Sudden 229 (High) issues!

  • Resolved onaz

    (@onaz)


    4 years, 2 months ago

    After freshly building up our Website, we got this scan results. I looked into some of this INI files and couldn’t find anything malicious about them. Maybe something wrong with the Firewall Filter?

    Unknown file in WordPress core: wp-admin/css/colors/blue/php.ini (+ 229 more)

    Filename: wp-admin/css/colors/blue/php.ini
    File Type: Core
    Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. 229 more similar files were found. Learn More

    View File:

    Filename:	/homepages/45/d34824789/htdocs/avicenna-ev.de/wp-admin/css/colors/blue/php.ini
File Size:	483 bytes
File last modified:	Wednesday 23rd of February 2022 10:44:38 PM
safe_mode=false;
upload_max_filesize=128M;
post_max_size=128M;
memory_limit=1024M;
zend_extension=opcache.so;
opcache.enable=1;
opcache.memory_consumption=64;
opcache.interned_strings_buffer=8;
opcache.max_accelerated_files=5000;
opcache.revalidate_freq=180;
opcache.fast_shutdown=0;
opcache.enable_cli=0;
opcache.revalidate_path=0;
opcache.validate_timestamps=2;
opcache.max_file_size=0;
opcache.file_cache=/kunden/homepages/45/d34824789/htdocs/.opcache;
opcache.file_cache_only=1;

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    4 years, 2 months ago

    Hi @onaz, thanks for getting in touch.

    php.ini is traditionally the name of the default configuration file for running applications that require PHP and certainly doesn’t reside as part of the default WordPress installation folder. It has been known for certain premium plugins to change files inside core WordPress when they shouldn’t, but is not a regular occurrence and this inclusion in a CSS folder seems odd.

    Wordfence checks the WordPress.org repository when comparing files for malicious changes, so if your version of WordPress core or any plugins installed from inside WordPress are showing extra files it might be worth checking your diagnostic – which will include your scan results.

    I would take a backup of your site and try repairing/removing files as recommended from the scan results and see if they return. It could also be worth clearing any caches running on your site or server. If any of the ini files reported contain code that looks more like HTML or Javascript than server configuration lines, it could be from a suspicious source.

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)

The topic ‘Sudden 229 (High) issues!’ is closed to new replies.

Tags