scans.Site is CleanSite is not CleanSite registered successfullySkip events for equal transitionsSkip events for ignored post transitionsSkip events for ignored post-typesSkip events for postman-smtp alertsSome types of problems cannot be detected by this scanner. If this scanner did not detect any issue and you still suspect a problem exists, you can <a href="https://sucuri.net/website-security-platform/signup" target="_blank" rel="noopener">sign up with Sucuri</a> for a complete and in-depth scan + cleanup (not included in the free checks).Specified folder is not hardened by this pluginStatusStop Alerts For This Post-Type:Stop Ignoring the Selected FilesStorage is not writable: <code>%s</code>Stores a list of IP addresses trusted by the plugin, events triggered by one of these IPs will not be reported to the remote monitoring API service.Stores a list of files and folders chosen by the user to be ignored by the file system scanner.Stores a list of files marked as fixed by the user via the WordPress Integrity tool.Stores all the options used to configure the functionality and behavior of the plugin.Stores the data associated to every successful user login. The data never expires; manually delete if the file is too large.Stores the data for every failed login attempt after the plugin sends a report about a brute force password attack via email.Stores the data for every failed login attempt. The data is moved to "oldfailedlogins" every hour during a brute force password attack.SubmitSuccessful Logins (admins)Successful Logins (all)Successfully sent to the API:Sucuri API key has been deleted <code>%s</code>Sucuri API key has been deleted.Sucuri API key removedSucuri API key was added manually.Sucuri AlertSucuri Alert, %sSucuri Alert, %s, %sSucuri Alert, %s, %s, %sSucuri FirewallSucuri Inc.Sucuri Inc. All Rights Reserved.Sucuri SecuritySucuri Security - Auditing, Malware Scanner and HardeningSucuri plugin has been uninstalledTarget:Temporarily stores data to complement the logs during destructive operations like deleting a post, page, comment, etc.Test AlertsTest Email AlertTest email alert sent at %sTested WithThe <a href="https://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blocklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.The <code>.htaccess</code> file is a distributed configuration file, and is how the Apache web server handles configuration changes on a per-directory basis. WordPress uses this file to manipulate how Apache serves files from its root directory and subdirectories thereof; most notably, it modifies this file to be able to handle pretty permalinks.The IP address could not be added to the trusted listThe IP specified address was already added.The URL to retrieve the WordPress checksums has been changedThe Unix Diff Utility is enabled. You can click the files in the table to see the differences detected by the scanner. If you consider the differences to be harmless you can mark the file as fixed, otherwise it is advised to restore the original content immediately.The WordPress integrity tool uses a remote API service maintained by the WordPress organization to determine which files in the installation were added, removed or modified. The API returns a list of files with their respective checksums, this information guarantees that the installation is not corrupt. You can, however, point the integrity tool to a GitHub repository in case that you are using a custom version of WordPress like the <a href="https://github.com/WordPress/WordPress" target="_blank" rel="noopener">development version of the code</a>.The alert settings have been updatedThe email alerts will be sent to: %sThe email alerts will be sent to: <code>%s</code>The email subject has been successfully updatedThe event monitor uses the API address of the origin of the request to track the actions. The plugin uses two methods to retrieve this: the main method uses the global server variable <em>Remote-Addr</em> available in most modern web servers, and an alternative method uses custom HTTP headers <em>(which are unsafe by default)</em>. You should not worry about this option unless you know what a reverse proxy is. Services like the <a href="https://sucuri.net/website-firewall/" target="_blank" rel="noopener">Sucuri Firewall</a> &mdash; once active &mdash; force the network traffic to pass through them to filter any security threat that may affect the original server. A side effect of this is that the real IP address is no longer available in the global server variable <em>Remote-Addr</em> but in a custom HTTP header with a name provided by the service.The firewall logs every request involved in an attack and separates them from the legitimate requests. You can analyze the data from the latest entries in the logs using this tool and take action either enabling the advanced features of the IDS <em>(Intrusion Detection System)</em> from the <a href="https://waf.sucuri.net/?settings" target="_blank" rel="noopener">Firewall Dashboard</a> and/or blocking IP addresses and URL paths directly from the <a href="https://waf.sucuri.net/?audit" target="_blank" rel="noopener">Firewall Audit Trails</a> page.The firewall offers multiple options to configure the cache level applied to your website. You can either enable the full cache which is the recommended setting, or you can set the cache level to minimal which will keep the pages static for a couple of minutes, or force the usage of the website headers <em>(only for advanced users)</em>, or in extreme cases where you do not need the cache you can simply disable it. Find more information about it in the <a href="https://kb.sucuri.net/firewall/Performance/caching-options" target="_blank" rel="noopener">Sucuri Knowledge Base</a> website.The information shown here is cached for %%SUCURI.ResetPlugin.CacheLifeTime%% seconds. This is necessary to reduce the quantity of HTTP requests sent to the WordPress servers and the bandwidth of your site. Currently there is no option to recreate this cache.The log exporter feature has been disabledThe log exporter feature has been enabled and the data file was successfully set.The main <code>.htaccess</code> file in your site has the standard rules for a WordPress installation. You can customize it to improve the performance and change the behaviour of the redirections for pages and posts in your site. To get more information visit the official documentation at <a target="_blank" rel="noopener" href="https://codex.wordpress.org/Using_Permalinks#Creating_and_editing_.28.htaccess.29"> Codex WordPress - Creating and editing (.htaccess)</a>The maximum number of alerts per hour has been updatedThe plugin has no permission to delete this file because it was created by a different system user who has more privileges than your account. Please use FTP to delete it.The plugin has no permission to restore this file because it was modified by a different system user who has more privileges than your account. Please use FTP to restore it.The plugin has no permission to restore this file because its directory is owned by a different system user who has more privileges than your account. Please use FTP to restore it.The plugin requires PHP 5 >= 5.3.0 - OR - PHP 7The plugin scans your entire website looking for changes which are later reported via the API in the audit logs page. By default the scanner runs daily but you can change the frequency to meet your requirements. Notice that scanning your project files too frequently may affect the performance of your website. Be sure to have enough server resources before changing this option. The memory limit and maximum execution time are two of the PHP options that your server will set to stop your website from consuming too much resources.The plugin will assume that your website is under a brute-force attack after %s failed logins are detected during the same hourThe post-type is already being ignored (duplicate).The remote malware scanner provided by the plugin is powered by <a href="https://sitecheck.sucuri.net/" target="_blank" rel="noopener">Sucuri SiteCheck</a>, a service that takes a publicly accessible URL and scans it for malicious code. If your website is not visible to the Internet, for example, if it is hosted in a local development environment or a restricted network, the scanner will not be able to work on it. Additionally, if the website was installed in a non-standard directory the scanner will report a "404 Not Found" error. You can use this option to change the URL that will be scanned.The scanner uses the <a href="http://php.net/manual/en/class.splfileobject.php" target="_blank" rel="noopener">PHP SPL library</a> and the <a target="_blank" href="http://php.net/manual/en/class.filesystemiterator.php" rel="noopener">Filesystem Iterator</a> class to scan the directory tree where your website is located in the server. This library is only available on PHP 5 >= 5.3.0 &mdash; OR &mdash; PHP 7; if you have an older version of PHP the plugin will not work as expected. Please ask your hosting provider to advise you on this matter.The secret or security keys are a list of constants added to your site to ensure better encryption of information stored in the user’s cookies. A secret key makes your site harder to hack by adding random elements to the password. You do not have to remember the keys, just write a random, complicated, and long string in the <code>wp-config.php</code> file. You can change these keys at any point in time. Changing them will invalidate all existing cookies, forcing all logged in users to login again.The selected IP addresses were successfully deleted.The selected files have been successfully processed.The status of the API service has been changedThe status of the DNS lookups for the reverse proxy detection has been changedThe status of the integrity diff utility has been changedThe timezone for the date and time in the audit logs has been changedThe value of the option <b>%s</b> was changed from <b>'%s'</b> to <b>'%s'</b>.<br>
