Wordfence highlighting modified plugin files

  • Resolved barnez

    (@pidengmor)


    9 years, 11 months ago

    Hi,

    I have the Wordfence security plugin installed and it runs daily scans to compare the theme and plugin files on the site with those in the WordPress repository. I have recently received warnings about the following files:

    Modified plugin file: wp-content/plugins/calculated-fields-form/README.txt
    Modified plugin file: wp-content/plugins/calculated-fields-form/js/jQuery.stringify.js
    Modified plugin file: wp-content/plugins/calculated-fields-form/css/stylepublic.css
    Modified plugin file: wp-content/plugins/calculated-fields-form/js/fields-public/fbuilder.fcalculated.js
    Modified plugin file: wp-content/plugins/calculated-fields-form/js/fbuilder-pro-public.jquery.js
    Modified plugin file: wp-content/plugins/calculated-fields-form/cp_calculatedfieldsf_admin_int.php
    Modified plugin file: wp-content/plugins/calculated-fields-form/cp_calculatedfieldsf.php

    Wordfence allows a view to compare the changes, so you can see if this is the result of addition malicious code in the event of being hacked. This does not seem to be the case, and it appears that you are adding and removing legitimate code as you develop the plugin. However, this is a heads up that until you update the version, those of us with Wordfence installed will continue to receive such warnings.

    Cheers

    https://www.ads-software.com/plugins/calculated-fields-form/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author codepeople

    (@codepeople)

    Hi,

    I’m sorry, I don’t know how “Wordfence Security” works, but our plugin is in constant development, because we are receiving suggestions and recommendation of the users every day, and we want create a plugin to be used in all situations. I will install “Wordfence Security”, and test it.

    Thank you very much.

    Thread Starter barnez

    (@pidengmor)

    Hi,

    It’s fantastic you are active in development, and for me this is one of the main reasons I am interested your plugin, so please don’t stop ??

    If you make sure that Wordfence is enabled to scan for changes in plugins through Options -> Scans to include -> “Scan plugin files against repository versions for changes” (I think this is the default setting) you should see the warnings. As Wordfence is one of the most popular security plugins, I imagine this is something you would want to be aware of.

    Thanks, and keep up the great work.

    Thread Starter barnez

    (@pidengmor)

    I think the issue here is that you are updating the plugin that people download from WordPress, but the version number and changelog are not being updated. Therefore, there are many different versions of calculated fields form version 1.0.1. If you released official versions say every week or two, and updated the version number each time, then Wordfence would not flag these up as possible hacks, and as users we could follow the development of the plugin more closely. If you don’t, then you may lose users as they feel uncomfortable about examining the changes in the code Wordfence flags as suspicious, and with 4,000,000 Wordfence downloads, this has the potential to reduce your plugin’s popularity.

    Plugin Author codepeople

    (@codepeople)

    Hi,

    You are right, thank you very much. I’ve some updates that should be released very soon, and I promise change the version number of plugin.

    Best regards.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Wordfence highlighting modified plugin files’ is closed to new replies.