Quarantine Question

  • Resolved yesyeah

    (@yesyeah)


    8 years, 7 months ago

    Used the plugin and donated, so far so good, thanks!

    Question though: it seems when files are “cleaned” they are moved to a quarantine area, but the folders they were within remain.

    This means that wordfence keeps finding the files (despite them being empty now).

    Is there a reason to keep the quarantined files? Can they just be fully removed / deleted from the quarantine area?

    More so, since we had 12 files found, did plugin automatically “patch” whatever vulnerability was there, AND move the files? Or does it just keep removing files they find?

    Thanks so much!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Eli

    (@scheeeli)

    8 years, 6 months ago

    The empty files are harmless but you can remove them if you want to. The malicious contents of those files that have been quarantined are stored in the database so that code is no longer a threat and will not be picked up by any other scanners.

    There are some vulnerabilities that are automatically patched and sometimes there are others that have more to do with your server that can’t simply be patched be any php plugin. If you have any continued issues with malware then you will need to check your log files and investigate further to determine the source of the infection.

    Thread Starter yesyeah

    (@yesyeah)

    8 years, 6 months ago

    Thanks for your response. I just ran the scan again and it picked up a few more files for quarantine – one of the files  /public_html/wp-admin/ms-options.php was already quarantined in the last scan a couple weeks ago. Does that mean there is still a live “in” for a hacker? Is the expectation that if the site is fully clean, no other files will show up that need to be quarantined? Or is it normal to keep seeing bad files show up?

    Thanks again for this plugin, planning on donating again and adding to another site(s).

    Plugin Author Eli

    (@scheeeli)

    8 years, 6 months ago

    It is possible that there is still a vulnerability on your server that is letting hackers in. Plugins and firewalls can only do so much, if your server has a weakness that can be exploited then you may continue to get hacked.

    The best thing you can do if you keep getting hacked is to move your site to a more secure hosting environment.

    Thread Starter yesyeah

    (@yesyeah)

    8 years, 6 months ago

    Thank you! I do have a lot of websites on that particular server, no other issues. So yes, seeing continued new issues means there is probably a vulnerability still there?
    Thanks again!!

    Plugin Author Eli

    (@scheeeli)

    8 years, 6 months ago

    I think the solution here is to move that site to another server, in part because it may separate it from the vulnerability that is letting this hack occur, but also because you need to protect your other sites from this issue spreading from this one site to all of them.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Quarantine Question’ is closed to new replies.