Theme activated: %sTheme deleted: %sTheme editor used in: %s/%sTheme installed: %sTheme updated:Themes updated: (multiple entries):There are cases where this operation may fail, an example would be when the email address is not associated with the domain anymore, this happens when the base URL changes <em>(from www to none or viceversa)</em>. If you are having issues recovering the key please send an email explaining the situation to <a href="mailto:info@sucuri.net">info@sucuri.net</a>There are no logs.There are no updates available.These emails will stop receiving alerts: %sThese emails will stop receiving alerts: <code>%s</code>This action will trigger the deactivation / uninstallation process of the plugin. All local security logs, hardening and settings will be deleted. Notice that the security logs stored in the API service will not be deleted, this is to prevent tampering from a malicious user. You can request a new API key if you want to start from scratch.This directory will not be scanned: %sThis information will be updated %%SUCURI.SiteCheck.Lifetime%%This information will be used to determine if your site is being victim of <a href="https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing" target="_blank" rel="noopener">Password Guessing Brute Force Attacks</a>. These logs will be accumulated and the plugin will send a report via email if there are more than <code>%%SUCURI.FailedLogins.MaxFailedLogins%%</code> failed login attempts during the same hour, you can change this number from <a href="%%SUCURI.URL.Settings%%#alerts">here</a>. <b>NOTE:</b> Some <em>"Two-Factor Authentication"</em> plugins do not follow the same rules that WordPress have to report failed login attempts, so you may not see all the attempts in this panel if you have one of these plugins installed.This is a list of registered <a href="https://codex.wordpress.org/Post_Types" target="_blank" rel="noopener">Post Types</a>. You will receive an email alert when a custom page or post associated to any of these types is created or updated. If you don’t want to receive one or more of these alerts, feel free to uncheck the boxes in the table below. If you are receiving alerts for post types that are not listed in this table, it may be because there is an add-on that that is generating a custom post-type on runtime, you will have to find out by yourself what is the unique ID of that post-type and type it in the form below. The plugin will do its best to ignore these alerts as long as the unique ID is valid.This is the directory where the plugin will store the security logs, the list of files marked as fixed in the core integrity tool, the cache for the malware scanner and 3rd-party plugin metadata. The plugin requires write permissions in this directory as well as the files contained in it. If you prefer to keep these files in a non-public directory <em>(one level up the document root)</em> please define a constant in the <em>"wp-config.php"</em> file named <em>"SUCURI_DATA_STORAGE"</em> with the absolute path to the new directory.This option allows you to export the WordPress audit logs to a local log file that can be read by a SIEM or any log analysis software <em>(we recommend OSSEC)</em>. That will give visibility from within WordPress to complement your log monitoring infrastructure. <b>NOTE:</b> Do not use a publicly accessible file, you must use a file at least one level up the document root to prevent leaks of information.This option defines the timezone that will be used through out the entire plugin to print the dates and times whenever is necessary. This option also affects the date and time of the logs visible in the audit logs panel which is data that comes from a remote server configured to use Eastern Daylight Time (EDT). WordPress offers an option in the general settings page to allow you to configure the timezone for the entire website, however, if you are experiencing problems with the time in the audit logs, this option will help you fix them.Timezone override will use %sTimezone:Title: %sTodayTop Level Domain:Total execution time:Total logs in the queue:Total request timeouts (failures):Trusted IP AddressesTypeU-Agent:URL is invalidUnignore Selected DirectoriesUnknownUnknown error, there is no informationUnlimited alerts per hourUpdateUpdate Secret KeysUse WordPress functions to send mails <em>(uncheck to use native PHP functions)</em>Use this tool to select the files and/or folders that are too heavy for the scanner to process. These are usually folders with images, media files like videos and audios, backups and &mdash; in general &mdash; anything that is not code-related. Ignoring these files or folders will reduce the memory consumption of the PHP script.User account created; ID: %s; name: %s; email: %s; roles: %sUser account deleted; ID: %dUser account edited; ID: %s; name: %s; old_name: %s; email: %s; old_email: %s; roles: %s; old_roles: %sUser added to website; user_id: %s; role: %s; blog_id: %s; name: %s; email: %sUser authentication failed: %sUser authentication succeeded: %sUser removed from website; user_id: %s; blog_id: %s; name: %s; email: %sUser: %s (%s)UsernameValueVerify WordPress VersionVersionVersion: %sWP Engine PHP Compatibility Checker: %s (created post #%d as cache)WP PluginWarningWe have not identified additional files, deleted files, or relevant changes to the core files in your WordPress installation. If you are experiencing other malware issues, please use a <a href="https://sucuri.net/website-security/malware-removal" target="_blank" rel="noopener">Server Side Scanner</a>.We identified that some of your WordPress core files were modified. That might indicate a hack or a broken file on your installation. If you are experiencing other malware issues, please use a <a href="https://sucuri.net/website-security/malware-removal" target="_blank" rel="noopener">Server Side Scanner</a>.We inspect your WordPress installation and look for modifications on the core files as provided by WordPress.org. Files located in the root directory, wp-admin and wp-includes will be compared against the files distributed with v%%SUCURI.WordPressVersion%%; all files with inconsistencies will be listed here. Any changes might indicate a hack.Web BrowserWebsite InfoWebsite:Why keep your site updated? WordPress is an open-source project which means that with every update the details of the changes made to the source code are made public, if there were security fixes then someone with malicious intent can use this information to attack any site that has not been upgraded.Widget %s (%s) %s %s (#%d; size %dx%d)WordPress CSRF verification failed. The submitted form is missing an important unique code that prevents the execution of automated malicious scanners. Go back and try again. If you did not submit a form, this error message could be an indication of an incompatibility between this plugin and another add-on; one of them is inserting data into the global POST variable when the HTTP request is coming via GET. Disable them one by one (while reloading this page) to find the culprit.WordPress Checksums APIWordPress IntegrityWordPress Integrity (%%SUCURI.Integrity.ListCount%%)WordPress Integrity (False Positives)WordPress Integrity Diff UtilityWordPress Update AvailableWordPress configuration file is not writable.WordPress configuration file was not found.WordPress has a big user base in the public Internet, which brings interest to attackers to find vulnerabilities in the code, 3rd-party extensions, and themes that other companies develop. You should keep every piece of code installed in your website updated to prevent attacks as soon as disclosed vulnerabilities are patched.WordPress updated to version: %sWordPress version detected %sWordPress version is not supported anymoreWordPress version was already reportedWritableYou have installed a plugin or theme that is not fully compatible with our plugin, some of the security alerts (like the successful and failed logins) will not be sent to you. To prevent an infinite loop while detecting these changes in the website and sending the email alerts via a custom SMTP plugin, we have decided to stop any attempt to send the emails to prevent fatal errors.You must accept the Terms of Service and Privacy Policy in order to request an API key.You need to confirm that you understand the risk of this operation.Your current session will expire once the form is submitted.Your domain <code>%%SUCURI.CleanDomain%%</code> does not seems to have a DNS <code>A</code> record so it will be considered as <em>invalid</em> by the API interface when you request the generation of a new key. Adding <code>www</code> at the beginning of the domain name may fix this issue. If you do not understand what is this then send an email to our support team requesting the key.Your hosting provider has blocked the execution of external commands.Your website has been granted a new API key and it was associated to the email address that you chose during the registration process. You can use the same email to recover the key if you happen to lose it sometime. We encourage you to check the rest of the settings page and configure the plugin to your own needs.Your website has no <code>.htaccess</code> file or it was not found in the default location.activecaching disabled (use with caution)e.g. /private/directory/e.g. 182.120.56.0/24e.g. 192.168.1.54e.g. URL — or — user/repoe.g. unique_post_type_ide.g. user@example.comenabled (recommended)https://sucuri.net/https://wordpress.sucuri.net/iFramesiFrames: %dminimal (only for a few minutes)n/ano data availableno data available.not activenot installedsite caching (using your site headers)status has been changedunknownuser@domain.comPO-Revision-Date: 2021-03-18 10:44:49+0000
