File exclusions in scans

Resolved Rodrigo
(@vejapixel)

6 years ago
Hello people,

When checking for manual file changes, the plugin shows many files within the cache folder. Many are from the Wp-Rocket plugin.
See below:

var/www/mysite.com/wp-content/cache/wp-rocket/mysite.com/tag/jonas-sulzbach/#q=%2ftag%2fjonas-sulzbach%2f/index-https.html_gzip

/var/www/mysite.com/wp-content/cache/min/4/686626d675469ca0a765ade14c705c19.js

In that case, could I insert the path below in the field and exclude verification?

/var/www/mysite.com/wp-content/cache/

The scanner also shows a bunch of changed files within the uploads folder.

/var/www/mysite.com/wp-content/uploads/ivy-acredita-que-torcida-do-babu-pode-elimina-la-em-possivel-paredao-265x198.jpg

In that case, could I insert the path below in the field and exclude verification?

/var/www/mysite.com/wp-content/uploads/

The scanner also shows a bunch of changed files within the plugins /php-compatibility-checker and plugins /capability-manager-enhanced folders

/var/www/mysite.com/wp-content/plugins/php-compatibility-checker/vendor/squizlabs/php_codesniffer/CodeSniffer/Standards/Squiz/Sniffs/CSS/NamedColoursSniff.php

/var/www/mysite.com/wp-content/plugins/capability-manager-enhanced/vendor/composer/autoload_real.php

In that case, could I insert the path below in the field and exclude verification?

/var/www/mysite.com/wp-content/plugins/

If I enter the 3 paths below in the verification exclusion field, could it jeopardize the security of my site? For example, the hacker can insert malicious code into files in these folders (/cache, /uploads and /plugins).
```
/var/www/mysite.com/wp-content/cache/
/var/www/mysite.com/wp-content/uploads/
/var/www/mysite.com/wp-content/plugins/
```
Thanks!
- This topic was modified 6 years ago by Rodrigo.

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Contributor mbrsolution
(@mbrsolution)

6 years ago

Hi,

If I enter the 3 paths below in the verification exclusion field, could it jeopardize the security of my site? For example, the hacker can insert malicious code into files in these folders (/cache, /uploads and /plugins).

Yes that is possible.

I would say that excluding the /cache/ folder from getting scan is safe because you clear your cache regularly but I would not exclude the /uploads/ and /plugins/ folder from getting scanned.

Let me know if you need more information or help.

Thank you
Thread Starter Rodrigo
(@vejapixel)

6 years ago
Before it was showing in the result of detection of alteration of file, the paths below:
```
/var/www/proddigital.com.br/wp-content/cache/...
/var/www/mysite.com/wp-content/uploads/...
/var/www/mysite.com/wp-content/plugins/...
```
And after I include the path below in the folder/directory exclusion field, now the file change detection result is showing only the path below. But the opposite would be correct, isn’t it? That is, if I enter the path below in the folder exclusion field, it means that the plugin will not check any folder that has this path and therefore it will not appear in the results of detection of file change, but only the others paths. However, it is the other way around, the other paths, /wp-content/uploads/ and /wp-content/plugins/, are no longer appearing in the detection results, and the path /wp-content/cache/ (which was configured to not check) is showing.

/var/www/proddigital.com.br/wp-content/cache/
Plugin Contributor mbrsolution
(@mbrsolution)

6 years ago

Hi, check the following examples to enter a URL address for folders and files.

Example file and directory address:

Cache directory: cache
Cache file path: cache/config/master.php
File path address: wp-content/uploads/2020/05/wordpress.jpg
Plugin directory: easy-wp-smtp

Let me know if the above examples works for you.

Thank you

Plugin Contributor mbrsolution
(@mbrsolution)

6 years ago

Hi, is your issue resolved?

Thread Starter Rodrigo
(@vejapixel)

6 years ago

Yes, resolved. Thank you!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘File exclusions in scans’ is closed to new replies.