Strange report coming in from Sucuri Scanner

You can always modify what kind of activity can be reported in the notifications tab. In this case, the scanner is probably set to alert you on every Post change.

Some plugins use the posts table to store data temporarily, to do that they create custom Post Types, you can disable notifications for specific post-types from the panel named Ignore Alerts located in the plugin Settings page.

Marking this as resolved because there is no bug.

I had that type of Notification:
Snitch changed from private to published

It ended up with a
Fatal error: Maximum execution time of 30 seconds AGAIN
while wp_login.php!

I had to login with ftp and manually rename the snitch plugin to be able to login again.

I think, that there should be a clear hint in the sucuri plugin that such things could happen.

@hugo1177 I do not think that the error you saw is caused by the Sucuri plugin since you say that you were able to access the admin panel disabling the other plugin. Considering that the other plugin is used to monitor the requests coming to your site, it is normal that you get timeouts in the execution of other (unrelated) scripts.

I will check the code of that plugin mentioned in your previous message, I am 80% sure that the issue is there. I will notify you if I find something.

Ever since downloading the sucuri plugin, I am getting notifications that my site is being subjected to brute force attacks. I unsubscribed from the email alerts re failed log in attempts as they were coming so frequently but then they started again. I am concerned as I’ve been unable to change my password as it says passwords don’t match when I put a new password in (despite repeated attempts) and I don’t understand what would happen if the brute forcer did succeed in logging in – can they lock me out of my own site? What would my options be? The sites I manage which don’t have sucuri don’t seem to have these problems!

@sussexarts There are two things that I did not understand from your comment (English is not my native language), when you say that you are concerned about being unable to change your password because it says “passwords do not match”, does it means that you are trying to change your password from the WordPress admin panel? If so, how were you able to login if the passwords do not match?

When you say that the other sites managed by you are not affected by this issue, are you referring to the brute force attacks or the issue with the password change?

As for your question “Can they lock me out of my own site?”, that depends on how the attacker gets access to your site, if he/she was able to log into the admin panel but nowhere else then no, they will not be able to lock you out because you will still have access to the CPanel (if you have access to it now), you will just need to reset your passwords using a database manager like PHP-MyAdmin. If the attacker was able to access your site at server level then it may be possible for him/her to lock you out because he/she may change the password of your hosting account.

I do not (frequently) check tickets marked as “resolved”, so do you want to mark this one as “un-resolved” or do you prefer to create a new one so we can continue talking about the issues that you are experiencing?