Hello @syxguns and thanks for reaching out to us!
I want to see if anything remains from the WooCommerce plugin in your diagnostic.
Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
@wfadam – I sent the diagnostics report with the forum user name Syxguns. Thank you for taking a quick look.
Thanks for sending that!
I did a scan through your diagnostic and noticed some of the Woocommerce Cron jobs still listed. I wonder if that is what the scan is seeing.
I recommend downloading and installing WP Crontrol(https://wordpress.org/plugins/wp-crontrol/).
This will aide you in removing those Cron jobs. If you go to your diagnostic and use finder for “woo” you will see the crons I am speaking of.
Let me know how this goes!
Ahh, they are being called from another plugin that I had and removed called ProfileGrid. There are some other corn events I’m not sure of.
- jetpack_v2_heartbeat (not using jetpack)
- xmsg_ping (XMS is disabled)
I removed all of the cron jobs from a number of plugins, including the ProfileGrid which is what was causing the WooCommerce issue I believe. I have some other cron jobs that are not doing anything. This includes the list above and a few more. I don’t want to crash my site, even though I have a full backup.
I believe that will stop the Wordfence e-mail about WooCommerce, but I will update this thread if I get another report.
@wfadam could you give me a quick lesson on the second question?
Question 2: I have two files that I need but do not want to display to my clients in the Wordfence scan summary. I added the file paths and names in the list of directories to exclude from the recently modified file list. One file is a user.ini file that I place in the admin folder. The other is in the mu-plugins folder. They still show up on the scan, and even if I tell it to ignore they are still listed in the ignore column. They may be removed at any time with Wordfence and I would rather a client that does not understand why they are there do not see them.
I’ll ask in a new thread if you like.
They should be ignored completely if you’re putting in the correct path for Wordfence scan to exclude. I would verify the path is correct, remove the results from the ignore list on the scan page, then attempt a new scan to see the results.
From our docs:
Exclude files from scan that match these wildcard patterns
This lets you exclude certain file extensions from your scan. You can use this if Wordfence is getting stuck on large files that you know are not malicious, like certain kinds of backup files. You can use the full path to the file or use * to match any number of any characters. For example wp-content/uploads/image.jpg will only exclude the image.jpg file. If you instead enter wp-content/uploads/* all files in the upload folder will be excluded from scan.
Let me know if this helps!
@wfadam I may be in the wrong area of Wordfence. I have placed the links under Activity Report – List of directories to exclude from recently modified file list.
These files are not modified but additional files. Where do I find the settings for Exclude files from scan?
After running another scan I still see the file in wp-content/mu-plugins/name-of-plugin.php is still showing in scans.
@wfadam – Just got another e-mail reading this:
he Plugin “WooCommerce Blocks” needs an upgrade (2.5.9 -> 5.0.0).
I removed all the WooCommerce and I’m still getting this report. Searched the cron jobs and no woocommerce or woocommerce blocks.
Have you tried selecting “Ignore” on that scan result? Does it come back on the next scan?
Let me know what you find!
For some reason, it is not located in the scan results. I’ve had to ignore the other two files because I have tried but not been able to tell Wordfence to ignore them while scanning.
The database is clean, the cron jobs are clean. I’m not certain why I am getting some strange e-mail saying that something is there that doesn’t show up on the scan results.
Just like the original WooCommerce issue I had, it may be tied into my paid memberships pro plugin. That is the only thing I think might be tying the WooCommerce Blocks to my site. if I can tie the issue to that plugin then I can let the developer know about it.
No, I’ve had no luck. I keep getting reports that are from plugins that I once had on my site but no longer have. I’m not exactly sure why this is taking place, I can’t seem to pinpoint any one reason for this to happen.
I’m thinking of removing Wordfence altogether and cleaning the database of all Wordfence tables. Maybe starting with a clean install of Wordfence will work better for me, or possibly trying another security for WordPress.
I have kind of found myself in a catch-22 at the moment and trying to ascertain the direction I should take. I have always felt that Wordfence was the best in security from the FREE perspective but I’ve also heard that iThemes is a strong solution as well.
I’ll kick the can around the block for a little bit, as my site is live and I do not want to make any significant changes until I have a firm grasp on the direction I will take.