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Plural-Forms: nplurals=2; plural=n != 1;
X-Generator: GlotPress/3.0.0-alpha.2
Language: en_CA
Project-Id-Version: Plugins - Sucuri Security &#8211; Auditing, Malware Scanner and Security Hardening - Stable (latest release)
%d out of %d files have been deleted.%d out of %d option have been successfully imported%d scheduled tasks have been removed.%d tasks has been re-scheduled to run <code>%s</code>.%d tasks has been scheduled to run in the next ten seconds.%s (every %d seconds)%s settings changed%s status has been changed%s was %s; ID: %s; name: %s%s: (multiple entries): %s%s: from '%s' to '%s',(not set)120 failed logins per hour240 failed logins per hour30 failed logins per hour480 failed logins per hour60 failed logins per hour<a href="https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing" target="_blank" rel="noopener">Password guessing brute force attacks</a> are very common against web sites and web servers. They are one of the most common vectors used to compromise web sites. The process is very simple and the attackers basically try multiple combinations of usernames and passwords until they find one that works. Once they get in, they can compromise the web site with malware, spam , phishing or anything else they want.<b>%d</b> out of <b>%d</b> files were successfully processed.<b>WARNING!</b> This procedure can break your website. The reset will not affect the database nor the settings of each plugin, but depending on how they were written the reset action might break them. Be sure to create a backup of the plugins directory before the execution of this tool.<br><br>

<em>Explanation: Someone failed to login to your site. If you are getting too many of these messages, it is likely your site is under a password guessing brute-force attack [1]. You can disable the failed login alerts from here [2]. Alternatively, you can consider to install a firewall between your website and your visitors to filter out these and other attacks, take a look at Sucuri Firewall [3].</em><br><br>

[1] <a href='https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing'>https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing</a><br>
[2] <a href='%s'>%s</a> <br>
[3] <a href='https://sucuri.net/website-firewall/?wpalert'>https://sucuri.net/website-firewall/</a><br>
<em>[1]</em> More information about the <a href="https://sucuri.net/website-firewall/" target="_blank" rel="noopener">Sucuri Firewall</a>, features and pricing.<br><em>[2]</em> Instructions and videos in the official <a href="https://kb.sucuri.net/firewall" target="_blank" rel="noopener">Knowledge Base</a> site.<br><em>[3]</em> <a href="https://login.sucuri.net/signup2/create?CloudProxy" target="_blank" rel="noopener">Sign up</a> for a new account and start protecting your site.<strong>Are you a developer?</strong> You may be interested in our API. Feel free to use the URL shown below to access the latest 50 entries in your security log, change the value for the parameter <code>l=N</code> if you need more. Be aware that the API doesn’t provides an offset parameter, so if you have the intention to query specific sections of the log you will need to wrap the HTTP request around your own cache mechanism. We <strong>DO NOT</strong> take feature requests for the API, this is a semi-private service tailored for the specific needs of the plugin and not intended to be used by 3rd-party apps, we may change the behaviour of each API endpoint without previous notice, use it at your own risk.A WAF is a protection layer for your web site, blocking all sort of attacks (brute force attempts, DDoS, SQL injections, etc) and helping it remain malware and blocklist free. This test checks if your site is using Sucuri Firewall to protect your site.A powerful Web Application Firewall and <b>Intrusion Detection System</b> for any WordPress user and many other platforms. This page will help you to configure and monitor your site through the <b>Sucuri Firewall</b>. Once enabled, our firewall will act as a shield, protecting your site from attacks and preventing malware infections and reinfections. It will block SQL injection attempts, brute force attacks, XSS, RFI, backdoors and many other threats against your site.A test alert was sent to your email, check your inboxA total of %s alert events were changedA web cache (or HTTP cache) is an information technology for the temporary storage (caching) of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag. A web cache system stores copies of documents passing through it; subsequent requests may be satisfied from the cache if certain conditions are met. A web cache system can refer either to an appliance, or to a computer program. &mdash; <a href="https://en.wikipedia.org/wiki/Web_cache" target="_blank" rel="noopener">WikiPedia - Web Cache</a>API %s secsAPI Communication via ProxyAPI KeyAPI Key:API Service CommunicationAPI is not available; using local queueAPI key is missingAPI key is not availableAPI key recovery (email sent)API key recovery (failure)API key recovery for domain: %sAPI key successfully generated and saved.API key was generated and setAPI key was successfully set: %sAPI service communication is disabled, if you just updated the plugin this might be a good opportunity to test this feature once again with the new code. Enable it again from the "API Service" panel located in the settings page.API service communication was <code>%s</code>Access File IntegrityAccess control file does not existsAccess control file is not writableAccess denied by %sAccess denied; cannot manage optionsAccess file is not writable, check the permissions.Action:Add your <a href="https://waf.sucuri.net/?settings&panel=api" target="_blank" rel="noopener">Firewall API key</a> in the form below to start communicating with the firewall API service.AdminsAfter you apply the hardening in either the includes, content, and/or uploads directories, the plugin will add a rule in the access control file to deny access to any PHP file located in these folders. This is a good precaution in case an attacker is able to upload a shell script. With a few exceptions the <em>"index.php"</em> file is the only one that should be publicly accessible, however many theme/plugin developers decide to use these folders to process some operations. In this case applying the hardening <strong>may break</strong> their functionality.Alert SubjectAlertsAlerts Per HourAlerts RecipientAll Core WordPress Files Are CorrectAll UsersAll the HTTP requests used to communicate with the API service are being sent using the WordPress built-in functions, so (almost) all its official features are inherited, this is useful if you need to pass these HTTP requests through a proxy. According to the <a href="https://developer.wordpress.org/reference/classes/wp_http_proxy/" target="_blank" rel="noopener">official documentation</a> you have to add some constants to the main configuration file: <em>WP_PROXY_HOST, WP_PROXY_PORT, WP_PROXY_USERNAME, WP_PROXY_PASSWORD</em>.Allow redirection after login to report the last-login informationAn API key is required to activate some additional tools available in this plugin. The keys are free and you can virtually generate an unlimited number of them as long as the domain name and email address are unique. The key is used to authenticate the HTTP requests sent by the plugin to an API service managed by Sucuri Inc.An API key is required to prevent attackers from deleting audit logs that can help you investigate and recover after a hack, and allows the plugin to display statistics. By generating an API key, you agree that Sucuri will collect and store anonymous data about your website. We take your privacy seriously.AnonymousApply HardeningAprilArgumentsAttempt Date/TimeAttempt TimestampAttempt to reset password by attacking WP/2.8.3 bugAudit LogsAugustAvailable Plugin and Theme UpdatesBlockBlock PHP Files in Uploads DirectoryBlock PHP Files in WP-CONTENT DirectoryBlock PHP Files in WP-INCLUDES DirectoryBlock of Certain PHP FilesBlock the execution of PHP files in sensitive directories. Be careful while applying this hardening option as there are many plugins and theme which rely on the ability to execute PHP files in the content directory to generate images or save temporary data. Use the "Add PHP Files to the Allowlist" tool to add exceptions to individual files.Bookmark link added; ID: %s; name: %s; url: %s; target: %sBookmark link edited; ID: %s; name: %s; url: %s; target: %sBy default, the plugin will send the email alerts to the primary admin account, the same account created during the installation of WordPress in your web server. You can add more people to the list, they will receive a copy of the same security alerts.CIDR FormatCMS: %sCache to