Empty Plugin Folder Emails

Sorry for the inconvenience. I probably should have created a new option for HPF email alerts and set that option to Off by default. That will be added in the next BPS version.

9 times out of 10 what HPF detects are orphaned files that should not be directly under the /plugins/ folder or files that are created in the /plugins/ folder by another plugin. So you just check to make sure the file is not malicious and either delete it or ignore it.

Just to add to this; I have had HPF Cron enabled for several projects for some time with zero issues, then after the last update I received the alarming email messages AND huge warning notifications in the dashboard – visible to all admins. And this was because I had a few compressed (.zip) plugin files in order to quickly roll back in case of issues. NOTE: these .zip file are not new. All around an unpleasant experience, so I’m disabling HPF Cron on all sites. I have other systems in place to check for hidden files so this was a “nice” redundant check… but this wasn’t so “nice” or subtle ??

You had zero issues before because there was a bug in the HPF cron. The HPF cron was misfiring or in other words not working. Sorry for the inconvenience.

Ok – makes sense. Thanks for clarifying. Still appreciate & recommend BPS.

Follow up: I am now receiving MULTIPLE identical emails from all of my 80 wordpress sites. I have deleted HUNDREDS of these emails yesterday and today.

They ALL point to Seedpod Coming Soon plugin folders. This is a false positive. The Coming Soon plug-in is installed on all my sites and active on a bunch of them. False-positive.

I am about to disabke Bulletproof on all my sites until the problem is resolved.

Blaine

You can just turn off HPF and not use it. The HPF check is done by matching certain parameters that hidden hacker plugins use to hide their hacker plugins. I will check/test the Seedprod coming soon plugin to see what parameters are matching the HPF check.

• This reply was modified 2 years, 9 months ago by AITpro.

Ok I just installed and tested the Coming Soon Page, Maintenance Mode, Landing Pages & WordPress Website Builder by SeedProd plugin and I am not seeing any HPF alerts. Maybe there is something wrong with your plugin installation? All plugin folders and files should be under the /coming-soon/ folder. Typically what will trigger HPF are things like someone extracted a zip file incorrectly in the /plugins/ folder and there are orphaned folders and files directly under the /plugins/ folder where they should not be.

HI there, I’ve got a similar issue. Every site I have with BPS installed is emailing me an HPF warning about hello.php in the plugins folder (its the ‘Hello Dolly’ plugin basically). I’ve deleted all instances but I’m still getting the warning like the files are still there.

Any ideas how to stop the emails?

Thanks for your time

The Hello Dolly and Akismet plugins are often targeted by hackers since they are plugins that are bundled with WP by default. HPF has code that specifically checks the hello.php file for tampering/modifications. Physically check your plugins folder (FTP or web host file manager tool) to see if the hello.php was automatically recreated. Hackers create scripts that automatically recreate/regenerate files if the files have been deleted. If you find a hello.php file then email the file to me so I can take a look at it > use my email address on my contact page here > https://www.ait-pro.com/contact/

I have seen this scenario many times over the years > there is a valid Akismet plugin installed and a hidden hacker Akismet plugin in the plugins folder. Hidden hacker plugins are typically not displayed on the WP Plugins page. So if someone uninstalls Akismet on the WP Plugins page, they are uninstalling the valid Akismet plugin, not the Akismet hidden hacker plugin.

The only other possibility I can think of for why you would still be receiving HPF alert emails would be that your host mail server has a delay/backlog and you are receiving older emails that were delayed in being sent.

This is another possibility > if you have disabled standard WordPress Crons and are using Direct crons that are not configured to fire once per minute then that can cause all sorts of strange cron problems.

Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. I still receive email notifications when threads have been resolved.

Just to say that I started receiving these today. The first time I logged into my WP, the BPS Dashboard Alert was there indicating the specific file which I then removed. But I continue to receive BPS alert emails and subsequent logins do not show a Dashboard Alert…
While I’m at it Thank You for your awesome plugin. (Please consider adding a Donate button for those of us who would like to support but don’t require the PRO version.)

I just retested HPF and everything is working correctly on my test site. A few people have mentioned that they are still getting email alerts after deleting all files or folders that were detected by HPF. The only logical things that I can think of for that problem would be these:

Some, but not all folders or files detected by HPF were deleted.
A delay/lag in email alerts being sent from a web host mail server.
Standard WP Crons have been disabled and alternative or direct crons are not firing correctly.
Something else that you have installed is interfering with BPS Cron jobs or other functionality in BPS.

Got it. I’m still receiving them (FYI). Supposing I neglected to delete all of the files detected by HPF, should the Dashboard Alert be indicating the remaining files to be deleted? Or is there somewhere I can retrieve the original Alert message? Thanks!
…
BPS Alert: Hidden Plugin Folders|Files (HPF) Alert – June 14, 2022 – 5:38 am
BPS Alert: Hidden Plugin Folders|Files (HPF) Alert – June 14, 2022 – 6:37 am
BPS Alert: Hidden Plugin Folders|Files (HPF) Alert – June 14, 2022 – 7:07 am
BPS Alert: Hidden Plugin Folders|Files (HPF) Alert – June 14, 2022 – 8:39 am
BPS Alert: Hidden Plugin Folders|Files (HPF) Alert – June 14, 2022 – 10:07 am`

Did you dismiss the HPF alert? If so, go to the BPS > Alerts|Logs|Email Options menu > click the Reset|Recheck Dismiss Notices button. Dismissing any HPF alert dismisses all future HPF alerts until you reset them.