Eli

Sucuri’s classification “rogueads.unwanted_ads” is so broad that I cannot guess at what kind of infection you are actually dealing with. In general, this means that you have some kind of ads displayed on your site that you probably didn’t put there and likely don’t want on your site. There is no way I can tell what kind threats are present on your site that might have lead the these unidentified ads.

In general, I would say that my plugin should find these threats automatically but without seeing the scan results I cannot say why it did not. Do you have the latest definition updates for my plugin? Is there anything in the Anti-Malware Quarantine?

If you want my help with the specific infection that you are trying to get rid of then I will need some shred of information about the specific threat you are facing. Screenshots and links are most helpful. The URL of the infected page would be a great place for me to start, and a snippet of the unwanted code would also be helpful if you have it.

You can also email this info directly to me if you don’t want to post it on this public forum:
eli AT gotmls DOT net

Thank you so much for your kind words and support!

It is truly heartwarming to know that my plugin is so appreciated 😀

If the PayPal link doesn’t work then you probably have an old version of the plugin with the old link. You should upgrade to the latest verson of the plugin and then make sure to download the latest definitions too, otherwise your scan may be missing a lot of newer threats.

You can use my plugin with these other plugins but any other plugin that uses custom output buffer handlers can interfere with the scan process.

To be clear the message in that screenshot is intended to inform you that your caching plugins can adversely affect the performance of my Anti-Malware plugin, not the other way around. It is important to note that this message is only displayed when the the custom OB handler is detected in the wp-admin area, which means that your caching plugin is interfering with (and potentially caching) your admin pages. This is not the best configuration because caching should only be used on static pages when user-specific content is not displayed. Everything displayed in the wp-admin is dynamic and completely dependent on which user is viewing those pages. It would be futile to cache anything in the admin area and an absurd security threat to display any cached admin pages to any other users.

While caching may help the page speeds on any of the forward-facing static page of your site it would be a mistake to rely 100% on your file cache to serve every request made to your server, therefore it should be a viable option for you to temporarily disable caching on your site (at least for testing and debugging purposes). Additionally (or at least, alternatively), you should be able to exclude the wp-admin directory from being cached at all, which will actually solve all these issues and also ensure that your admin security won’t be compromised by accidentally reveling any cached admin content.

As for your very slow Customizer and Elementor page builder loading issues. Those are most likely internal issues which may only be fixed by the developers when or if better coding leads to a faster interface. However, as my admin warning message indicated, the custom OB handlers in your caching plugins could also be interfering with the performance of other plugins and in your wp-admin pages. So you might want to reconsider temporarily disabling your caching while you retest your sites performance metrics. While your at it, you might even want to run some comparative metrics on your site’s overall load-time and page-speed results (with and without your caching enabled) to quantify the benefits of this caching configuration. If your caching is configured well then you should give you a considerable boost in page speed and overall load times, but I have seen many cases where the site’s performance actually increased with the caching turned off 😉

Please let me know if you have any more questions on any of this.

Aloha, Eli

Taking a long time to scan a single file or folder (if it looks like it stalled for 30-60 seconds) is not normal and could be an indication of the root problem that is causing the scan to take so long. I am not convinced that the scan time you are seeing is normal at all. Furthermore, I think that whatever is causing the scan to hang on certain folders is also contributing to the overall latency of your site and it’s ability to load multiple pages at one time.

Any individual PHP process is typically not capable of utilizing more that one processor, and my scan process is designed to stagger the scan segments in a linear queue so that only one batch is called at a time. This gives other processes a turn in the queue thereby allowing your site to answer normal requests while the scan is running. Even if your server only had one core it should be able to share with at least 5 simultaneous instances of PHP running at the same time (with each getting about 20% of the CPU) with out too much performance degradation. Each PHP call typically last only 1 to 4 seconds for the average page load request, with some intensive processes (like wp-cron calls, or backup jobs, or file scans) lasting longer. Any given directory scan by my plugin should only take about 1 to 10 seconds to execute, if it is taking more than 30 seconds to scan a given folder then there is definitely something else going on here that needs to be addressed.