store the data associated to the installed plugins listed in the Post-Hack page. Expires after %s seconds.Cache to store the result of the malware scanner. Expires after %s seconds, reset at any time to force a re-scan.Cache to store the system logs obtained from the API service; expires after %s seconds.Cannot BackupCannot DownloadCannot InstallCannot delete <code>%s/readme.html</code>Cannot delete content directoryCannot delete uploads directoryCannot remove file from the allowlist; no permissions.Category created; ID: %s; name: %sChanges in <code>%s</code> post-type will be ignoredCheck HardeningCheck Updates NowCheck if the primary user account still uses the name "admin". This allows malicious users to easily identify which account has the highest privileges to target an attack.Check the box if your website is behind a known firewall service, this guarantees that the IP address of your visitors will be detected correctly for the security logs. You can change this later from the settings.Checks if the WordPress README file still exists in the website. The information in this file can be used by malicious users to pin-point which disclosed vulnerabilities are associated to the website. Be aware that WordPress recreates this file automatically with every update.Clear CacheClear cache when a post or page is updatedClear cache when a post or page is updated (Loading...)Codex WordPress HTAccessCommonConfigure the maximum number of email alerts per hour. If the number is exceeded and the plugin detects more events during the same hour, it will still log the events into the audit logs but will not send the email alerts. Be careful with this as you will miss important information.Congratulations! The rest of the features available in the plugin have been enabled. This product is designed to supplement existing security products. It’s not a silver bullet for your security needs, but it’ll give you greater security awareness and better posture, all with the intent of reducing risk.Consider Brute-Force Attack After:Consider brute-force attack after <code>%s</code> failed logins per hourCopy the JSON-encoded data from the box below, go to your other websites and click the <em>"Import"</em> button in the settings page. The plugin will start using the same settings from this website. Notice that some options are omitted as they contain values specific to this website. To import the settings from another website into this one, replace the JSON-encoded data in the box below with the JSON-encoded data exported from the other website, then click the button <em>"Import"</em>. Notice that some options will not be imported to reduce the security risk of writing arbitrary data into the disk.CopyrightCore WordPress Files Were ModifiedCore file marked as fixedCore file restoredCore files that will not be ignored anymore: (multiple entries): %sCore integrity API changed: %sCould not reset the last-logins data file.CriticalCustom FormatDNS LookupsDNS lookups for reverse proxy detection <code>%s</code>DashboardData StorageData is incorrectly encodedDate/TimeDate/Time:DebugDecemberDeleteDelete FileDelete scheduled tasks: (multiple entries): %sDeprecated on 1.8.12; it was used to store a list of blocked user names.Directories will be scanned: (multiple entries): DirectoryDirectory does not existsDirectory is not hardenedDirectory is not usableDirectory used to store the plugin settings, cache and system logsDisableDisabledDisables the theme and plugin editors to prevent unwanted modifications to the code. If you are having problems reverting this please open the wp-config.php file and delete the line with the constant DISALLOW_FILE_EDIT.Disabling the API service communication will stop the event monitoring, consider to enable the <a href="%%SUCURI.URL.Settings%%#general">Log Exporter</a> to keep the monitoring working while the HTTP requests are ignored, otherwise an attacker may execute an action that will not be registered in the security logs and you will not have a way to investigate the attack in the future.Do you want to get vulnerability disclosures? Subscribe to our newsletter <a href="http://sucuri.hs-sites.com/subscribe-to-security" target="_blank" rel="noopener">here</a>Does Not ExistDownloadE-mailE-mail:EditEmail format not supported.Email subject set to <code>%s</code>EnableEnable DNS Lookups On StartupEnabledEnvironment VariablesErrorError hardening directory, check the permissions.Error updating the maximum number of alerts per hourError:EventEvent identifier cannot be emptyEvents generated from this IP will be ignored: <code>%s</code>Execute Now (in +10 seconds)ExistsFailed loginsFailure connecting to the API service; try again.FebruaryFile Editor was not disabled using this tool. You must scan your project for a constant defined as DISALLOW_FILE_EDIT, then either delete it or set its value to False. Any plugin/theme can disable the file editor, so it is impossible to determine the origin of the constant.File PathFile Path:File SizeFile already exists and will not be overwritten.File parent directory is not writable.File should not be publicly accessible.Firewall (WAF)Firewall API Key:Firewall API key was not found.Firewall API key was successfully removedFirewall API key was successfully savedFirewall Audit LogsFirewall SettingsForce execution of scheduled tasks: (multiple entries): %sFormat of the subject for the email alerts, by default the plugin will use the website name and the event identifier that is being reported, you can use this panel to include the IP address of the user that triggered the event and some additional data. You can create filters in your email client creating a custom email subject using the pseudo-tags shown below.General SettingsGenerate API KeyGenerate New Security KeysGenerate new security keys (failure)Generate new security keys (success)GlobalHTTP Header:HTTP Proxy HostnameHTTP Proxy PasswordHTTP Proxy Port numHTTP Proxy UsernameHardeningHardening OptionsHardening applied to the <code>readme.html</code> fileHardening applied to the content directoryHardening applied to the library directoryHardening applied to the plugin and theme editorHardening applied to the uploads directoryHardening reverted in the content directoryHardening reverted in the library directoryHardening reverted in the plugin and theme editorHardening reverted in the uploads directoryHere you can see a list of all the successful logins of accounts with admin privileges.Here you can see a list of all the successful user logins.Here you can see a list of the users that are currently logged-in.Hide Post-Types TableHosting: %sHostnameHostname:Hover to see the Payload.htaccess file found inI agree to the <a target="_blank" href="https://sucuri.net/terms">Terms of Service</a>.I have read and understand the <a target="_blank" href="https://sucuri.net/privacy">Privacy Policy</a>.I understand that this operation cannot be reverted.IDID: %sINVALIDIP AccessIP Added AtIP AddressIP Address (Hostname):IP Address (Username):IP Address AccessIP Address DiscovererIP Address:IP address discoverer will use DNS lookups to automatically detect if the website is behind the <a href="https://sucuri.net/website-firewall/" target="_blank" rel="noopener">Sucuri Firewall</a>, in which case it will modify the global server variable <em>Remote-Addr</em> to set the real IP of the website’s visitors. This check runs on every WordPress init action and that is why it may slow down your website as some hosting providers rely on slow DNS servers which makes the operation take more time than it should.IP has been trusted: %sIf this operation was successful you will receive a message in the email used during the registration of the API key <em>(usually the email of the main admin user)</em>. This message contains the key in plain text, copy and paste the key in the form field below. The plugin will verify the authenticity of the key sending an initial HTTP request to the API service, if this fails the key will be removed automatically and you will have to start the process all over again.If you are working in a LAN <em>(Local Area Network)</em> you may want to include the IP addresses of all the nodes in the subnet, this will force the plugin to stop sending email alerts about actions executed from trusted IP addresses. Use the CIDR <em>(Classless Inter Domain Routing)</em> format to specify ranges of IP addresses <em>(only 8, 16, and 24)</em>.If you do not have access to the administrator email, you can reinstall the plugin. The API key is generated using an administrator email and the domain of the website. Click the "Manual Activation" button if you already have a valid API key to authenticate this website with the remote API web service.If you experience issues generating the API key you can request one by sending the domain name and email address that you want to use to <a href="mailto:info@sucuri.net">info@sucuri.net</a>. Note that generating a key for a website that is not facing the Internet is not possible because the API service needs to validate that the domain name exists.If your server allows the execution of system commands, you can configure the plugin to use the <a href="https://en.wikipedia.org/wiki/Diff_utility" target="_blank" rel="noopener">Unix Diff Utility</a> to compare the actual content of the file installed in the website and the original file provided by WordPress. This will show the differences between both files and then you can act upon the information provided.Ignore Files And Folders