Support » Plugin: Sucuri Security - Auditing, Malware Scanner and Security Hardening » Core WordPress Files Were Modified

  • Hi

    Installed the plugin and getting this error “Core WordPress Files Were Modified”.

    Tried to take backup and reinstalled WordPress core through Wordpres Dashboard.

    Still, the same error is showing. Here is the screenshot for your kind reference.

    Reference Image

    Thanks

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • @rajkumarsmonline

    Those are 1-2 year old files? The majority of those files are just irrelevant files that your hosting company had in the public_html folder. For example, the index.html is most likely the default file that was created in the public_html folder when your account was created. You have two wp-config.php files, an original and backup that most likely was created by your hosting company. The googlecloud.html most likely is another default file created upon account creation. The .htaccess.cache and .htaccess_ak looks like hosting company backups/logs or a it could be from a cache plugin which created them from cache changes that were implemented in the .htaccess file. The wp-cli file looks like your hosting company put there. You should contact your hosting company to get a better understanding on what those files are. Besides the wp-cli file and the wp-config-bak, I would personally delete everything and whitelist the wp-config-bak and wp-cli files. The wp-cli file might be used by your hosting company to access the WordPress install via the command line interface.

    Again, you should contact your hosting company to question those files.

    Best,
    Carm

    Hi Carm,

    Thanks for the quick support. I have discussed with my hosting support and cleared those files.
    Can you direct me to any clear configuration guide of Sucuri.
    What are the benefits i get if i go with the basic plan ($199) for 1 site.
    Please give me clear idea about that.
    Or can i stay with free wordpress plugin?
    Thanks in advance.

    @rajkumarsmonline

    Most hosting companies provide an in-house Website Application Firewall (most likely Mod Security). I personally use Sucuri’s Website Security Platform which includes the Firewall and Monitoring (plus server side monitoring). I use the $199.00 (Basic) and it works perfect. I run it with Mod Security and it works fine (although I did have to whitelist a few Sucuri IP addresses so Mod Security wouldn’t block their scanners).

    However, if your hosting company uses Apache with Nginx server (Nginx as a reverse proxy/cache layer) and you’re on a shared server, Sucuri won’t be 100% beneficial since you need to add a code snippet to your .htaccess file for Sucuri’s Bypass Prevention to work. The code snippet for that only works with standalone servers (if you just use one server with no server acting as a cache layer/reverse proxy, i.e. Nginx or Apache by itself).

    You would need to contact your hosting company if you are on shared server to see if Sucuri and their Fire Bypass Prevention feature will work.

    In my personal experience, the way I did it to make the Firewall Prevention Bypass work was to modify my web traffic ports to restrict only Sucuri’s Firewall IP addresses. This isn’t plausible to do on a shared server. On a VPS or dedicated server you can do it. So, I am not sure how your hosting company will do it so contact them first.

    There’s a work around to it for shared servers that use Apache+Nginx by adding a HTTP Bypass Prevention code snippet instead of IP restrictions to your .htaccess but it’s not 100% fullproof as the IP way.

    If you are on a shared server that runs Apache+Nginx, contact your hosting company to see if Sucuri will be a great option for you to use and to see if there will be any problems with setting up their Firewall Prevention Bypass.

    You can read about the Firewall Prevention here:
    https://docs.sucuri.net/website-firewall/configuration/prevent-sucuri-firewall-bypass/

    Note:
    “If you are a WPEngine, Rackspace or Siteground customer or your hosting provider does use a reverse proxy such as NGINX or Varnish in front of the real web server, you won’t be able to use the bypass prevention on your .htaccess file. That’s because depending on the reverse proxy setup, the reverse proxy will translate the visitor IP address directly to the web server or use “localhost” for all requests. Therefore, the web server can’t see the Firewall IP and won’t be able to block the bypass. In this case, you must reach your hosting provider so they can block the bypass on a software firewall (such as iptables) level.”

    Also, here’s a setup guide for their Firewall:

    https://sucuri.net/guides/getting-started-with-sucuri/

    You can always contact Sucuri for help setting it up.

    In regards to staying with a free WordPress plugin, you can but it won’t be as beneficial as a paid service. If you go with a free WordPress plugin, I recommend Jeff Star’s which can be found here on WordPress.org:

    https://wordpress.org/plugins/block-bad-queries/

    With that said, the Sucuri Firewall works perfect and I do highly recommend it, if you do go with a paid service like Sucuri.

    I forgot to mention the benefits of the Sucuri Firewall. The benefits with the basic plan @ $199.99 are website monitoring and also you have access to implement a server-side scanner. You also get to use Sucuri’s CloudProxy/CDN alonside their Firewall to filter all incoming traffic to your website. It will filter out all the bad traffic, stops code injection and other website threats. Other benefits are virtual patching and hardening, free SSL certificate, malware removal and DDoS protection.

    https://sucuri.net/website-security-platform/signup/

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.