Hi
I think the reason we don’t do that is because sometimes (not always but sometimes) there are files inside your wordpress directory that might not be wordpress files. We see this for Dart, Bing, Google, various things like that, as well as user added files. We can scan them and alert you but if we deleted without confirmation theres a potential to cause you more grief. We prefer to err on the side of caution and make sure that what you delete is something you want to delete.
I don’t believe we have an option that automatically restore the change wordpress core files but I am making the suggestion today to our dev team. I can’t promise when or if it makes it into a release, but we take every suggestion seriously.
Thanks for helping make wordfence great!
tim
With respect ernietazo, this is not really doable, for all kinds of reasons.
I don’t think the good folk at Wordfence want to take on that level of potential disaster.
Ouch potential = extreme!
I’ve a client site where it’s 100% WordPress but somehow new files are getting uploaded regularly outside of the WordPress environment.
I would love (have the client pay) to have WordFence automatically detect and delete these files while I continue looking for the point of breach.
I would think it might be a database hack generating the pages. I’d start looking there.
My answer about this one stands from when I first answered seven months back. We wouldn’t want to do this because of the potential of damaging a site. If you are interested in a cleaning option, you can always email us at genbiz [at] wordfence.com. I’ll be happy to discuss options there.
tim
