False alarm re. high-severity problems

  • Resolved GLHQ

    (@glhq)


    4 years, 5 months ago

    @wfgerald, thanks for your note on the other thread where I posted these comments. As per your request, I am reposting them in a new thread.

    On a couple of sites I manage, Wordfence found what it said were high severity problems.

    In the first case, it listed dozens of files it said had been modified from the WordPress installation. I downloaded these files and used Text Wrangler to compare them with my installation copy. There were no differences.

    In the second case, it listed more than 50 files it said were not a part of the WordPress installation. I checked each of these file names against the package I downloaded from www.ads-software.com and all were included in the installation package.

    Tracking down these false alarms is a time-consuming PITA, but I feel I have to do it just in case. At some point, I’ll probably decide it’s a matter of the boy who cried “wolf” once too often and stop checking and that, of course, will be the time there really is a problem.

    I am using version 7.4.7 of the plugin and WordPress version 5.4.1.

    Any ideas on how to prevent these false alarms? Thanks in advance for any suggestions.

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hey @glhq,

    Thanks for starting the new thread.

    Regarding the first case, are you certain this wasn’t due to an update?

    Regarding the second case, can you please share examples of the files and paths that Wordfence is flagging?

    Also, can you please update Wordfence to its most current version of 7.4.8? And update WordPress to 5.4.2?

    Thanks,

    Gerroald

    We haven’t heard back from you about this. I’ll go ahead and resolve this out but feel free to reopen if the issue persists.

    Tim

    Thread Starter GLHQ

    (@glhq)

    Thanks Tim and sorry for the delay in my reply. I’ve been unable to retrieve the list of files that were problematic. It appears, however, that it may have something to to with WordPress auto-updates. I built my stage site with the latest version of WP, but when I copy it to the production site, the production site then “updates” WordPress with an older version. I am going to turn the auto-update feature off and that should hopefully resolve the problem. Thanks again to you and Gerroald for the replies and for your work on this excellent plugin.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘False alarm re. high-severity problems’ is closed to new replies.