Scanning out of date plugins

  • Resolved BrockleyJohn

    (@brockleyjohn)


    10 years, 6 months ago

    Still cleaning a hacked client… it appears that extra files within plugins are scanned fully to assess whether they are malicious, but the contents of files that belong in the plugin are only examined if the latest version is installed.

    Is this the case, or do I just need to get the injected examples to you because they’re supposed to be detected? Settings are scan everything everywhere at high sensitivity, but there are a bunch of files in outdated plugins that have been injected and I only identfied them from going through the web server logs around the time of access of the extra files that Wordfence did spot.

    In the case of this client, they’re running a commercial variant of wp-e-commerce which as been further modified for their specific needs so it’s not feasible to whack in the latest version. Since I didn’t do the implementation, it’s not easy to tell if this is true of any of the other plugins there, so I’ve been checking the version of each against known vulnerabilities and ignoring the big red cross against any version thought to be safe. It would seem that wf doesn’t really support this approach – or am I not using it properly?

    I’m now opening up my linx toolbag and digging around at command line to approach from another direction.

    https://wordpress.org/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • WFBrian

    (@wfbrian)

    10 years, 6 months ago

    Hi,

    Will you send the files to samples (at) wordfence.com to have them examined? It’s best to run the most up-to-date versions of themes and plugins. I understand this may not be possible at this time since the site has been customized. I’m afraid you’ll have to be a bit more hands-on with examining older files.

    -Brian

    Thread Starter BrockleyJohn

    (@brockleyjohn)

    10 years, 6 months ago

    Will do, thanks Brian.

    Suggestion for a future enhancement: option to scan expected files of out-of-date plugins in the same way as extra files.

    Plugin Author WFMattR

    (@wfmattr)

    10 years, 6 months ago

    Outdated plugins should still be compared to the originals if they were free plugins from wordpress.org (if they’re extremely old, they should be scanned as regular files) — any premium plugins can’t be scanned against originals though, since there is no public repository where we can compare them, so those are scanned as regular “other” files as well.

    Since you mentioned that some plugin files may have been modified intentionally, you can set Wordfence to treat all theme/plugin files as regular files, which may be what you need. To do that, you can turn off these two options:
    Scan theme files against repository versions for changes
    Scan plugin files against repository versions for changes

    You might catch some false positives, depending on how the files were modified, so be careful with any cleanup, of course. Even if some of the files may still be malicious, you might want to take an extra backup, just in case you need to restore any of those files.

    Let us know how it goes.

    -Matt R

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Scanning out of date plugins’ is closed to new replies.