I’ve noticed an issue with WP Asset Cleanup where Wordfence is reporting file changes. The file contents appear to be the same before the report, however, they do differ from the repository – which is what it is checking against.
Is it possible you’re making changes to the SVN trunk / tags folder without bumping the version number?
I’m just trying to figure out of this is a genuine security issue or not.
All the best,
Sometimes, files do differ as changes are made to the SVN without changing the version number, especially when no new features are added or some cosmetic changes or code cleanup was performed. There are situations when functionality is updated, but it’s only made official when the tag is updated. The development version (trunk) is usually updated first when people want to test a new feature.
I used to change the number all the time, but people complained about too many updates (plus, the changelog will be too large and not so easy to go through), sometimes two in a day, thus I’ve decided to change the way the plugin is updated.
If you have suggestions about this process, let me know!
No worries, this is what I suspected and just wanted to confirm.
Wordfence has picked up various file changes for me too, and wanted to check that they are all legit. Can you confirm that the following changes have been made by yourself:
Apologies for posting a big list of files, but I just wanted to make sure that each one is a legitimate change from yourself.
@danniimartin All these files were changed in the past month. You might see this kind of things once in a while as sometimes files are updated without releasing a new tag. I suggest you use a malware scanner if you’re worried these files were updated by a 3rd party source (e.g. a hacker) which is less likely (other plugins could have their files updated too). Or, just re-download the plugin (latest tag) and Wordfence shouldn’t pick up on them. Does that help?
I’ve had some hacking issues recently and it’s quite disconcerting and doesn’t help the troubleshooting process when frequently getting false positives like this in wordfence.
If I uninstall your plugin and re-install it will I lose all my configured settings and optimisations?
Absolutely, if you just uninstall the plugin (without resetting anything of course, from “Tools” – “Reset”) and install it later, all the settings and optimizations will be preserved. Are the Wordfence notices that frustrating that you need to deactivate Asset CleanUp? Is there a way to filter them or make them less obtrusive?
Not OP, but I just uninstalled your plugin because of the wordfence alerts, even though I didn’t want to believe it, especially not when the plugin Author is called Gabriel!
I would prefer the official updates before functionality is changed so that people know it’s a trustworthy plugin.
@birdbrainsolutions I understand your concern and as you probably noticed, there was more than one update on the same tag, indeed!
It rarely happens nowadays, hopefully, this will end very soon so no one would get any “false” Wordfence alerts again. Wordfence doesn’t check the official updates for the same tag and I don’t blame them because it’s not that easy.
I hope you’ll be using the plugin again someday. If you read the posts from this topic, you’ll probably understand why these updates were made. Thanks for your honest feedback!
It’s mostly for troubleshooting as of now because wordfence limited access to the site, and on recovering the site, the scan showed issues with only your plugin, which led me to believe that that was the cause.
If you check your reviews, I recommended your plugin just a little while before that 🙂
If you can check and confirm that there are no vulnerabilities with your plugin, I would love to test it further (since I am already using it on multiple sites for the past 7-10 days).
@birdbrainsolutions The reason why Wordfence reported this (which is not a security breach) is because the version of the file OptimizeCommon.php that you have there is not the same as the one for the tag 18.104.22.168. Reason being that two updates were made to this file for the same tag which is a practice that will end very soon as I said earlier.
The same thing was discussed here: https://wordpress.org/support/topic/wordfence-detect-files-changed/
You can actually check the contents of OptimizeCommon.php (latest change) here: https://plugins.trac.wordpress.org/changeset/2167573/
All the updates are public and visible in the WordPress repository. Let me know if this is clear or if you have further questions and I would gladly assist you!
I understood that by reading your earlier messages, I just wanted confirmation that there were no vulnerabilities within your plugin as I want to use it on all the sites 🙂
And would definitely prefer if all changes were made only after the official update. And thank you once again for creating this plugin!
Have a great day!
- The topic ‘Wordfence file changes’ is closed to new replies.