Title: Mark Maunder's Replies | WordPress.org --- # Mark Maunder [ ](https://wordpress.org/support/users/mmaunder/) * [Profile](https://wordpress.org/support/users/mmaunder/) * [Topics Started](https://wordpress.org/support/users/mmaunder/topics/) * [Replies Created](https://wordpress.org/support/users/mmaunder/replies/) * [Reviews Written](https://wordpress.org/support/users/mmaunder/reviews/) * [Topics Replied To](https://wordpress.org/support/users/mmaunder/replied-to/) * [Engagements](https://wordpress.org/support/users/mmaunder/engagements/) * [Favorites](https://wordpress.org/support/users/mmaunder/favorites/) Search replies: ## Forum Replies Created Viewing 15 replies - 1 through 15 (of 1,317 total) 1 [2](https://wordpress.org/support/users/mmaunder/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/mmaunder/replies/page/3/?output_format=md)… [86](https://wordpress.org/support/users/mmaunder/replies/page/86/?output_format=md) [87](https://wordpress.org/support/users/mmaunder/replies/page/87/?output_format=md) [88](https://wordpress.org/support/users/mmaunder/replies/page/88/?output_format=md) [→](https://wordpress.org/support/users/mmaunder/replies/page/2/?output_format=md) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Ouch! | Unknown File in WordPress Core | WP 6.7](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/page/2/#post-18133308) *  😆 (re the b**tard file) - This reply was modified 1 year, 6 months ago by [Mark Maunder](https://wordpress.org/support/users/mmaunder/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Ouch! | Unknown File in WordPress Core | WP 6.7](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133239) * Feedback received re pinning an item. Given the number of posts related to this and how it’s now fully resolved and has been for hours, I’m going to probably pass on doing this. But it’s Scott’s call anyway since he runs the CS team. I’m just a guest here. 🙂 So he may feel different. Anyone who visits the forums for the next day or two will immediately see several threads related to this. 24 hours after the issue occurred (about 16 hours from now) a new scan would have run on most sites making this moot anyway. * We do receive feedback – we just don’t necessarily implement it all. In fact as a ratio, we implement very little of the suggestions we get. There are a few reasons for this. Firstly we have an install base of around 5 million websites with about half a billion visitors per month across those sites, so deploying a new feature across that population comes with risks and affects a lot of people. * We also have probably the most credentialed team of security analysts in the world who also weigh in on what we implement and suggestions from users aren’t always feasible or wise to implement because they lack the background in security. * There are also performance implications, complexity that a new feature might add, cost/load considerations on the back end and on the customer site and so on. * But let me give this further thought. We might be able to create a more direct link between our user community and our engineering team and perhaps even crowd- source the prioritization of features. Not saying we’d implement them all or that they’d all be feasible, but I’ll give this some thought. * Thanks for your feedback. * Mark Maunder – CTO @ Wordfence * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] 2514 Warnings](https://wordpress.org/support/topic/2514-warnings/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/2514-warnings/#post-18133228) * I’ve posted some additional background here. We resolved the issue on our end and have put mitigation in place to prevent it from happening in future: * [https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181) * Mark Maunder – CTO @ Wordfence * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Unknown file WordPress](https://wordpress.org/support/topic/unknown-file-wordpress/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/unknown-file-wordpress/#post-18133223) * Further clarification that this had nothing to do with firewall rules and what the underlying issue was and how we’ve fixed it: * [https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181) * Regards, * Mark Maunder – CTO @ Wordfence * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Wordfence market all WP 6.7 files as suspect](https://wordpress.org/support/topic/wordfence-market-all-wp-6-7-files-as-suspect/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/wordfence-market-all-wp-6-7-files-as-suspect/#post-18133220) * Further clarification on what the underlying issue was and that this had nothing to do with firewall rules. * [https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181) * Mark Maunder – CTO @ Wordfence * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Safely addressing the deletable files](https://wordpress.org/support/topic/safely-addressing-the-deletable-files/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/safely-addressing-the-deletable-files/#post-18133219) * Further clarification on the underlying issue and that this has nothing to do with firewall rules. * [https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181) * Mark Maunder – CTO @ Wordfence * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Unknown files after update to WordPress 6.7](https://wordpress.org/support/topic/unknown-files-after-update-to-wordpress-6-7/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/unknown-files-after-update-to-wordpress-6-7/#post-18133211) * Additional details on the underlying issue along with further clarification that this is unrelated to firewall rules: * [https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181) * Mark Maunder – CTO @ Wordfence. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Worfence flagging core Wp files false positive on WordPress 6.7](https://wordpress.org/support/topic/worfence-flagging-core-wp-files-false-positive-on-wordpress-6-7/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/worfence-flagging-core-wp-files-false-positive-on-wordpress-6-7/#post-18133208) * Additional data on the underlying issue and clarification that it has nothing to do with firewall rules: * [https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181) * Regards, * Mark Maunder – CTO @ Wordfence * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] unknown files in wordpress core](https://wordpress.org/support/topic/unknown-files-in-wordpress-core-4/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/unknown-files-in-wordpress-core-4/page/2/#post-18133205) * An additional follow-up with detail on the underlying issue and additional clarification that this has nothing to do with firewall rules and that we have never changed the frequency on those. The issue is now fully resolved, we have additional alerting in place in case it occurs again and we’re refactoring the code that runs this process to make it far more robust. * [https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181) * Mark Maunder – CTO @ Wordfence - This reply was modified 1 year, 6 months ago by [Mark Maunder](https://wordpress.org/support/users/mmaunder/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Wordfence Scan result Unexpected Core Files After Updating to WordPress 