Support » Plugin: iThemes Security (formerly Better WP Security) » File Change Warning, is this normal?

  • I have consistently gotten file change warnings (and warnings of brute force attacks) since I started my hobby blog over a year ago. I’ve tried different things to shore up the security but they still happen, but I also don’t know if some of the more recent file change notifications are bad or not, because I have been making a lot of changes. The most recent I got was this:

    url: WP-Cron Scheduled Task
    Changed:
    wp-content/uploads/sucuri/sucuri-plugindata.php
    wp-content/uploads/sucuri/sucuri-auditlogs.php
    wp-content/uploads/sucuri/sucuri-failedlogins.php
    wp-content/uploads/sucuri/sucuri-oldfailedlogins.php
    wp-content/uploads/sucuri/sucuri-settings.php
    wp-content/uploads/sucuri/sucuri-auditqueue.php
    wp-content/uploads/sucuri/sucuri-sitecheck.php
    Removed:
    Added:
    wp-content/uploads/siteground-optimizer-assets/twentyseventeen-customize-preview.min.js

    Does this look like a problem/hack/malware?
    Any input is appreciated!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The sucuri-settings.php and sucuri-auditqueue.php files are explained here.

    Basically these sucuri files are known to be updated regularly. So it looks like the File Change Detection module is working properly. Keep in mind a file change detected is not per definition a problem/hack/malware.

    If you don’t want to be informed of regular file changes in the wp-content/uploads/sucuri folder simply whitelist the folder in the iTSec plugin File Change Detection module settings.

    To prevent any confusion, I’m not iThemes.

    I have the same question. I receive a notification about file change detection every day.it started from 2 weeks ago.
    url: WP-Cron Scheduled Task
    every day many files ( 200 -600 files ) add, delete and change, include:
    wp-content/cache/min/1 ……..js
    wp-admin/error_log
    wp-content/cache/wp-rocket/mysite.com/sitepage/index-mobile-https.html_gzip
    wp-content/cache/wp-rocket/mysite.com/sitepage/index-https.html
    wp-content/cache/wp-rocket/mysite.com/sitepage/index-https.html_gzip
    what does is mean? has my site been hacked?
    I appreciate if I receive your kind response about this error.

    MATT M

    (@beardedginger)

    Hi,

    If the changes made are from an update there is no cause for concern.

    If the changes made are unexpected, you can compare the changed file to those from a recent backup to see exactly what has changed.

    You can exclude files and directories in the File Change Detection settings on the Settings page. The general rule is it’s okay to exclude ones that you know are going to be regularly updating. Backup and cache files are a perfect example of this. Doing so will calm a lot of the extra noise.

    If you are receiving a lot of these emails you can disable the File Change Detection Notifications and enable the Security Digest in the Notification Center settings. The Security Digest reduces the number of emails sent so you can receive a summary of lockouts, file change detection scans, and privilege escalations. You can set these notifications to be sent daily or weekly.

    Thanks,

    Matt
    iThemes.com

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.