Suspended and unspended, WordPress Exploit Scanner may be the problem

[vineethmhn]

Hello,

I am very conscious about security parameters as I faced a few hacker attempts earlier on my WordPress installations with other hosts. To tackle this program, I am using some security plug-ins on my blog hosted here at X10.

One of such highly rated plug-in is "WordPress Exploit Scanner" which scans my entire WP installation for malicious codes and issues a warning report. I am then be able to manually analyze the code and make modifications, in necessary. A few minutes back, I upgraded to the latest WP installation and also upgraded some plug-ins including the "WordPress Exploit Scanner". After this, I run the scan so that I can make sure that everything is fine.

To my surprise, I received an account suspended message from X10 instead of the scan results page. I was able to manually unsuspend the account from the hosting control panel and everything is fine now. As I assumes that the "WordPress Exploit Scanner" uses excess system resources, especially processor time and RAM, I am removing it from my WP installation.

This information is provided so that you can be sure about the incident and to clarify my part. Hope this information would be useful when analyzing your logs and future support requests.

[Livewire]

Hello,

I am very conscious about security parameters as I faced a few hacker attempts earlier on my WordPress installations with other hosts. To tackle this program, I am using some security plug-ins on my blog hosted here at X10.

One of such highly rated plug-in is "WordPress Exploit Scanner" which scans my entire WP installation for malicious codes and issues a warning report. I am then be able to manually analyze the code and make modifications, in necessary. A few minutes back, I upgraded to the latest WP installation and also upgraded some plug-ins including the "WordPress Exploit Scanner". After this, I run the scan so that I can make sure that everything is fine.

To my surprise, I received an account suspended message from X10 instead of the scan results page. I was able to manually unsuspend the account from the hosting control panel and everything is fine now. As I assumes that the "WordPress Exploit Scanner" uses excess system resources, especially processor time and RAM, I am removing it from my WP installation.

This information is provided so that you can be sure about the incident and to clarify my part. Hope this information would be useful when analyzing your logs and future support requests.

At the very least it's definitely evidence that the high resource scanner -does- work; I ran the same plugin on my local testing environment, maxed the cpu for a few seconds which doesn't work on free hosting.

My advice for testing purposes is to install it all on a WAMP or XAMPP local testing server with the exact same setup on Wordpress itself, then run the scanner there - the differences between the servers won't matter since the scanner only tests wordpress itself, so you'll still be able to check exploits. Just remember to re-scan as plugins/wordpress update

[vineethmhn]

At the very least it's definitely evidence that the high resource scanner -does- work; I ran the same plugin on my local testing environment, maxed the cpu for a few seconds which doesn't work on free hosting.

My advice for testing purposes is to install it all on a WAMP or XAMPP local testing server with the exact same setup on Wordpress itself, then run the scanner there - the differences between the servers won't matter since the scanner only tests wordpress itself, so you'll still be able to check exploits. Just remember to re-scan as plugins/wordpress update

Yes, that is a good idea to test for exploits on the local system but I am bothered about the plug-ins specifically. Like most of us, I am also interested in testing a new plug-in when it comes from the WordPress store, sometimes just to test the functionality they offer. It is not always practical to download and install every such plug-ins locally on an XAMPP server as it involves many boring steps...

It would be beneficial, if we could compile a list of WordPress plug-ins that are known to increase the resource usage on the server than the permissible limits.