During The ScansIgnore a file or directory:Ignore corrupted post dataIgnored AtIgnored At (optional)Import &amp; Export SettingsIn case you suspect having an infection in your site, or after you got rid of a malicious code, it’s recommended to reinstall all the plugins installed in your site, including the ones you are not using. Notice that premium plugins will not be automatically reinstalled to prevent backward compatibility issues and problems with licences.InfoInfo:Installed v%sIntegrity diff utility has been <code>%s</code>Invalid API key formatInvalid cache key nameInvalid characters in the email subject.Invalid email format or the host is missing MX records.Invalid last-logins storage fileInvalid number of failed logins per hourInvalid template typeIt checks if your WordPress version is being leaked to the public via a HTML meta-tag. Many web vulnerability scanners use this to determine which version of the code is running in your website. They use this to find disclosed vulnerabilities associated to this version number. A vulnerability scanner can still guess which version of WordPress is installed by comparing the checksum of some static files.It seems that you disabled the email alerts for <b>new site content</b>, this panel is intended to provide a way to ignore specific events in your site and with that the alerts reported to your email. Since you have deactivated the <b>new site content</b> alerts, this panel will be disabled too.JanuaryJulyJuneLast ActivityLast LoginsLast login was at <b>%s</b> from <b>%s</b> <em>(%s)</em> <a href="%s" target="_self">view all logs</a>Last-Logins logs were successfully reset.Last-logins data file is not writable: <code>%s</code>Lines with a <b>minus</b> sign as the prefix <em>(here in red)</em> show the original code. Lines with a <b>plus</b> sign as the prefix <em>(here in green)</em> show the modified code. You can read more about the DIFF format from the WikiPedia article about the <a target="_blank" href="https://en.wikipedia.org/wiki/Diff_utility" rel="noopener">Unix Diff Utility</a>.LinksLinks: %dList of monitored post-types has been updatedList of monitored post-types has been updated.Loading…Local queue to store the most recent logs before they are sent to the remote API service.Local security logs, hardening and settings were deletedLog ExporterLog exporter file path was correctly setLog exporter was disabledLogged-in UsersLogged-in Users}Malware Scan TargetMalware Scan Target:Manual ActivationMarchMark as FixedMarking one or more files as fixed will force the plugin to ignore them during the next scan, very useful when you find false positives. Additionally you can restore the original content of the core files that appear as modified or deleted, this will tell the plugin to download a copy of the original files from the official WordPress repository. Deleting a file is an irreversible action, be careful.Maximum 10 per hourMaximum 160 per hourMaximum 20 per hourMaximum 40 per hourMaximum 5 per hourMaximum 80 per hourMaximum Alerts Per Hour:Maximum alerts per hour set to <code>%s</code>Maximum execution time:Maximum number of emails per hour reachedMayMedia file added; ID: %s; name: %s; type: %sMessage:Missing LibraryModified AtNONENameNever (no execution)New Security KeysNew status: %sNewest To OldestNewest WordPressNext DueNo anomaly detectionNo blackhat SEO spamNo files were foundNo last-logins data is availableNo malicious JavaScriptNo malicious iFramesNo scheduled tasks were selected from the list.No suspicious redirectionsNon-blocked requests are hidden from the logs, this is intentional.Non-core file deletedNonce is invalidNot WritableNote that the firewall has <a href="https://kb.sucuri.net/firewall/Performance/cache-exceptions" target="_blank" rel="noopener">special caching rules</a> for Images, CSS, PDF, TXT, JavaScript, media files and a few more extensions that are stored on our <a href="https://en.wikipedia.org/wiki/Edge_device" target="_blank" rel="noopener">edge</a>. The only way to flush the cache for these files is by clearing the firewall’s cache completely <em>(for the whole website)</em>. Due to our caching of JavaScript and CSS files, often, as is best practice, the use of versioning during development will ensure updates going live as expected. This is done by adding a query string such as <code>?ver=1.2.3</code> and incrementing on each update.Nothing was selected from the list.NoticeNovemberOctoberOld Security KeysOld status: %sOnce the API key is generate the plugin will communicate with a remote API service that will act as a safe data storage for the audit logs generated when the website triggers certain events that the plugin monitors. If the website is hacked the attacker will not have access to these logs and that way you can investigate what was modified <em>(for malware infaction)</em> and/or how the malicious person was able to gain access to the website.Only <b>%d</b> out of <b>%d</b> files were processed.Only GET and POST methods allowedPHP Version: %sPasswordPassword ChangePassword Guessing Brute Force AttacksPassword changed for user #%dPassword retrieval attempt: %sPatternPlugin %s: %s (v%s; %s%s)Plugin API Key RecoveryPlugin deleted:Plugin editor used in: %sPlugin installed: %sPlugin is PremiumPlugin updated:Plugins deleted: (multiple entries):Plugins updated: (multiple entries):Post TypePost Type IDPost deleted: (multiple entries): %sPost moved to trash; ID: %s; name: %s; status: %sPost-HackPost-Type AlertsPost-type has been successfully ignored.ProceedPublicationRe-configure scheduled tasks %s: (multiple entries): %sRead the official WordPress guidelines to learn how to restrict access to PHP files in sensitive directories - <a href="https://codex.wordpress.org/Nginx#Global_restrictions_file" target="_blank" rel="noopener">Nginx Global Restrictions For WordPress</a>ReasonReceive email alerts for available updatesReceive email alerts for changes in the post status <em>(configure from Ignore Posts Changes)</em>Receive email alerts for changes in the settings of the pluginReceive email alerts for core integrity checksReceive email alerts for failed login attempts <em>(you may receive tons of emails)</em>Receive email alerts for new user registrationReceive email alerts for password guessing attacks <em>(summary of failed logins per hour)</em>Receive email alerts for successful login attemptsReceive email alerts in HTML <em>(there may be issues with some mail services)</em>Receive email alerts when a <b>plugin is activated</b>Receive email alerts when a <b>plugin is deactivated</b>Receive email alerts when a <b>plugin is deleted</b>Receive email alerts when a <b>plugin is installed</b>Receive email alerts when a <b>plugin is updated</b>Receive email alerts when a <b>theme is activated</b>Receive email alerts when a <b>theme is deleted</b>Receive email alerts when a <b>theme is installed</b>Receive email alerts when a <b>theme is updated</b>Receive email alerts when a <b>widget is added</b> to a sidebarReceive email alerts when a <b>widget is deleted</b> from a sidebarReceive email alerts when a file is modified with theme/plugin editorReceive email alerts when the WordPress version is updatedReceive email alerts when your website settings are updatedRecommendationsRecover Via E-mailReferer:Refresh Malware ScanRegisteredRegistrationRemove WordPress VersionRequest:Requested action is not supported.Reset Installed PluginsReset Security Logs, Hardening and SettingsReset User PasswordRestore FileReverse IP:Reverse ProxyRevert HardeningReviewReview False PositivesRolesSaveScannerScanner ran a couple of minutes agoScheduleScheduled TasksScheduled tasks are rules registered in your database by a plugin, theme, or the base system itself; they are used to automatically execute actions defined in the code every certain amount of time. A good use of these rules is to generate backup files of your site, execute a security scanner, or remove unused elements like drafts. <b>Note:</b> Scheduled tasks can be re-installed by any plugin/theme automatically.ScriptsScripts: %dSecret keys updated successfully (summary of the operation bellow).Security AlertsSelect AllSelected files have been removedSelected files have been successfully processed.Send LogsSeptemberServer is not fast enough to process this action; maximum execution time reachedSettingsShow Post-Types TableSignature:Since the scanner doesn’t read the files during the execution of the integrity check, it is possible to find false positives. Files listed here have been marked as false positives and will be ignored by the scanner in subsequent scans.Site is CleanSite is not CleanSite registered successfullySkip events for equal transitionsSkip events for ignored post transitionsSkip events for ignored post-typesSkip events for postman-smtp alertsSome types of problems cannot be detected by this scanner. If this scanner did not detect any issue and you still suspect a problem exists, you can <a href="https://sucuri.net/website-security-platform/signup" target="_blank" rel="noopener">sign up with Sucuri</a> for a complete and in-depth scan + cleanup (not included in the free checks).Specified folder is not hardened by this pluginStatusStop Alerts For This Post-Type:Stop Ignoring the Selected FilesStorage is not writable: <code>%s</code>Stores a list of IP addresses trusted by the plugin, events triggered by one of these IPs will not be reported to the remote monitoring API service.Stores a list of files and folders chosen by the user to be ignored