BugWP logo BugWP
Back to Community
Home / Community / General

Troubleshooting Sucuri Security PHP Version Detection Issues

21 threads Sep 10, 2025

Content

Many WordPress administrators rely on the Sucuri Security plugin for vital security monitoring. A common issue reported by users is that the plugin's dashboard sometimes displays an incorrect or outdated PHP version, often showing an older version like 5.6 even when the server is running PHP 7.x or newer. This guide will help you understand why this happens and how to resolve it.

Why Does This Happen?

Based on community reports and analysis, the Sucuri Security plugin primarily uses the built-in PHP constants and functions (PHP_VERSION and phpversion()) to detect the server's PHP version. If the plugin is displaying an incorrect version, the cause is typically one of the following:

  • Cached Data from SiteCheck: The plugin's remote malware scanner, SiteCheck, may be serving outdated, cached information about your site's configuration.
  • Server Configuration: The web server environment (e.g., Apache with PHP-FPM) might be configured in a way that reports a different version to the plugin than what is set in your hosting control panel.
  • Plugin Conflict or Bug: In rare cases, a specific plugin conflict or a previously patched bug could interfere with version detection.

How to Troubleshoot and Fix the Issue

1. Clear the SiteCheck Scanner Cache

The most common fix is to force the Sucuri scanner to clear its cache and perform a fresh scan.

  1. Visit the Sucuri SiteCheck website.
  2. Enter your domain name and run a scan.
  3. If the results appear very quickly and show the wrong PHP version, look for a "Force a Re-scan" link or button on the results page and click it. This expires the old cache.
  4. Wait for the new scan to complete (it should take 20+ seconds) and then check your Sucuri dashboard again.

2. Verify and Synchronize Your Server's PHP Version

Sometimes, the setting in your hosting control panel needs to be applied correctly across all server management tools.

  1. Log in to your hosting control panel (e.g., cPanel, Plesk).
  2. Navigate to the PHP version selector (often found under sections like Software > Select PHP Version).
  3. Ensure the correct, modern version of PHP (e.g., 7.4, 8.0, 8.1) is selected and saved.
  4. Crucially, also check a related tool often called MultiPHP Manager, PHP Selector, or Service Configuration. Apply the same PHP version to your specific website directory in this manager. This step ensures the version change propagates throughout the server.
  5. After making these changes, clear your WordPress caching plugins (if any) and check the Sucuri dashboard again.

3. Check for a True Version Mismatch

To definitively see what version of PHP your WordPress site is actually running, you can create a simple info file.

  1. Using a text editor, create a new file called phpinfo.php.
  2. Add this single line of code: <?php phpinfo(); ?>
  3. Upload this file to the root directory of your WordPress installation (the same folder that contains wp-config.php).
  4. Visit https://yourdomain.com/phpinfo.php in your browser. This page will display the detailed PHP configuration your web server is using.
  5. Compare this version with the one shown in your hosting control panel and the Sucuri dashboard. Important: Delete the phpinfo.php file from your server immediately after you finish checking, as it exposes sensitive information.

What If the Problem Persists?

If you have confirmed via phpinfo.php that your site is running the correct PHP version but Sucuri still displays the wrong one, the issue is likely confined to the plugin's data cache.

You can try these final steps:

  • Re-save Sucuri Settings: Go to Sucuri Security › Settings and click 'Submit' on any page. This can sometimes trigger a refresh of internal data.
  • Plugin Reinstall: As a last resort, try a clean reinstall of the Sucuri plugin. First, deactivate and delete the plugin from the WordPress admin panel. Then, install it fresh from the WordPress plugin repository. Your API key and settings are stored in the database and should remain intact.

Following these steps should resolve the PHP version mismatch in the Sucuri Security dashboard, ensuring you receive accurate information about your website's security posture.

Related Support Threads Support