WordPress File Change Warning

  • Resolved IvanSliskovic

    (@ivansliskovic)


    9 years, 4 months ago

    Hi, I use iThemes Security plugin on my site and also Anti-Malware.

    iThemes have this option to send me email if I have suspicious changes inside my site files and folders. My question is – is this normal for Anti-Malware to change my sites files or what?
    Today I run full scan and maybe it is because of that? I noticed wp-login has been changed, it is because it was reported as infected and it has been removed to quarantine…

    Take a look at log file and tell me do I need to worry ?

    Scan Time: Monday, November 24th 8:52 pm UTC
    Files Added: 4
    Files Deleted: 1
    Files Modified: 13
    Memory Used: 8 MB
    Files Added

    File Modified File Hash
    wp-content/plugins/gotmls/safe-load/trace.php Monday November 24th, 2014 at 10:18 am UTC 50ff79ed2487ec3ee476cc7ce864f8f2
    wp-content/plugins/gotmls/safe-load/session.php Monday November 24th, 2014 at 10:18 am UTC c6fe837393209d447014f4cb4172f50b
    wp-content/plugins/gotmls/safe-load/index.php Monday November 24th, 2014 at 10:18 am UTC 56b0483976b435c2efd648d158fd9988
    wp-content/plugins/gotmls/safe-load/wp-login.php Monday November 24th, 2014 at 10:18 am UTC 921867b2cfe28121fd207ef18cdc60a8
    Files Deleted

    File Modified File Hash
    wp-content/plugins/gotmls/images/trace.php Tuesday October 7th, 2014 at 7:21 am UTC 50ff79ed2487ec3ee476cc7ce864f8f2
    Files Modified

    File Modified File Hash
    wp-content/plugins/gotmls/images/blocked.gif Monday November 24th, 2014 at 10:18 am UTC 4747ebc3ababd33cb8517ae67af9d292
    wp-content/plugins/gotmls/images/GOTMLS-16×16.gif Monday November 24th, 2014 at 10:18 am UTC be277e74815a1c05ad425729d8214bfc
    wp-content/plugins/gotmls/images/wait.gif Monday November 24th, 2014 at 10:18 am UTC 26d9b9571c58e54aa292f1490bc375e5
    wp-content/plugins/gotmls/images/question.gif Monday November 24th, 2014 at 10:18 am UTC 330df61bf410b22cd446eee6470ed3d6
    wp-content/plugins/gotmls/images/ELI-16×16.gif Monday November 24th, 2014 at 10:18 am UTC 937892ed4f05ef6eabf9e8d80b98e325
    wp-content/plugins/gotmls/images/threat.gif Monday November 24th, 2014 at 10:18 am UTC 5088fc1d49e725d8e53ba437c511b2b5
    wp-content/plugins/gotmls/images/btn_donateCC_WIDE.gif Monday November 24th, 2014 at 10:18 am UTC 6262e4417981c4ed75f6633498f9967b
    wp-content/plugins/gotmls/images/checked.gif Monday November 24th, 2014 at 10:18 am UTC 5bcf33e5df418fc73e986d88a2abbdb7
    wp-content/plugins/gotmls/images/index.php Monday November 24th, 2014 at 10:18 am UTC 88634fe1e2194f0f03fd479c2b234e26
    wp-content/plugins/gotmls/languages/gotmls.pot Monday November 24th, 2014 at 10:18 am UTC f299388520bd1b9b97b2b6b69f10ca31
    wp-content/plugins/gotmls/safe-load.php Monday November 24th, 2014 at 10:18 am UTC fb55f467fc7edf1a11ff5e438f11a721
    wp-content/plugins/gotmls/readme.txt Monday November 24th, 2014 at 10:18 am UTC f316109459bccf5aa4d0ac12f6d4879a
    wp-content/plugins/gotmls/index.php Monday November 24th, 2014 at 10:18 am UTC d3bed9d1edb0b13a53f10278929f4f1f

    https://wordpress.org/plugins/gotmls/

Viewing 1 replies (of 1 total)
  • Plugin Author Eli

    (@scheeeli)

    9 years, 4 months ago

    I looks like you just upgraded my plugin. The wp-login.php file in your log is in wp-content/plugins/gotmls/safe-load/, not in the root directory. this file comes with my plugin and is part of a Brute-Force login patch. The old patch would modify the root wp-login.php file that is part of the WordPress core (this action would store the original wp-login.php file in the quarantine asa backup) but this is not a good practice and my new login patch does not modify any core files.

    The wp-login.php came up on your scan today because it was previously modified by my old patch (the description of why this file is coming up is right there in the WP-Login Update section). The new version of my plugin will restore the original wp-login.php file from the WordPress Core Repository and upgrade the brute-force protection on your site without modifying any core files.

    So, in conclusion, there is no need to worry and you should go ahead and apply this fix. Please let me know if you have any more question on this.

    Aloha, Eli

Viewing 1 replies (of 1 total)
  • The topic ‘WordPress File Change Warning’ is closed to new replies.