6.7](https://wordpress.org/support/topic/wordfence-scan-result-unexpected-core-files-after-updating-to-wordpress-6-7/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/wordfence-scan-result-unexpected-core-files-after-updating-to-wordpress-6-7/#post-18133196) * This post provides a full explanation of the underlying issue including a clarification that this has absolutely nothing to do with firewall rules, and that we’ve never changed the update frequency on those rules. * [https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181) * Regards, * Mark Maunder – CTO @ Wordfence * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Problem with Wordfence is easy to resolve](https://wordpress.org/support/topic/problem-with-wordfence-is-easy-to-resolve/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/problem-with-wordfence-is-easy-to-resolve/#post-18133192) * Following up on Scott’s post, please read this for a full explanation. This has nothing to do with firewall rules, we’ve never changed the frequency that free rules are updated, manually refreshing rules has no effect on this issue and it’s a coincidence it worked at all. * [https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181) * Regards, * Mark Maunder – CTO @ Wordfence * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Did wordpress 6.7 update got flagged as malware in Wordfence?](https://wordpress.org/support/topic/did-wordpress-6-7-update-got-flagged-as-malware-in-wordfence/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/did-wordpress-6-7-update-got-flagged-as-malware-in-wordfence/#post-18133185) * Thanks for doing that. I’ve posted an explanation here that clears up some inaccurate data that’s going around about this issue. It also explains the underlying problem that caused this. * [https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181) * Regards, * Mark Maunder – CTO @ Wordfence - This reply was modified 1 year, 6 months ago by [Mark Maunder](https://wordpress.org/support/users/mmaunder/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Ouch! | Unknown File in WordPress Core | WP 6.7](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181) * Guys please don’t post misinformation and your own misunderstanding of how things work in Wordfence. This stuff gets indexed by the search engines, other users visit these posts, and then it significantly increases our support load as we have to correct the misunderstanding you’ve created. Jason calling you out in particular. * Firstly, this is incorrect and completely unrelated to the core files issue: “ _Wordfence changed this a bit ago where the rules are only updated once every 30 days – not sure this was a great idea on Wordfence’s part._“ * Firewall rules and malware signatures are not related to how we compare your core files to the original core versions. That’s a totally different process. What happened on our end is that, due to recent rate limiting on the repository, the process that mirrors new core releases did not complete normally and stopped halfway. Our application servers told the Wordfence plugin that we DID have a complete mirror with associated hashes, but we in fact did not. Once we discovered the issue we ran the process to completion manually which fixed the issue this time around. We’ve also put additional alerting in place to let us know if this happens in future. And then we’re refactoring the code for this process to make it more robust and not tell the plugin the process is complete if it did not successfully complete, in the case of an issue being encountered. * Also the comment of “Wordfence changed this a bit ago where the rules are only updated once every 30 days” is wrong. We didn’t. Not even sure why you’d think that or post it. * “…Team Wordfence hardly ever listens to its users”. No. We’re here in the forums. We’re in the tickets. We have multiple triage calls weekly which I’m on (I’m the CTO) as well as our CEO, and we’re making decisions based on your feedback at all levels of the organization, and doing that as a continuous and iterative process. * “If you go to Wordfence -> All Options -> Advanced Firewall Options -> Manually Refresh Rules”. No, it’s a coincidence this worked. We had fixed it on our end between your last scan and the scan you performed after making this change. You’re refreshing the firewall rules which has no relation to file integrity checks. * “_Well, if they don’t mind this support channel blowing up with every major and minor release, then that’s on them. I was kind enough to post a fix and post it to every support thread across wordpress.org to help others before they go and delete core files mistakenly._“ * Actually what you’ve done is posted an incorrect description of the problem, and a fix that does not work because it’s completely unrelated to the issue. As I said, you think it worked because a coincidence occurred. And we now need to go in and correct any misunderstandings created around the frequency of firewall rules being deployed, what caused this issue, how to fix it (you don’t need to because we did on the back-end) and answer any questions around this that come up. * We’re happy to have you guys as users and customers, but please give us time to get back to you when something like this occurs with all the information before you start replying to multiple customers with partial or inaccurate info. * Regards, * Mark Maunder – Chief Technology Officer at Wordfence/Defiant Inc. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] SAST scan found vulnerabilities in the plugin](https://wordpress.org/support/topic/sast-scan-found-vulnerabilities-in-the-plugin/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/sast-scan-found-vulnerabilities-in-the-plugin/#post-18123626) * Absolutely not. You can’t just Tom Sawyer this job. Please don’t dump automated output into a document and expect us to sift through it in the hope of my team finding a vulnerability you’ll get paid for. This is a waste of everyone’s time. * Take the time to use the best available tools along with your own knowledge and skills to find legitimate vulnerabilities, verify them, and submit those. In doing that you’ll be contributing to the overall security of the WordPress community. * Regards, * Mark Maunder – Chief Technology Officer at Wordfence. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Feature request: enable Audit log without Wordfence Central](https://wordpress.org/support/topic/feature-request-enable-audit-log-without-wordfence-central/) * Plugin Author [Mark Maunder](https://wordpress.org/support/users/mmaunder/) * (@mmaunder) * [1 year, 6 months ago](https://wordpress.org/support/topic/feature-request-enable-audit-log-without-wordfence-central/#post-18123527) * Thanks for your feedback. Viewing 15 replies - 1 through 15 (of 1,317 total) 1 [2](https://wordpress.org/support/users/mmaunder/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/mmaunder/replies/page/3/?output_format=md)… [86](https://wordpress.org/support/users/mmaunder/replies/page/86/?output_format=md) [87](https://wordpress.org/support/users/mmaunder/replies/page/87/?output_format=md) [88](https://wordpress.org/support/users/mmaunder/replies/page/88/?output_format=md) [→](https://wordpress.org/support/users/mmaunder/replies/page/2/?output_format=md)