Support » Plugin: Wordfence Security - Firewall & Malware Scan » False positives seem suspect

  • The plugin did detect a correct positive after which we fixed some permissions & file locations to prevent hacking of wp config & settings files. Since then, it continues to find the same problems however, those problems do not exist.

    It’s “seeing” lines that do not exist in the config and/or settings files, and those existent lines claim to be loading files that don’t exist either.

    I have cleaned and re-cleaned the server cache, cleaned and re-installed wordfence, etc., but it seems to be retrieving false positives from its own location. I do not know if that location is local to the server or if its phoning home for this data.

    If I try to delete the file it thinks has been added to our site, it responds with a cryptic error about “invalid file location selected” and does not just remove the warning after it can clearly see that the file is not there.

    If the plugin is unable to correctly record the outcomes of its own findings, correctly read current files and update its own data with the actual files on the disk, then how can or why should I trust it to handle actual security emergencies?

    This behavior is particularly suspect because the warnings are all very alarming both in the back end of the server and those sent via email. Attempts to manage the “issues” only generate even more disturbing and cryptic error messages, all of which would lead less experienced hosts to look to WordFence for a solution.

    It would be hard to explain these things as anything other than a dubious attempt to generate revenue. I am truly disappointed.

Viewing 1 replies (of 1 total)
  • Plugin Author WFSupport



    We’re sorry you had that experience but also a little confused as we can’t seem to find a support post or ticket from you. Because of the lack of detail provided (where these alerts are – emailed reports or in the scan results, what the actual alerts said, etc) anything we could say would be speculation at best.

    What I’m wondering is if you are being alerted for changes in a staging or development site, or an uncompressed backup in the web hosting account perhaps. For the latter PHP still executes regardless of whether or not you have DNS pointed at it. That would account for the emailed results being different than what you see in site files.

    Still, as I mentioned, this is all speculative since we only have the vague details in your review to base our diagnoses on. Wordfence has never fabricated results. If you had given us the chance to help you might see that too.

    All that aside, you most certainly do have something wrong on your site. When I looked and clicked on a link in the menu (Transaction Express Buy Now Plugin for WordPress) a second tab opened in my browser with this URL
    www. youtube. com. channel .uc5hrp.–o1aqy.xnsh7hpar.xn--o1aqy.ocno1aqy.xn--p1ai.ig.u4rp66hhp5rocnuolfeo4aig.–o1aqy.xn--i1av6a.xn--p1ai/
    NOTE : The above URL resulted in a “Site cannot be reached” error, which is why I posted the URL. Intentional breaks were added to keep it from being clickable
    Unless that is a very malformed URL that is intentionally launching a second tab, I’d say some results weren’t false positives at all. As a matter of fact, even other Security tools would agree.

    No matter what security solution you ultimately decide to pursue, we’d recommend that you do so sooner rather than later.


    • This reply was modified 6 months, 2 weeks ago by WFSupport.
Viewing 1 replies (of 1 total)
  • The topic ‘False positives seem suspect’ is closed to new replies.