by the file system scanner.Stores a list of files marked as fixed by the user via the WordPress Integrity tool.Stores all the options used to configure the functionality and behaviour of the plugin.Stores the data associated to every successful user login. The data never expires; manually delete if the file is too large.Stores the data for every failed login attempt after the plugin sends a report about a brute force password attack via email.Stores the data for every failed login attempt. The data is moved to "oldfailedlogins" every hour during a brute force password attack.SubmitSuccessful Logins (admins)Successful Logins (all)Successfully sent to the API:Sucuri API key has been deleted <code>%s</code>Sucuri API key has been deleted.Sucuri API key removedSucuri API key was added manually.Sucuri AlertSucuri Alert, %sSucuri Alert, %s, %sSucuri Alert, %s, %s, %sSucuri FirewallSucuri Inc.Sucuri Inc. All Rights Reserved.Sucuri SecuritySucuri Security - Auditing, Malware Scanner and HardeningSucuri plugin has been uninstalledTarget:Temporarily stores data to complement the logs during destructive operations like deleting a post, page, comment, etc.Test AlertsTest Email AlertTest email alert sent at %sTested WithThe <a href="https://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blocklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.The <code>.htaccess</code> file is a distributed configuration file, and is how the Apache web server handles configuration changes on a per-directory basis. WordPress uses this file to manipulate how Apache serves files from its root directory and subdirectories thereof; most notably, it modifies this file to be able to handle pretty permalinks.The IP address could not be added to the trusted listThe IP specified address was already added.The URL to retrieve the WordPress checksums has been changedThe Unix Diff Utility is enabled. You can click the files in the table to see the differences detected by the scanner. If you consider the differences to be harmless you can mark the file as fixed, otherwise it is advised to restore the original content immediately.The WordPress integrity tool uses a remote API service maintained by the WordPress organization to determine which files in the installation were added, removed or modified. The API returns a list of files with their respective checksums, this information guarantees that the installation is not corrupt. You can, however, point the integrity tool to a GitHub repository in case that you are using a custom version of WordPress like the <a href="https://github.com/WordPress/WordPress" target="_blank" rel="noopener">development version of the code</a>.The alert settings have been updatedThe email alerts will be sent to: %sThe email alerts will be sent to: <code>%s</code>The email subject has been successfully updatedThe event monitor uses the API address of the origin of the request to track the actions. The plugin uses two methods to retrieve this: the main method uses the global server variable <em>Remote-Addr</em> available in most modern web servers, and an alternative method uses custom HTTP headers <em>(which are unsafe by default)</em>. You should not worry about this option unless you know what a reverse proxy is. Services like the <a href="https://sucuri.net/website-firewall/" target="_blank" rel="noopener">Sucuri Firewall</a> &mdash; once active &mdash; force the network traffic to pass through them to filter any security threat that may affect the original server. A side effect of this is that the real IP address is no longer available in the global server variable <em>Remote-Addr</em> but in a custom HTTP header with a name provided by the service.The firewall logs every request involved in an attack and separates them from the legitimate requests. You can analyze the data from the latest entries in the logs using this tool and take action either enabling the advanced features of the IDS <em>(Intrusion Detection System)</em> from the <a href="https://waf.sucuri.net/?settings" target="_blank" rel="noopener">Firewall Dashboard</a> and/or blocking IP addresses and URL paths directly from the <a href="https://waf.sucuri.net/?audit" target="_blank" rel="noopener">Firewall Audit Trails</a> page.The firewall offers multiple options to configure the cache level applied to your website. You can either enable the full cache which is the recommended setting, or you can set the cache level to minimal which will keep the pages static for a couple of minutes, or force the usage of the website headers <em>(only for advanced users)</em>, or in extreme cases where you do not need the cache you can simply disable it. Find more information about it in the <a href="https://kb.sucuri.net/firewall/Performance/caching-options" target="_blank" rel="noopener">Sucuri Knowledge Base</a> website.The information shown here is cached for %%SUCURI.ResetPlugin.CacheLifeTime%% seconds. This is necessary to reduce the quantity of HTTP requests sent to the WordPress servers and the bandwidth of your site. Currently there is no option to recreate this cache.The log exporter feature has been disabledThe log exporter feature has been enabled and the data file was successfully set.The main <code>.htaccess</code> file in your site has the standard rules for a WordPress installation. You can customize it to improve the performance and change the behaviour of the redirections for pages and posts in your site. To get more information visit the official documentation at <a target="_blank" rel="noopener" href="https://codex.wordpress.org/Using_Permalinks#Creating_and_editing_.28.htaccess.29"> Codex WordPress - Creating and editing (.htaccess)</a>The maximum number of alerts per hour has been updatedThe plugin has no permission to delete this file because it was created by a different system user who has more privileges than your account. Please use FTP to delete it.The plugin has no permission to restore this file because it was modified by a different system user who has more privileges than your account. Please use FTP to restore it.The plugin has no permission to restore this file because its directory is owned by a different system user who has more privileges than your account. Please use FTP to restore it.The plugin requires PHP 5 >= 5.3.0 - OR - PHP 7The plugin scans your entire website looking for changes which are later reported via the API in the audit logs page. By default the scanner runs daily but you can change the frequency to meet your requirements. Notice that scanning your project files too frequently may affect the performance of your website. Be sure to have enough server resources before changing this option. The memory limit and maximum execution time are two of the PHP options that your server will set to stop your website from consuming too much resources.The plugin will assume that your website is under a brute-force attack after %s failed logins are detected during the same hourThe post-type is already being ignored (duplicate).The remote malware scanner provided by the plugin is powered by <a href="https://sitecheck.sucuri.net/" target="_blank" rel="noopener">Sucuri SiteCheck</a>, a service that takes a publicly accessible URL and scans it for malicious code. If your website is not visible to the Internet, for example, if it is hosted in a local development environment or a restricted network, the scanner will not be able to work on it. Additionally, if the website was installed in a non-standard directory the scanner will report a "404 Not Found" error. You can use this option to change the URL that will be scanned.The scanner uses the <a href="http://php.net/manual/en/class.splfileobject.php" target="_blank" rel="noopener">PHP SPL library</a> and the <a target="_blank" href="http://php.net/manual/en/class.filesystemiterator.php" rel="noopener">Filesystem Iterator</a> class to scan the directory tree where your website is located in the server. This library is only available on PHP 5 >= 5.3.0 &mdash; OR &mdash; PHP 7; if you have an older version of PHP the plugin will not work as expected. Please ask your hosting provider to advise you on this matter.The secret or security keys are a list of constants added to your site to ensure better encryption of information stored in the user’s cookies. A secret key makes your site harder to hack by adding random elements to the password. You do not have to remember the keys, just write a random, complicated, and long string in the <code>wp-config.php</code> file. You can change these keys at any point in time. Changing them will invalidate all existing cookies, forcing all logged in users to login again.The selected IP addresses were successfully deleted.The selected files have been successfully processed.The status of the API service has been changedThe status of the DNS lookups for the reverse proxy detection has been changedThe status of the integrity diff utility has been changedThe timezone for the date and time in the audit logs has been changedThe value of the option <b>%s</b> was changed from <b>'%s'</b> to <b>'%s'</b>.<br>
