I have some issues with the vulnerability scanner. The MainWP NVD works fine.
But I want to use the WPVulnDB API because I have an API license there. I filled in my API key, but when I scan a website the page just refreshes without any results.
How to proceed to get this working?
Hi alainL,
Can you please post the community system report from your MainWP Dashboard for review? The report is located in your Dashboard under Status → Server, on the top right of the page.
Be sure to use the button like the one below; this button hides all your private information:
Pressing the button auto-copies the report to your clipboard then just paste it in a reply here.
### Server Info Required Detected Status ###
MainWP Dashboard
MainWP Dashboard Version 4.1.10.1 4.1.10.1 Pass
MainWP Upload Directory Writable Writable Pass
MainWP Extensions
Activity Log for MainWP 1.7.0
Advanced Uptime Monitor Extension 5.2 API License Active Pass
MainWP White Label Extension 4.1 API License Active Pass
MainWP Bulk Settings Manager Extension4.0.3 API License Active Pass
MainWP Clean and Lock Extension 4.0.1.1 API License Active Pass
MainWP Clone Extension 4.0.1 API License Active Pass
MainWP Comments Extension 4.0.3 API License Active Pass
MainWP File Uploader Extension 4.1 API License Active Pass
MainWP Google Analytics Extension 4.0.3.2 API License Active Pass
MainWP Maintenance Extension 4.1 API License Active Pass
MainWP Page Speed Extension 4.0.1.1 API License Active Pass
MainWP Pro Reports Extension 4.0.6 API License Active Pass
MainWP Rocket Extension 4.0.2 API License Active Pass
MainWP Staging Extension 4.0.1 API License Active Pass
MainWP UpdraftPlus Extension 4.0.4 API License Active Pass
MainWP Vulnerability Checker Extension4.1 API License Active Pass
MainWP WooCommerce Shortcuts Extension4.1.1 API License Active Pass
MainWP WooCommerce Status Extension4.0.6 API License Active Pass
MainWP Wordfence Extension 4.0.4 API License Active Pass
WordPress
WordPress Version >=3.6 5.8.1 Pass
WordPress Memory Limit >=64M 256M Pass
MultiSite Disabled =true true Pass
FileSystem Method = direct direct Pass
PHP
PHP Version >=7.0 7.4.25 Pass
PHP Safe Mode Disabled =true true Pass
PHP Max Execution Time >=30 seconds 120 Pass
PHP Max Input Time >=30 seconds 300 Pass
PHP Memory Limit >=128M 256M Pass
PCRE Backtracking Limit >=10000 1000000 Pass
PHP Upload Max Filesize >=2M 64M Pass
PHP Post Max Size >=2M 64M Pass
SSL Extension Enabled =true true Pass
SSL Warnings = empty Pass
cURL Extension Enabled =true true Pass
cURL Timeout >=300 seconds 300 Pass
cURL Version >=7.18.1 7.29.0 Pass
cURL SSL Version >=OpenSSL/1.1.0 NSS/3.53.1 Pass
PHP Allow URL fopen YES
PHP Exif Support YES ( V7.4.)
PHP IPTC Support YES
PHP XML Support YES
PHP Disabled Functions opcache_get_status,
PHP Loaded Extensions Core, PDO, PDO_ODBC, Phar, Reflection, SPL, SimpleXML, Zend OPcache, bcmath, bz2, calendar, cgi-fcgi, ctype, curl, date, dba, dom, enchant, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, i360, iconv, imagick, imap, intl, ionCube Loader, json, ldap, libxml, mbstring, mysqli, mysqlnd, odbc, openssl, pcre, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, posix, pspell, redis, session, soap, sockets, sodium, sqlite3, standard, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib
MySQL
MySQL Version >=5.0 10.3.31-MariaDB Pass
MySQL Mode ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
MySQL Client Encoding utf8
Server Info
Server Software Apache
Operating System Linux
Architecture 64 bit
Server Protocol HTTP/1.1
HTTPS ON
Server self connect Not expected HTTP response body:
User Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.0 Safari/605.1.15
Gateway Interface CGI/1.1
Memory Usage 23.25 MB
Request Time 1635342356
Accept Content text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset Content N/A
MainWP Settings
Number Of Child Sites 39
Use WP-Cron Yes
Optimize for Shared Hosting or Big NetworksNo
Automatic Daily Update Install trusted updates
Abandoned Plugins/Themes Tolerance 365
Maximum number of posts to return 50
Maximum number of pages to return 50
Maximum Number of Comments 50
Primary Backup System MainWP UpdraftPlus Extension
Maximum simultaneous requests 4
Minimum delay between requests 200
Maximum simultaneous requests per ip1
Minimum delay between requests to the same ip1000
Maximum simultaneous sync requests
Maximum simultaneous install and update requests
Active Plugins
Activity Log for MainWP 1.7.0 Active
MainWP Dashboard 4.1.10.1 Active
MainWP Key Maker 1.2 Active
UpdraftPlus - Backup/Restore 2.16.63.25 Active
Wordfence Security 7.5.6 Active
WP Crontrol 1.11.0 Active
WPS Hide Login 1.9 Active
Do I also need to install the WPScan plugin on all the child sites if I want to use this WPVulnDB API?
Hi @alainL,
The report looks good, however, I see a couple of non-MainWP plugins on your dashboard.
Can you try to temporarily disable these and see if that helps? Maybe it’s some plugin conflict.
I just tried with deactivated plugins but the issue is the same. That did not help.
Ok, thanks for verifying that.
I see you have an open helpdesk ticket where you provided us with additional details that will help us troubleshoot this problem. Let’s continue in there and I will update the thread later.
The problem is caused by the API rate limit.
After hitting the limit, the server returns: “status”: "rate limit hit"
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.