WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
[resolved] File difference warning, but no difference. (7 posts)

  1. Malae
    Member
    Posted 5 months ago #

    The warnings of file changes and the ability to display side by side any changes in files is a very useful feature. One plug-in that I use often has intermediate changes or additions to the files before a new version is issued. I am able to check any changes, when advised by Wordfence. I am puzzled by a recent warning about one such file:
    “Modified plugin file: wp-content/plugins/updraftplus/methods/googledrive.php
    Filename: wp-content/plugins/updraftplus/methods/googledrive.php
    File type: Plugin
    Issue first detected: 12 hours 1 min ago.
    Severity: Warning
    Status New
    This file belongs to plugin "UpdraftPlus - Backup/Restore" version "1.7.41" and has been modified from the file that is distributed by WordPress.org for this version. Please use the link to see how the file has changed. ….. “
    However if I try to display the changes I get the following message:
    “Wordfence: Viewing File Differences
    The two panels below show a before and after view of a file on your system that has been modified. The left panel shows the original file before modification. The right panel shows your version of the file that has been modified. Use this view to determine if a file has been modified by an attacker or if this is a change that you or another trusted person made. If you are happy with the modifications you see here, then you should choose to ignore this file the next time Wordfence scans your system.
    Filename: wp-content/plugins/updraftplus/methods/googledrive.php
    File type: Plugin File
    Plugin Name: UpdraftPlus - Backup/Restore
    Plugin Version: 1.7.41

    There are no differences between the original file and the file in the repository.”

    Why am I getting this warning if no differences?

    http://wordpress.org/plugins/wordfence/

  2. Wordfence
    Member
    Plugin Author

    Posted 4 months ago #

    Very strange. Are you still seeing this? Or was it a temporary issue. Also pls upgrade to the newest version of Wordfence which may resolve this.

    Thanks,

    Mark.

  3. Malae
    Member
    Posted 4 months ago #

    Hi Mark,
    I rescanned and the warning still occurred.
    I updated Wordfence with new version 3.8.9 (today's), rescanned and the warning still occurred.
    I updated the Updraftplus with new version 1.8.2 (today's) rescanned and the warning still occurred.
    I updated WordPress with new version 3.8 (today's), rescanned and the warning still occurred.
    I checked the details and noted that it was reporting that the file was for Updraftplus version 1.7.41 (previous version), but viewing the file, it said it was updated today!
    I deleted the notification warning in the ignored file tab and rescanned and it did not reappear. So the issued has disappeared! :-)

  4. Malae
    Member
    Posted 3 months ago #

    Hi Mark,
    The above issue (see also below) has occurred again with a different file, same plug-in on a different site. However, this time if I use click here to clear all ignored issues and remove, it comes back after rescanning. Note this site running WordPress 3.8.

    The two panels below show a before and after view of a file on your system that has been modified. The left panel shows the original file before modification. The right panel shows your version of the file that has been modified. Use this view to determine if a file has been modified by an attacker or if this is a change that you or another trusted person made. If you are happy with the modifications you see here, then you should choose to ignore this file the next time Wordfence scans your system.
    Filename: wp-content/plugins/updraftplus/backup.php
    File type: Plugin File
    Plugin Name: UpdraftPlus - Backup/Restore
    Plugin Version: 1.8.5

    There are no differences between the original file and the file in the repository.

  5. Malae
    Member
    Posted 3 months ago #

    Hi Mark,
    Further to my post above, I have another issue. Wordfence is reporting that my updraft.php version 1.8.5 is differing from the original version. However, it shows the original version as 1.8.6, which is a development version not yet available though the regular WordPress updating process. Can you explain how and why Wordfence finds this newer version.

  6. Wordfence
    Member
    Plugin Author

    Posted 2 months ago #

    Hi,

    Looks like the author is checking code into tags. This means that after he marks a release as stable, he then is adding code to it. Normally WP developers add new stuff to 'trunk' and then 'tag' something as 1.8.5 for example and then don't ever touch that tag again. He's adding hotfixes to his tags. These should really go into trunk and then be released as a new release. The effect of adding hotfixes is that existing users of a plugin end up running old code without being prompted to upgrade. You can see this here for example where he checked in code into 1.8.5 after it was released:

    https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=846196%40updraftplus&old=834911%40updraftplus&sfp_email=&sfph_mail=

    And the newest release has the same issue.

    Perhaps you could post a polite note on his forums asking him to avoid doing this which will ensure you are always running the newest code of his plugin and Wordfence doesn't report inconsistencies between what you're running and the repository version.

    Regards,

    Mark
    PS: If you found this helpful, please rate Wordfence 5 stars.
    http://wordpress.org/plugins/wordfence/

  7. Malae
    Member
    Posted 2 months ago #

    Thank you for your explanation. I opened the above link and saw the various differences, as I also have seen on my Wordfence scans. I am not a developer, but have read the WordPress page on the use of Subversion. I understand your explanation about checking in code to a version that was already released, being poor practice. What I don't understand is how a file can carry a higher version number than the version that is running, e.g. a php file showing the original as version 1.8.6 when 1.8.5 is installed. In this case how or why does Wordfence access the unreleased development version and not the officially released version. Is this caused by the incorrect tagging of development versions? It seems that there is a difference of opinion on the cause of the problems. When I asked the plug-in author about the issue, he said "When we looked at WordFence, we decided that its algorithm was broken" Does he mean that your plug-in is accessing the versions incorrectly or from the wrong source? Although my understanding is limited, I presume the information on the use of SVN is clear enough to developers. I am happy to contribute more time to resolve this, but need to fully understand the issue.

Reply

You must log in to post.

About this Plugin

About this Topic