Theme activated: %sTheme deleted: %sTheme editor used in: %s/%sTheme installed: %sTheme updated:Themes updated: (multiple entries):There are cases where this operation may fail, an example would be when the email address is not associated with the domain anymore, this happens when the base URL changes <em>(from www to none or viceversa)</em>. If you are having issues recovering the key please send an email explaining the situation to <a href="mailto:info@sucuri.net">info@sucuri.net</a>There are no logs.There are no updates available.These emails will stop receiving alerts: %sThese emails will stop receiving alerts: <code>%s</code>This action will trigger the deactivation / uninstallation process of the plugin. All local security logs, hardening and settings will be deleted. Notice that the security logs stored in the API service will not be deleted, this is to prevent tampering from a malicious user. You can request a new API key if you want to start from scratch.This directory will not be scanned: %sThis information will be updated %%SUCURI.SiteCheck.Lifetime%%This information will be used to determine if your site is being victim of <a href="https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing" target="_blank" rel="noopener">Password Guessing Brute Force Attacks</a>. These logs will be accumulated and the plugin will send a report via email if there are more than <code>%%SUCURI.FailedLogins.MaxFailedLogins%%</code> failed login attempts during the same hour, you can change this number from <a href="%%SUCURI.URL.Settings%%#alerts">here</a>. <b>NOTE:</b> Some <em>"Two-Factor Authentication"</em> plugins do not follow the same rules that WordPress have to report failed login attempts, so you may not see all the attempts in this panel if you have one of these plugins installed.This is a list of registered <a href="https://codex.wordpress.org/Post_Types" target="_blank" rel="noopener">Post Types</a>. You will receive an email alert when a custom page or post associated to any of these types is created or updated. If you don’t want to receive one or more of these alerts, feel free to uncheck the boxes in the table below. If you are receiving alerts for post types that are not listed in this table, it may be because there is an add-on that that is generating a custom post-type on runtime, you will have to find out by yourself what is the unique ID of that post-type and type it in the form below. The plugin will do its best to ignore these alerts as long as the unique ID is valid.This is the directory where the plugin will store the security logs, the list of files marked as fixed in the core integrity tool, the cache for the malware scanner and 3rd-party plugin metadata. The plugin requires write permissions in this directory as well as the files contained in it. If you prefer to keep these files in a non-public directory <em>(one level up the document root)</em> please define a constant in the <em>"wp-config.php"</em> file named <em>"SUCURI_DATA_STORAGE"</em> with the absolute path to the new directory.This option allows you to export the WordPress audit logs to a local log file that can be read by a SIEM or any log analysis software <em>(we recommend OSSEC)</em>. That will give visibility from within WordPress to complement your log monitoring infrastructure. <b>NOTE:</b> Do not use a publicly accessible file, you must use a file at least one level up the document root to prevent leaks of information.This option defines the timezone that will be used through out the entire plugin to print the dates and times whenever is necessary. This option also affects the date and time of the logs visible in the audit logs panel which is data that comes from a remote server configured to use Eastern Daylight Time (EDT). WordPress offers an option in the general settings page to allow you to configure the timezone for the entire website, however, if you are experiencing problems with the time in the audit logs, this option will help you fix them.Timezone override will use %sTimezone:Title: %sTodayTop Level Domain:Total execution time:Total logs in the queue:Total request timeouts (failures):Trusted IP AddressesTypeU-Agent:URL is invalidUnignore Selected DirectoriesUnknownUnknown error, there is no informationUnlimited alerts per hourUpdateUpdate Secret KeysUse WordPress functions to send mails <em>(uncheck to use native PHP functions)</em>Use this tool to select the files and/or folders that are too heavy for the scanner to process. These are usually folders with images, media files like videos and audios, backups and &mdash; in general &mdash; anything that is not code-related. Ignoring these files or folders will reduce the memory consumption of the PHP script.User account created; ID: %s; name: %s; email: %s; roles: %sUser account deleted; ID: %dUser account edited; ID: %s; name: %s; old_name: %s; email: %s; old_email: %s; roles: %s; old_roles: %sUser added to website; user_id: %s; role: %s; blog_id: %s; name: %s; email: %sUser authentication failed: %sUser authentication succeeded: %sUser removed from website; user_id: %s; blog_id: %s; name: %s; email: %sUser: %s (%s)UsernameValueVerify WordPress VersionVersionVersion: %sWP Engine PHP Compatibility Checker: %s (created post #%d as cache)WP PluginWarningWe have not identified additional files, deleted files, or relevant changes to the core files in your WordPress installation. If you are experiencing other malware issues, please use a <a href="https://sucuri.net/website-security/malware-removal" target="_blank" rel="noopener">Server Side Scanner</a>.We identified that some of your WordPress core files were modified. That might indicate a hack or a broken file on your installation. If you are experiencing other malware issues, please use a <a href="https://sucuri.net/website-security/malware-removal" target="_blank" rel="noopener">Server Side Scanner</a>.We inspect your WordPress installation and look for modifications on the core files as provided by WordPress.org. Files located in the root directory, wp-admin and wp-includes will be compared against the files distributed with v%%SUCURI.WordPressVersion%%; all files with inconsistencies will be listed here. Any changes might indicate a hack.Web BrowserWebsite InfoWebsite:Why keep your site updated? WordPress is an open-source project which means that with every update the details of the changes made to the source code are made public, if there were security fixes then someone with malicious intent can use this information to attack any site that has not been upgraded.Widget %s (%s) %s %s (#%d; size %dx%d)WordPress CSRF verification failed. The submitted form is missing an important unique code that prevents the execution of automated malicious scanners. Go back and try again. If you did not submit a form, this error message could be an indication of an incompatibility between this plugin and another add-on; one of them is inserting data into the global POST variable when the HTTP request is coming via GET. Disable them one by one (while reloading this page) to find the culprit.WordPress Checksums APIWordPress IntegrityWordPress Integrity (%%SUCURI.Integrity.ListCount%%)WordPress Integrity (False Positives)WordPress Integrity Diff UtilityWordPress Update AvailableWordPress configuration file is not writable.WordPress configuration file was not found.WordPress has a big user base in the public Internet, which brings interest to attackers to find vulnerabilities in the code, 3rd-party extensions, and themes that other companies develop. You should keep every piece of code installed in your website updated to prevent attacks as soon as disclosed vulnerabilities are patched.WordPress updated to version: %sWordPress version detected %sWordPress version is not supported anymoreWordPress version was already reportedWritableYou have installed a plugin or theme that is not fully compatible with our plugin, some of the security alerts (like the successful and failed logins) will not be sent to you. To prevent an infinite loop while detecting these changes in the website and sending the email alerts via a custom SMTP plugin, we have decided to stop any attempt to send the emails to prevent fatal errors.You must accept the Terms of Service and Privacy Policy in order to request an API key.You need to confirm that you understand the risk of this operation.Your current session will expire once the form is submitted.Your domain <code>%%SUCURI.CleanDomain%%</code> does not seems to have a DNS <code>A</code> record so it will be considered as <em>invalid</em> by the API interface when you request the generation of a new key. Adding <code>www</code> at the beginning of the domain name may fix this issue. If you do not understand what is this then send an email to our support team requesting the key.Your hosting provider has blocked the execution of external commands.Your website has been granted a new API key and it was associated to the email address that you chose during the registration process. You can use the same email to recover the key if you happen to lose it sometime. We encourage you to check the rest of the settings page and configure the plugin to your own needs.Your website has no <code>.htaccess</code> file or it was not found in the default location.activecaching disabled (use with caution)e.g. /private/directory/e.g. 182.120.56.0/24e.g. 192.168.1.54e.g. URL — or — user/repoe.g. unique_post_type_ide.g. user@example.comenabled (recommended)https://sucuri.net/https://wordpress.sucuri.net/iFramesiFrames: %dminimal (only for a few minutes)n/ano data availableno data available.not activenot installedsite caching (using your site headers)status has been changedunknownuser@domain.com

Filemanager

Name Type Size Permission Actions
akismet-en_CA.mo File 24.48 KB 0644
akismet-en_CA.po File 33.55 KB 0644
autoptimize-en_CA.l10n.php File 64.07 KB 0644
autoptimize-en_CA.mo File 70.23 KB 0644
autoptimize-en_CA.po File 91.83 KB 0644
elementor-en_CA-026e05eaa88cf2068ad476f7c5d5d51e.json File 338 B 0644
elementor-en_CA-066ef1cdf21d1b40c6de8f6422ec24e0.json File 938 B 0644
elementor-en_CA-1dbb8b6c1e3d0a728637a838a81040c6.json File 306 B 0644
elementor-en_CA-21b2026463ef175722764b7eaf9022f0.json File 295 B 0644
elementor-en_CA-23f8a12bf11e8b1bbfc99cf0797d6856.json File 3.9 KB 0644
elementor-en_CA-3471413206e73f4bb5f263f0692dff1b.json File 409 B 0644
elementor-en_CA-447a0216bbfde7c07c43b4340afd4cac.json File 301 B 0644
elementor-en_CA-498ef4b5c136d8ffb9492430cfcb556c.json File 570 B 0644
elementor-en_CA-4a9aafdf461c74b88a1c7041526ae1d6.json File 862 B 0644
elementor-en_CA-50f7bdee322f202b88cb992c0ace0ac3.json File 7.3 KB 0644
elementor-en_CA-53a887657792effcfc99ad9774c55321.json File 357 B 0644
elementor-en_CA-64add0440d2f0613154569a24f427bfc.json File 3.89 KB 0644
elementor-en_CA-6f2d71de6e487593b133a34107c809b5.json File 3.92 KB 0644
elementor-en_CA-79962d687013e1cf1388440cb23aaf23.json File 930 B 0644
elementor-en_CA-7b11194e20cdeeed80bffc166272edd8.json File 797 B 0644
elementor-en_CA-7bd3d6cb6889e0684fb5850e5de15987.json File 472 B 0644
elementor-en_CA-83958dd16fe11264826fea61fbbe8c20.json File 546 B 0644
elementor-en_CA-875641fa8e2acb7d96b56de0fac67935.json File 342 B 0644
elementor-en_CA-8871b489e8d974572ae4c7578f939de5.json File 339 B 0644
elementor-en_CA-8b95a20e21550730e7b5557f56908c73.json File 1.45 KB 0644
elementor-en_CA-8ef6d4918e93bfaaef913c65efeec347.json File 495 B 0644
elementor-en_CA-91751ab1f6434be40ed42c6f2430685d.json File 3.89 KB 0644
elementor-en_CA-9aa63181e0580deb854f582cb5fa5cdf.json File 1017 B 0644
elementor-en_CA-9c739050cf2f73944f5e6511cc8a11fc.json File 311 B 0644
elementor-en_CA-9de15ead6aa7b3bb8a1ea30a49991974.json File 611 B 0644
elementor-en_CA-a356d84da643b35ca48f18200424fa68.json File 327 B 0644
elementor-en_CA-a3bac97752b365511e337f750b1e7508.json File 330 B 0644
elementor-en_CA-a4027a255848e5a7096a4cbe99cd18da.json File 883 B 0644
elementor-en_CA-abe7facb531349e3b9bd791c4c0f183e.json File 364 B 0644
elementor-en_CA-ac76f1d75eb777f747e6708b19d31b78.json File 10.19 KB 0644
elementor-en_CA-bd7df0741aeddc2bbbb08d20c11e4ddc.json File 464 B 0644
elementor-en_CA-dde11340ced68bea09c9fd29c9ed4534.json File 335 B 0644
elementor-en_CA-e16f2427ce816c4dc38ad0b36edc3ef2.json File 372 B 0644
elementor-en_CA-e9bd92fcd3a153fa19faf0be5f3e21b4.json File 403 B 0644
elementor-en_CA-edafd6bb20f92c5a76f673e753e9b748.json File 789 B 0644
elementor-en_CA-f98be19bec7bc848ce3ed383c60037c1.json File 2.02 KB 0644
elementor-en_CA.l10n.php File 49.63 KB 0644
elementor-en_CA.mo File 65.08 KB 0644
elementor-en_CA.po File 206.1 KB 0644
envato-elements-en_CA.mo File 1.79 KB 0644
envato-elements-en_CA.po File 2.78 KB 0644
gutenberg-en_CA-04418208c292b36bc4a3469b3ffc3d41.json File 400 B 0644
gutenberg-en_CA-07d88e6a803e01276b9bfcc1203e862e.json File 10.92 KB 0644
gutenberg-en_CA-07ef134978802e52988301e5564a124c.json File 685 B 0644
gutenberg-en_CA-17d863d02d419d257cce84f2a9934b91.json File 310 B 0644
gutenberg-en_CA-195c2ee33af3438dc681885037a9dd77.json File 11.43 KB 0644
gutenberg-en_CA-22103b0fceb70bf4f3ed789172c4cc4e.json File 341 B 0644
gutenberg-en_CA-2db29b02b406fc710377e5966a268a5b.json File 1.01 KB 0644
gutenberg-en_CA-2ecc15db55b460a0c1c65371b1c7144e.json File 851 B 0644
gutenberg-en_CA-562b384b5ba625d9c67b6a487da0fb82.json File 313 B 0644
gutenberg-en_CA-57ca266aaa51c0865f9b606c3b122edf.json File 322 B 0644
gutenberg-en_CA-5a39926d0d16d0b7e0231768f706d685.json File 22.59 KB 0644
gutenberg-en_CA-5b24ba153c5b34da32d79d6bf83c42fd.json File 342 B 0644
gutenberg-en_CA-5b6fdbd8b6d8e74e269a71b5e2a640ae.json File 3.74 KB 0644
gutenberg-en_CA-664bd2d849a376fcdd35ecc175c8077e.json File 310 B 0644
gutenberg-en_CA-669341f094c411cfc73de2f3b74475cd.json File 1.23 KB 0644
gutenberg-en_CA-84a7625187e218b518298469e531382d.json File 713 B 0644
gutenberg-en_CA-89337192c82f6ec91cfe1bb3aafe66b2.json File 722 B 0644
gutenberg-en_CA-b28e16a397b8722f99fae785b95a4478.json File 607 B 0644
gutenberg-en_CA-bd25c177bb43e960435d8bf33c14f6d3.json File 413 B 0644
gutenberg-en_CA-c4c26f565695d6a88d0e7ab2e54949c3.json File 311 B 0644
gutenberg-en_CA-cc0ae1a9d2f54754d6de5eabbcb89f5b.json File 616 B 0644
gutenberg-en_CA-d4accdff3b7b226dad1f5f72ccee5bae.json File 7.07 KB 0644
gutenberg-en_CA-d83116db7e3459d9c9a90cae3216278f.json File 41.26 KB 0644
gutenberg-en_CA-e5d3200f2f39097aa25c45c0f7243af8.json File 13.92 KB 0644
gutenberg-en_CA-e7b6005012912540099a002617fcee91.json File 2.55 KB 0644
gutenberg-en_CA-f39744326030f4f787227808e504b523.json File 7.37 KB 0644
gutenberg-en_CA.mo File 50.08 KB 0644
gutenberg-en_CA.po File 84.52 KB 0644
health-check-en_CA.mo File 56.82 KB 0644
health-check-en_CA.po File 90.23 KB 0644
really-simple-ssl-en_CA-265742dd7e4cd21fbed26c5cd6d77198.json File 321 B 0644
really-simple-ssl-en_CA-3894b089cd82666e9a4e77535094da45.json File 1.01 KB 0644
really-simple-ssl-en_CA-38e562ee038bfb8031a370e0f01f2b39.json File 357 B 0644
really-simple-ssl-en_CA-507520abf3ef71973d118e9ad23e5dbe.json File 2.26 KB 0644
really-simple-ssl-en_CA-696e7c30c17d0da28388561d5c0dc770.json File 993 B 0644
really-simple-ssl-en_CA-822f243b56136ac8768c967432cd0248.json File 1.62 KB 0644
really-simple-ssl-en_CA-d1e906054c3940b2a6f20af4deb8bbda.json File 11.89 KB 0644
really-simple-ssl-en_CA-eca67f56faf6b01f7523e570ecb029a9.json File 1.16 KB 0644
really-simple-ssl-en_CA-ef9f07b3b54711801a34147958e12504.json File 308 B 0644
really-simple-ssl-en_CA.l10n.php File 101.11 KB 0644
really-simple-ssl-en_CA.mo File 115.72 KB 0644
really-simple-ssl-en_CA.po File 172.82 KB 0644
smart-slider-3-en_CA.mo File 1.27 KB 0644
smart-slider-3-en_CA.po File 2.53 KB 0644
sucuri-scanner-en_CA.mo File 105.85 KB 0644
sucuri-scanner-en_CA.po File 126.2 KB 0644
w3-total-cache-en_CA.mo File 126.61 KB 0644
w3-total-cache-en_CA.po File 182.54 KB 0644
wordfence-en_CA-6d9553182c2c1a0095c6fcb4d92b6cb9.json File 335 B 0644
wordfence-en_CA-7f048ccf263f3713321202c0831967e1.json File 2.56 KB 0644
wordfence-en_CA-a47bd4bdf40c5e1d70a3bd7e2ecd6be3.json File 13.14 KB 0644
wordfence-en_CA-e703d386885b7347d0abebbdd5fb346f.json File 1.17 KB 0644
wordfence-en_CA.mo File 354.59 KB 0644
wordfence-en_CA.po File 523.68 KB 0644
wordpress-seo-en_CA-13c172108e3ebc2555ea54a5cffd763b.json File 787 B 0644
wordpress-seo-en_CA-1765c84b9a2e3034c5ab0a9b0842cb21.json File 1.13 KB 0644
wordpress-seo-en_CA-3a6bb28b59cb140b6c372392bf5f13d3.json File 728 B 0644
wordpress-seo-en_CA-3ab1863386cca0be6ab4aa906cacadbd.json File 4.88 KB 0644
wordpress-seo-en_CA-58afcf2303c7e92a99f4dfdf75c54842.json File 571 B 0644
wordpress-seo-en_CA-59a157b73a79db8a63459f9a2e1b874b.json File 3.64 KB 0644
wordpress-seo-en_CA-606033e8cb263b032d13356d7a627ed5.json File 16.11 KB 0644
wordpress-seo-en_CA-6f380ab0bcb032c00d3d0ff21664335d.json File 1.38 KB 0644
wordpress-seo-en_CA-6ffccefef7026e678d85c6b56bd29680.json File 1.26 KB 0644
wordpress-seo-en_CA-753e370a61af6ba5ccabe91cc950cbcb.json File 1.34 KB 0644
wordpress-seo-en_CA-786eeb1e9fb710b6d8885049b18564b3.json File 8.4 KB 0644
wordpress-seo-en_CA-81d02401639ac0f30dc9d7738fcbf629.json File 6.5 KB 0644
wordpress-seo-en_CA-826f41c23138627439d01b2b0133dbc5.json File 887 B 0644
wordpress-seo-en_CA-8a9083701e738b3c956ea2c9a8a84375.json File 459 B 0644
wordpress-seo-en_CA-8c2f72a2c46baea606be9a7b0c1a23d8.json File 593 B 0644
wordpress-seo-en_CA-9f6244fe05b49fabf96551959cf899a6.json File 516 B 0644
wordpress-seo-en_CA-9fc912fe9f73e39d5df0779b31bb1a6f.json File 440 B 0644
wordpress-seo-en_CA-9ff580649b466f65633b98bb16c34525.json File 634 B 0644
wordpress-seo-en_CA-a35a702af4a7fbb6d2d4db8c193dd940.json File 802 B 0644
wordpress-seo-en_CA-a4aee9e8c2e39d6f81fd70b8bb9ccc09.json File 362 B 0644
wordpress-seo-en_CA-a4e25a0fbd268367ae0af1e06b841f78.json File 7.67 KB 0644
wordpress-seo-en_CA-afe43fe171170bbc6083c10610a75434.json File 614 B 0644
wordpress-seo-en_CA-b1439a828d6d7684a875580ccba87936.json File 1.17 KB 0644
wordpress-seo-en_CA-b2bb3542a05d1a95a5866b83cc7b8a5f.json File 656 B 0644
wordpress-seo-en_CA-c1a0e4b150b113a514f162d42c0c8ab5.json File 2.05 KB 0644
wordpress-seo-en_CA-c1b15194a6181a17d3344302011bddf5.json File 305 B 0644
wordpress-seo-en_CA-cab448a7f08880f4d86d9bdf409b7cb7.json File 2.41 KB 0644
wordpress-seo-en_CA-d6bf43f32d0c3331e709fa67e6be35a2.json File 2.55 KB 0644
wordpress-seo-en_CA-e422758335e56c41009e56217163c93a.json File 383 B 0644
wordpress-seo-en_CA-fbf6c210cf52f9eaaf78c5f02b58c276.json File 734 B 0644
wordpress-seo-en_CA.mo File 68.36 KB 0644
wordpress-seo-en_CA.po File 123.11 KB 0644
wp-smushit-en_CA-4091a5e3582113f09870f686d7059350.json File 337 B 0644
wp-smushit-en_CA-41a934c9b6a0b38f8a87978b8c266405.json File 4.35 KB 0644
wp-smushit-en_CA-4c1d4f4057e9fe55cac6131666a684af.json File 563 B 0644
wp-smushit-en_CA-5d5454a8b1cf16a3270209e09aa2f8b0.json File 325 B 0644
wp-smushit-en_CA-973adfc51c7d524d0e1204603f1b7457.json File 355 B 0644
wp-smushit-en_CA.mo File 68.72 KB 0644
wp-smushit-en_CA.po File 103.26 KB 0644
wp-statistics-en_CA.mo File 33.95 KB 0644
wp-statistics-en_CA.po File 74.29 KB 0644
wp-super-cache-en_CA-a0623ef93657e56554c5ddda522ed690.json File 697 B 0644
wp-super-cache-en_CA-a923b88be390014b9b8a402283415e0d.json File 610 B 0644
wp-super-cache-en_CA.l10n.php File 82.8 KB 0644
wp-super-cache-en_CA.mo File 90.71 KB 0644
wp-super-cache-en_CA.po File 104.97 KB 0644
wpforms-lite-en_CA.mo File 141.35 KB 0644
wpforms-lite-en_CA.po File 228.65 KB 0644
wpfront-scroll-top-en_CA.mo File 4.71 KB 0644
wpfront-scroll-top-en_CA.po File 7.59 KB 0644