cybermalcure
Forum Replies Created
-
Extremely huge sites may need higher memory and higher max_execution_time. This is an edge case. You should still be able to scan using the Monitor page at wp-admin/admin.php?page=wpmr_stateful_scanner.
For database cleanup you may search _options for %wpmr%
Forum: Plugins
In reply to: [Malcure Malware Shield — Removal, Repair, Monitor] Wordfence maleware foundPlease go to PHPMyAdmin and delete malcure options like %wpmr%. This will reset the plugin and fetch the checksums afresh.
Thanks for reporting this. We’re able to update definitions normally on other sites, so this looks environment-specific on this server, most likely MySQL/MariaDB limits when saving the definitions payload into
wp_options.Please ask your host to check MySQL/MariaDB first:
max_allowed_packet(recommend at least64M, preferably128M)innodb_log_file_size(recommend256Mor higher)tmp_table_sizeandmax_heap_table_size(recommend64M+)- MySQL error log for “packet too large”, truncated writes, or failed
UPDATE wp_options - Available disk space and DB write stability
Quick DB checks they can run:
SHOW VARIABLES LIKE 'max_allowed_packet';SHOW VARIABLES LIKE 'innodb_log_file_size';SHOW VARIABLES LIKE 'tmp_table_size';SHOW VARIABLES LIKE 'max_heap_table_size';
After adjusting, please retry Update Definitions and let us know if it still fails.
If it does, share the exact response shown in the plugin UI and we’ll help further.If the plugin is not active then you can safely delete these entries from the database. Most web hosts provide phpmyadmin to manage the databases. Optionally you may ask your developer to do it for you. If you are familiar with WP CLI then you can use the same as well.
WPMR, WPMR_checksums and WPMR_files_checksums_cache. These are not files. These are database entries in the options table that the plugin needs to function. The plugin will create these automatically if it is active. If you don’t want these entries, you may deactivate or remove the plugin.
Technically every database entry may affect performance, not sure how you have narrowed down to these three and how have you come to this conclusion.
Also, here’s the acid test:
Try running “wp core verify-checksums” using wp-cli. That .htaccess file will be reported even by the official wp cli utility. So this is not a plugin issue but your WordPress core does look suspicious. And you can’t whitelist using wp-cli either.
Thank you for sharing your concerns. We would like to clarify that other plugins which create or modify files within WordPress core directories are flagged as suspicious, as this practice violates fundamental security best practices. No security solution—whether it be our plugin, Sucuri, or any other—should ever create files in these protected areas.
Our plugin’s design neither supports nor condones the creation of files within core directories. We are committed to maintaining a streamlined and secure environment by minimizing the use of additional plugins and strictly adhering to industry best practices.
The premium version of our plugin offers an advanced whitelisting feature designed for users who require specialized support for managing these files in exceptional circumstances. However, this feature is not intended for widespread use, as unrestricted whitelisting could compromise security. It is provided at a cost to ensure that it is used judiciously and in accordance with established security protocols.
We stand by our approach and encourage all users to adhere to these best practices. Should you require further clarification, please do not hesitate to contact our support team.