File Differences Missed in Scan

  • Resolved nikstern007

    (@nikstern007)


    2 years, 2 months ago

    We are a WordPress hosting and security agency that uses Wordfence on all of our sites. We found evidence this morning that Wordfence failed to flag an extra file for a plugin from the WP repository. It was inserted in a deactivated plugin on one of our sites and contains malicious code.

    There is no other malicious code, and this particular plugin was not active, so we are not sure why Wordfence didn’t find it. If we can’t be certain that Wordfence is flagging all instances of these file differences, or if a way has been found to circumvent that check, then we are going to need to explore different options for site security monitoring.

    Please let us know what can be done here.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    2 years, 2 months ago

    Hi @nikstern007, thanks for reaching out to us.

    I think the best place to start here would be to see whether the altered file contains something unknown to Wordfence. If you have a copy of the affected file, information on which plugin (and version) was involved, could you please send it to samples @ wordfence . com to be analyzed.

    You could also mention that you have sent a diagnostic report to wftest @ wordfence . com that should contain your configuration and last scan results. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    Thanks,

    Peter.

    Thread Starter nikstern007

    (@nikstern007)

    2 years, 2 months ago

    Good morning @wfpeter.

    Thanks so much for your response. I’ve submitted the diagnostic report and the affected files, as requested. I appreciate you looking into it for us.

    Thanks,
    Nik

    Plugin Support wfpeter

    (@wfpeter)

    2 years, 2 months ago

    Thanks @nikstern007, you should hear back through email rather than the forums with any follow-up but I will leave this topic open for now.

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘File Differences Missed in Scan’ is closed to new replies.