Objective

Daily infra pulse: Cloudways production stack, Cloudflare zone, Sentry. Unattended scheduled run (07:30 ET).

Status: ATTENTION (1 security anomaly)

What was checked

• Cloudways live app: aguiarinjurylawyers-com (app 6360875) on Vultr ATL server 1615235, cname resolved at runtime. SSL verified/installed.
• Disk: ~98.1 GB free / 128 GB → ~23% used, stable over 24h. ✅
• Services: apache2, imunify360, memcached, mysql, nginx, php8.2-fpm, redis-server, varnish all running. ✅ Only newrelic-sysmond stopped (non-critical).
• WordPress core: v7.0, no known vulns. ✅
• Plugin/theme scan: 40+ items, all clean except 1.

Anomalies

1. [SECURITY, patch priority 1] Rank Math SEO (free) seo-by-rank-math v1.0.270 vulnerable. "Missing Authorization to Unauthenticated Homepage Settings Modification" (Broken Access Control). CVSS 5.3. Affected <= 1.0.271, fixed in 1.0.271.1. Disclosed 2026-05-28. Not currently exploited. Both free (flagged) and Pro (clean) editions are active.
2. [MINOR] newrelic-sysmond stopped — non-critical monitoring daemon, likely intentional.

Skipped blocks (degrade-gracefully)

• Cloudflare — oauth-pending. Both cloudflare-dns-analytics and cloudflare-observability MCPs require interactive OAuth; no user in unattended run. Production CDN is Cloudways Autonomous anyway.
• Sentry — oauth-pending.
• Cloudways AI Copilot insights — API 403, account-level opt-in not enabled.

Legacy server note

DigitalOcean server 1469735 ("Sam Aguiar", NYC3) still running with old apps (~65 GB free); no longer serves live cname (migrated to Vultr 2026-04-19). Decommission / cost-reduction candidate.

Drift / self-heal

No routine drift detected. All literal Cloudways calls succeeded against runtime-resolved IDs. Copilot 403 + Cloudflare/Sentry skips classified as auth/opt-in gaps, not drift — no proposal, no SKILL.md change.