WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
scan failed (6 posts)

  1. nilar
    Member
    Posted 1 month ago #

    Hello,

    The scan failed to find injected file in the wp-include folder. Is it just me?

    https://wordpress.org/plugins/wordfence/

  2. rngdmstr
    Member
    Posted 1 month ago #

    What were the contents of the file?

    Malware scans are typically signature based, if this was a new string of malicious code it might not have been picked up.

  3. nilar
    Member
    Posted 1 month ago #

    Well ... I don't know the content of the files as my PC even refused to edit them. I mean I'm not speaking about lines of code injected in already existing files. I'm speaking about completely new files and, apart from the content of these files, I expected from wordfence a comparative scan able to detect strange named php files on a core folder of the wordpress installation, in particular on a css folder where php files shouldn't be at all.

  4. rngdmstr
    Member
    Posted 1 month ago #

    Ok, in this case, if you are seeing files in wp-includes that shouldn't be there then you should remove them.

    To better determine what files should and should not be present you can use this trick in Filezilla:

    http://blog.sucuri.net/2012/11/website-malware-removal-ftp-tips-tricks.html

    Have a fresh copy of WordPress on the left and browse your site files on the right and then press Ctrl+O - the green/white files match and the yellow files will be out of place.

    As for Wordfence finding .PHP files with strange names, I am not sure if this is something Wordfence does. Random/strange filenames is only a proxy indicator for malware, though, and does not always indicate an infection (take, for instance, cache files which tend to have very random and strange names)

  5. nilar
    Member
    Posted 1 month ago #

    The trick is awesome ... you changed my life. Really :)

    As for Wordfence, probably you are right. I gave it as granted that it performed a comparison scan on core folders that, unless you are a very reckless webmaster, shouldn't change. But maybe not.

    Anyway Wordfence is fantastic in the real time alerting system. Recently got 2 hackers while they were hacking thanks to this. Remarkable :)

  6. rngdmstr
    Member
    Posted 1 month ago #

    Yeah, it's a very handy tool :)

    There's really no reason to have any out-of-place files in wp-includes - In infected sites I find most often they are spam related files.

    If you're not sure about a certain file feel free to pastebin here and I can take a look.

Reply

You must log in to post.

About this Plugin

About this Topic