Title: Ambiguous warning messages
Last modified: August 20, 2016

---

# Ambiguous warning messages

 *  Resolved [mvandemar](https://wordpress.org/support/users/mvandemar/)
 * (@mvandemar)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/ambiguous-warning-messages/)
 * Recently my client got an alert from the Wordfence plugin stating the following:
 *     ```
       * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/supercache/blog/index.html
       * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/supercache/www.domain.com/blog/index-mobile.html
       * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/supercache/www.domain.com/blog/index.html
       * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/wp-cache-12763e2b351a1e0b81b53ac2851629e0.html
       * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/wp-cache-91d5d866f78bc7518c6db88fafd4fc90.html
       * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/wp-cache-a3aa43761ce8e3a8cc535e5d2e180ded.html
       * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/supercache/www.domain.com/blog/2012/10/wordpress-security-plugins-wordfence/index.html
       * Post contains a suspected malware URL: WordPress security plugins: Wordfence
       ```
   
 * However, there was nothing in those files when I looked that indicated malware
   to me, and the messages themselves give absolutely zero indication as to what
   triggered them. There is no additional info in the dashboard either. The only
   thing I saw was the files that were tagged all had this snippet in them:
 *     ```
       <script type="text/javascript">var src="http://www.domain.com/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=0D59F7FAB5A52DD573E3A8A9F7275653"; if(window.location.protocol == "https:"){ src = src.replace("http:", "https:"); } var wfHTImg = new Image();  wfHTImg.src=src;</script>
       ```
   
 * and when I did a search for what was generating that I saw a couple of sites 
   that reported that script call as a possible xss attack:
 * [http://www.google.com/search?num=100&hl=en&tbo=d&biw=1920&bih=977&q=%22wordfence_logHuman%22+xss](http://www.google.com/search?num=100&hl=en&tbo=d&biw=1920&bih=977&q=%22wordfence_logHuman%22+xss)
 * Is Wordfence erroneously reporting itself as malware? If not, how can I find 
   out what it is actually saying the issue is?
 * Thanks.
 * [http://wordpress.org/extend/plugins/wordfence/](http://wordpress.org/extend/plugins/wordfence/)

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/)
 * (@mmaunder)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/ambiguous-warning-messages/#post-3325600)
 * Hi,
 * It’s saying that there’s a URL in one of those files (not your site or itself)
   that is listed as a known malware URL with the Google Safe Browsing list (the
   GSB).
 * If you sign into your WordPress installation and go to the “scan” page for Wordfence
   and scroll down you’ll see the actual URL’s shown, assuming the issue still exists.
 * Regards,
 * Mark.
 *  Thread Starter [mvandemar](https://wordpress.org/support/users/mvandemar/)
 * (@mvandemar)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/ambiguous-warning-messages/#post-3325603)
 * Mark, that was part of the issue. There was no additional details in the details
   log. What I pasted above is all of the information that was available, the only
   difference between what was in the details listing and the email that was sent
   was the order of the lines was reversed from top to bottom. No urls were listed
   at all.
 * Also, I just discovered a new issue… it is comparing the most recent version 
   of plugin files from WordPress against older versions installed on the site, 
   and giving a warning that the file has been modified. For example, it says this:
 * Modified plugin file: wp-content/plugins/wp-super-cache/readme.txt
 * And then when I view the differences this is what it shows me:
 * 4 Tested up to: 3.4.2
 * vs.
 * 4 Tested up to: 3.5
 * There is zero point in comparing different plugin versions with one another.
 *  Thread Starter [mvandemar](https://wordpress.org/support/users/mvandemar/)
 * (@mvandemar)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/ambiguous-warning-messages/#post-3325639)
 * In addition to flagging readme.txt files for being different that what it expects,
   the plugin is also flagging them if there are urls referenced in them for sites
   that have been tagged as having malware. Text files don’t even contain clickable
   links, isn’t there some way to disable scanning them?
 *  Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/)
 * (@mmaunder)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/ambiguous-warning-messages/#post-3325656)
 * Hi,
 * It sounds like you’re battling several issues. If you’re still having this issue,
   lets move the conversation to email as I’d like to find out more about your config.
   Email me at mark at wordfence dot com if you’re still having these issues.
 * Regards,
 * Mark.
 *  Thread Starter [mvandemar](https://wordpress.org/support/users/mvandemar/)
 * (@mvandemar)
 * [13 years, 2 months ago](https://wordpress.org/support/topic/ambiguous-warning-messages/#post-3325713)
 * Mark, sorry for not getting back to you sooner. I just had another client send
   me a new Wordfence alert that included an erroneous warning in it for a readme
   file. This time the issue was with the readme.txt inside of the wsecure plugin.
   I ran a diff against the version on the server and a freshly downloaded copy,
   and while it did show the two files as being differant initially, when I included–
   ignore-all-space they came back as being identical. If you were to modify the
   instantiation of the Diff class starting on line 1357 in wordfenceClass.php to
   include this option, eg. array(3, false, true) as the 3rd paameter instead of
   an empty array(), then I think it would eliminate this issue.
 * -Michael

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Ambiguous warning messages’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [wordfence security](https://wordpress.org/support/topic-tag/wordfence-security/)

 * 5 replies
 * 2 participants
 * Last reply from: [mvandemar](https://wordpress.org/support/users/mvandemar/)
 * Last activity: [13 years, 2 months ago](https://wordpress.org/support/topic/ambiguous-warning-messages/#post-3325713)
 * Status: resolved