I would like to look at the load time trends on your up-time monitor showing the fluctuation you witnessed during the scan process and also a base-line of the load time when your server is not busy or at rest and there is minimal activity on your site.

Thanks for providing this feed back with enough details that I think I can help you. I would like to start by offering a counterpoint to your assessment of the potential lagging/downtime that you associate with the scan process. Don’t worry, I’m not trying to dismiss the very real and valid concerns you have about the performance impact on your site. I am well aware that, as with any active scanning process, there will be some amount of impact on the server’s resources and that could affect the overall performance of the site while the scan is running, however, I have engineered the Complete Scan specifically with this in mind and I do not feel that it should be having the impact that you have presented. I would like to address what I have identified as three separate issues here and get you followup feedback on each one if you are willing:

1. Duration of the Complete Scan: I can see from the screenshot that you provided that your were less than half way through the scan and was was projected to take around 5 or 6 hours from start to finish. This is partially owing to the seemingly large number of files in the scan path (it looks like you have around 6 times as many directories on your site as a normal WordPress site might). I will acknowledge that the scan time in the screenshot is unusually long even for the number of files to be scanned, and it doesn’t sound like your server is too under-powered for the job so I can’t say why that might be without seeing it run “in-person”. As for the number of sub-directories, I cannot say why you have so many, but I can throw out some guesses and you can get back to me and let me know if any of these ideas helped.

• You might have other site installed on the server inside the public_html directory of this main site. You can try excluding those directories by listing them in the “Skip directories” field.
• You might have a “cache” directory, possibly created by some caching plugin, that has thousands of old and unnecessary files. You should always clear your cache directory when scanning for malware to save time but also because the malware can sometime linger in your cache even after the threat was removed.
• You might also have an archive or backup or multiple copies of the sites directory tree in your path for any number of reasons that could be responsible for tying up the scan with duplicate folders.

2. when you visit your site while running the scan, it lags everything and makes the site inaccessible to you: I admit that I going to make some assumptions about your experience here but I do have a lot of first hand experience with this exact issue and I think I can explain with giving TMI or boring you with the technical details of why the site appears slow to you while scanning. The simplest way to put it is that your browser only wants to load one connection to your site at a time, so it you have the scan running in one tab and you open up your site in another tab or window that it usually queues up the new window and waits for an opening to make the new string of requests to your site that would load some other page on your site (this can sometime take an uncomfortable amount of time or even timeout and fail to load at all). Rest assured that your server does not operate in this manner and it should be capable of loading numerous simultaneous connection to multiple clients at the same time that you are running the complete scan in your browser. For your own peace of mind, and to prove or disprove conclusion here I would like you to have the complete scan open and running on one computer and then open your site up on a completely different computer or device (maybe your phone or tablet). and see if the site loads as expected on the second device.

3. reports from uptime checks setup with site24x7: This one is actually the most concerning to me and so I sincerely hope that you have stayed with me through all my ramblings and still have enough energy to followup with some more info on the for me, as I feel it could shed some light on things and might really help me improve my plugin. I use uptimerobot.com not uptime.com (site24x7) but I believe they have similar reporting details. Could you send me the “Root Cause Analysis” from that site or a screenshot of the down-times and response times for before, during, and after the scan?

You can email me directly if there is anything that you don’t want to post on this public forum:
eli AT gotmls DOT net

Ok, I think I must have misunderstood, and unfortunately your further explanation here just got me more confused.

I think you are saying that the usernames would be 90120JAN, 90120FEB, or 90120MAR but the it looks like the value of $current_user->user_login is actually IAMATONE, which doesn’t help you at all.

Where are you getting this “usernames” value from?

What is the value of the CustomerID field for the record that you are looking for?

Also, the error message that you are getting suggests that there is something else fouling up the syntax of your SQL statement and it looks like it has to do with the single-quote marks you are using, they should not be slanted like that in your raw SQL statement but maybe they are not and the WordPress forum just made them slanted to pretty-up your post 🙁

Anyway, I don’t think that those quote marks are actually needed there so try the SQL without them just to see if it fixed it or ifthe error message you get is different.