WordPress.org

Forums

Wordfence Security
scan failed (6 posts)

  1. nilar
    Member
    Posted 11 months ago #

    Hello,

    The scan failed to find injected file in the wp-include folder. Is it just me?

    https://wordpress.org/plugins/wordfence/

  2. rngdmstr
    Member
    Posted 11 months ago #

    What were the contents of the file?

    Malware scans are typically signature based, if this was a new string of malicious code it might not have been picked up.

  3. nilar
    Member
    Posted 11 months ago #

    Well ... I don't know the content of the files as my PC even refused to edit them. I mean I'm not speaking about lines of code injected in already existing files. I'm speaking about completely new files and, apart from the content of these files, I expected from wordfence a comparative scan able to detect strange named php files on a core folder of the wordpress installation, in particular on a css folder where php files shouldn't be at all.

  4. rngdmstr
    Member
    Posted 11 months ago #

    Ok, in this case, if you are seeing files in wp-includes that shouldn't be there then you should remove them.

    To better determine what files should and should not be present you can use this trick in Filezilla:

    http://blog.sucuri.net/2012/11/website-malware-removal-ftp-tips-tricks.html

    Have a fresh copy of WordPress on the left and browse your site files on the right and then press Ctrl+O - the green/white files match and the yellow files will be out of place.

    As for Wordfence finding .PHP files with strange names, I am not sure if this is something Wordfence does. Random/strange filenames is only a proxy indicator for malware, though, and does not always indicate an infection (take, for instance, cache files which tend to have very random and strange names)

  5. nilar
    Member
    Posted 11 months ago #

    The trick is awesome ... you changed my life. Really :)

    As for Wordfence, probably you are right. I gave it as granted that it performed a comparison scan on core folders that, unless you are a very reckless webmaster, shouldn't change. But maybe not.

    Anyway Wordfence is fantastic in the real time alerting system. Recently got 2 hackers while they were hacking thanks to this. Remarkable :)

  6. rngdmstr
    Member
    Posted 11 months ago #

    Yeah, it's a very handy tool :)

    There's really no reason to have any out-of-place files in wp-includes - In infected sites I find most often they are spam related files.

    If you're not sure about a certain file feel free to pastebin here and I can take a look.

Reply

You must log in to post.

About this Plugin

  • Wordfence Security
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic