Support » Plugin: WebP Express » Modified plugin file: wp-content/plugins/webp-express/changelog.txt

  • Hi, it looks like you changed something to a file after releasing 0.17.2 without updating the version number. Please don’t do that. It triggers WordFence to issue a warning because potentially it could mean that a file on your website has been infected with malicious code.

    When I compare the original and updated file, I see this


    * Fixed bug: Updating plugin failed on some systems (in the unzip phase). Problem was introduced in 0.17.0 with the updated binaries.


    * Fixed bug: Updating plugin failed on a few hosts (in the unzip phase). Problem was introduced in 0.17.0 with the updated binaries.

    I can see the change isn’t harmfull (and not useful either for that matter), but I manage a lot of websites with your plugin and this change means I’ll get a WordFence warning form every website every day until the next update.


Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author


    Got it.

    Plugin Author


    Do you know if I can change the README without Wordfence complaining?

    I don’t think you can, unless you release a new version.

    WordFence takes a snapshot from when a new plugin/theme version is released. They use the snapshot to scan for file changes.

    WordFence can’t see it when you change a file without releasing a new version.

    This results in a strange, but logical situation. If I update a site right now, I get all the current files from the WP repository. Including your updated readme file. So technically, there are absolutely no differences between the files in the repository and on my site. However, WordFence still sees a difference, because they compare the files on my site with the files in the snapshot they took when you released the update, prior to your file change.

    Plugin Author


    Have you gotten any warnings about changed README.txt ? I have modified that many times without creating a release. It could be that Wordfence makes an exception for that file. Perhaps because the WordPress team specifically says that you should not make a new release if you are just changing README.txt (it takes up resources)

    • This reply was modified 11 months, 2 weeks ago by

    This time WordFence only gave a warning changelog.txt not readme.txt.
    I can’t recall having a warning for that file.
    Did you also change something in readme.txt after releasing 0.17.2 ?

    If you want I can test if you change something now.

    Plugin Author


    Yes, I actually did.

    Ah ok, so then it looks like WF excludes that file from their warning mechanism.

    Plugin Author


    I shall continue this practice then (with README.txt only). Just let me know if you start seeing warnings because of this

    Ok will do. Thanks for understanding!

    When do you expect 0.17.3?
    Then I skip 0.17.2 to not trigger WF

    Plugin Author


    There are no urgent fixes in queue, so 0.17.3 is not on the roadmap. If something comes up, I will fix and release quickly. I expect a 0.18.0 release within a month

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Modified plugin file: wp-content/plugins/webp-express/changelog.txt’ is closed to new replies.