Support » Plugin: Wordfence Security - Firewall & Malware Scan » WordFence Faslely Flags 391 Files as Issues

  • +ES

    (@evelynmsdesigngraphicscom)


    Hello+
    Yes, I know the WordPress Cores needs to be updated and that is what I was in the process of doing when I had to restore a backed up version of the website. I used a backup taken taken 2 days prior to the date of my attempted updates. After this WordFence flagged 392 Issues – 391 are files that it states are “not distributed with this version of WordPress” however when I randomly look at the files and compare with WordPress’ source code, they are all valid files. Additionally, WordFence claims the files have been modified, but the content matches the source code. So, what is happening here? Please avivse.
    Thank you.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author WFMattR

    (@wfmattr)

    Hi,

    This might have happened if you restored the backup while a Wordfence scan was running. If you run the scan again, do the issues disappear, or do they still show up?

    -Matt R

    +ES

    (@evelynmsdesigngraphicscom)

    Hi+
    I just ran the scan again – I get the exact same results… Please advise.
    Thanks

    Plugin Author WFMattR

    (@wfmattr)

    Do you find the file ‘wp-includes/version.php’ in the scan results — or if not, can you find it in the site’s files? (By using SFTP, FTP, or your host’s file manager)

    If the version number in that file is correct for the version your restored, then it sounds like the restored backup may have missed something, or the backup process may have modified spacing or line endings in the files, which wouldn’t show up in the comparison. You might be able to see that if you compare the file sizes. I haven’t seen a case quite like this before, so I’m not certain if that is the issue yet.

    -Matt R

    +ES

    (@evelynmsdesigngraphicscom)

    Okay, I will look for the version of WP that WordFence is using to compare and get back with to you… Thanks!

    +ES

    (@evelynmsdesigngraphicscom)

    I found the file & it says “version 4.0” — please advise… thanks!

    +ES

    (@evelynmsdesigngraphicscom)

    Hi+
    It has been several days and WordFence still flags 392 files with the same issue as stated above. Also, per my above statements, you see that it is comparing the proper version of WordPress… Please advise.
    Thanks!

    Plugin Author WFMattR

    (@wfmattr)

    Ok, it does sound like restoring the backup is what modified the files. Since the comparison of individual files shows that they are the same, the only likely difference is line endings. (The backup tool might have converted them from unix/linux-style endings to dos/windows-style endings. It’s not harmful, but is still a difference from the originals.)

    The best way to fix the issue is to update WordPress to a newer version — ideally, the latest version, since there are known vulnerabilities in previous versions. WordPress 4.0 has quite a list of vulnerabilities, shown here:
    https://wpvulndb.com/wordpresses/40
    (Some are more serious than others.)

    You could temporarily click the link that says “Ignore all new issues” at the top of the scan results. If you’re sure that the modified core files are the only current issues, that will at least give you a clean list in case anything else gets modified, until you’re able to update WordPress — but still, be sure to update WP as soon as possible.

    -Matt R

    +ES

    (@evelynmsdesigngraphicscom)

    Hi+
    Thank you very much for the advice. I was in the process of updating things when I had to restore a backed up version, and then this… I was not certain what to do next. I will proceed with those updates and then post the results here.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘WordFence Faslely Flags 391 Files as Issues’ is closed to new replies.