Symptoms
The server accumulates long-running WP Toolkit processes, similar to the following, that cause a high server load.
/opt/cpanel/ea-php74/root/usr/bin/php -r require '/usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/wpt-wp-cli.php'; -d safe_mode=off -d display_errors=on -d opcache.enable_cli=off -d open_basedir= -d error_reporting=341 -d max_execution_time=60 --no-header -- --no-color --path=/home/cpusername/public_html instance info --format=json --check-updates=true
Description
WP Toolkit uses wp-cli to perform tasks, which runs the website's core WordPress files (i.e. index.php, settings.php, and wp-config.php). If these files are infected with malware, the malware will run, which can interrupt this process.
We have reported this incident to the Plesk WordPress Toolkit Developers for further review. The WordPress Toolkit developers have filed EXTWPTOOLK-10647 to resolve this issue.
Workaround
- Access the server's command line as the 'root' user via SSH or "Terminal" in WHM.
- Run the following command to locate the WordPress installations with infected installations.
[root@server ~]cPs# ps aux|grep safe_mode=off|grep wp-toolkit|cut -f8 -d '='|cut -f1 -d ' '|sort|uniq
/home/cpusername/public_html - Take note of the accounts with infected WordPress installations.
- Run the following command to locate the running WP Toolkit processes.
ps aux | grep safe_mode | grep -v grep|awk {'print $2'}
Use the kill command to terminate each Process ID found with the above command.
kill -13 $pid
Please note that "$pid" must be replaced with the Process ID to terminate.
- Restore the infected accounts from known clean backups.
Comments
0 comments
Article is closed for comments.