+1 More precisely
* Yesterday evening, an email: “your site has been automaticalyy been upgraded to 4.4.2” (the actual message is in french).
* 3 minutes later “This email was sent from your website “__the__site__” by the Wordfence plugin.” => “This file may contain malicious executable code: __the__site__/wp-admin/includes/class-pclzip.php”
* this morning, I’ve done a scan with WF and all was alright!
Weird strangeness.
Hmmmm…. “HIGH SENSITIVITY scanning is enabled, it may produce false positives” This would be the first false positive I encountered.
Merci beaucoup for this efficient plugin.
Thanks for the reports. This is a false positive that can happen if your site updates to the next version of WordPress and also runs a Wordfence scan before the Wordfence servers have downloaded and processed the newest WordPress update. We are looking at reducing the chances of this happening in a future version.
-Matt R
I am still getting this now.
Surely the Wordfence servers have been updated by now or is it something I’m doing wrong?
Ben
Hi: I just got this after a scan:
http://mysite.com/wp-admin/admin-ajax.php?action=GOTMLS_scan&GOTMLS_mt=54425ec2e562cfde68efedf27e61b67c&mt=1482984658.6472&GOTMLS_scan=L2hvbWUvbmlhZ2FyYWJyZXdjbHViLmNvbS9wdWJsaWNfaHRtbC93cC1hZG1pbi9pbmNsdWRlcy9jbGFzcy1wY2x6aXAucGhw1&last_action=GOTMLS_scan&last_GOTMLS_mt=54425ec2e562cfde68efedf27e61b67c&last_mt=1482984658.6472&page=GOTMLS-settings&last_GOTMLS_scan=L2hvbWUvbmlhZ2FyYWJyZXdjbHViLmNvbS9wdWJsaWNfaHRtbC93cC1hZG1pbi9pbmNsdWRlcw3
I am running new Wordfence Updated Version 6.2.9 updated yesterday
and WordPress 4.7 latest version
One highlighted in red, was from China IP address bot and was deleted.
I cleaned all the WordFence Files and deleted them – over 100 of them.
I then did another scan with Anti-Malware plugin, it 13 other suspicious files and one of them was the above one. Have I been hacked again?
I had to delete an older theme, cleaned with Wordfence, thought it was enough, installed a new version of the theme and now maybe I got hit again?
