WP AutoShield®: One-Click WordPress Security from cPFence: Page 11 - Enhance Control Panel

WP AutoShield®: One-Click WordPress Security from cPFence

xyzulu

A conversion to Innodb tool might be more effective than the db optimise option.

pratik_asabe

xyzulu agreed.. like litespeed plugin has this already..

as per my knowledge innodb doesn't require optimization as such, correct me if I'm wrong.. cPFence

pratik_asabe

cPFence is it safe to run on heavy woocommerce sites? and is this like cleaning drafts and transients etc.?

cPFence

pratik_asabe

Yes, it’s generally safe to run optimize, whether from WP CLI or phpMyAdmin. It doesn’t delete drafts, transients, or any data—it simply optimizes the database tables. That said, it’s always a good idea to have a backup ready and run the optimization during off-peak hours, especially for large WooCommerce sites.

pratik_asabe

cPFence I have a suggestion, instead running bulk commands, it'd be nice to be able to use for on demand sites for example,

cpfence --bulk-optimize-wp-databases

instead

cpfence --optimize-wp-database --s example.com

cPFence

pratik_asabe

That’s already possible from the Admin UI—all 46 WP-AutoShield tools can be run on all sites or just specific ones as you wish. Makes it super easy and flexible.

mbe81

cPFence
This morning I got the first automatic mail from the database malware scan. For just 10 WordPress sites it reports about 6000 lines as suspicious.

A lot of lines marked as SEO Spam, while it is no SEO Spam (and even if it is, SEO Spam is content which should be managed by the webmaster, not the system administrator). Only a few real SEO Spam lines were reported, but again, this is not something I care about as system administrator
A lot of lines that Javascript is detected on a page, which in this case, is all valid javascript from a newsletter provider added by the site owner.

So thanks for your effort here, but I disabled the database scan due to the number of false positives/ irrelevant checks.

cPFence

mbe81

Thank you for the feedback. We're aware of these false positives, and a fix is scheduled to be released later today. This update will refine the scan to focus solely on pure malware detections. Appreciate your patience.

cPFence

mbe81 rdbf

Can you please try a manual DB scan with the latest 3.3.33 version? You can use cpfence --bulk-scan-wp-databases or run it from the UI. Let us know how it goes. If you still notice any false alarms, please attach the log file to a support ticket.

We’ve tested this version on busy shared hosting servers, and it successfully detected all our known malware DB injection patterns while keeping false positives to a minimum.

cPFence

Version 3.3.33 (16th February 2025)

Added

Database whitelisting for database scan:
You can now whitelist specific WordPress databases from the daily malware scanning. This is useful for sites with known custom entries or large databases where scanning is not required.
- Admin UI: Edit Configuration Files → Manage Whitelisted Databases
- Add the full path of the WordPress installation.
- Manual file editing if needed: /opt/cpfence/user-config/cpfmrtp/whitelisted_databases.txt

Improved

Database Spam detections are now completely ignored, scanning will solely focus on malware and injection threats.
Email log attachments will now be capped at a maximum size of 5 MB for better deliverability.
Refined detection rules to eliminate all reported false positives, while keeping the scanner highly effective.

mbe81

cPFence

Scan completed successfully. No suspicious database entries were detected.

Much better! Thanks!

rdbf

cPFence

Scan completed successfully. No suspicious database entries were detected.

On all servers, so that's good!

« Previous Page