False flagging of Yoast SEO files

  • Resolved syzygist

    (@syzygist)


    6 years, 8 months ago

    In the scan last night, Wordfence flagged 4 Yoast SEO (free version) files as having been changed. However, when I viewed differences, there were none. I ran the scan again manually in case the previous scan had happened to take place while the Yoast update that was released yesterday was in progress, but the scan again flagged the same 4 files that showed no differences when compared.

    I downloaded a fresh copy of Yoast SEO from the WordPress repository, replaced the flagged files with new copies, and ran another scan: Wordfence still flagged them, yet still showed no differences. At that point I ran Wordfence repair, which cleared the flags.

    I then ran a manual Wordfence scan on another site I manage that has Yoast SEO, and sure enough, the same 4 files were flagged.

    Not sure what’s going on there, but the two sites were on different hosts, and have no plugins in common other than Wordfence, Yoast SEO and BackWPup, so it does seem like a Wordfence glitch.

    The files were:
    /public_html/wp-content/plugins/wordpress-seo/languages/wordpress-seo-nl_NL.json
    /public_html/wp-content/plugins/wordpress-seo/languages/wordpress-seo-pt_PT.json
    /public_html/wp-content/plugins/wordpress-seo/vendor/autoload_52.php
    /public_html/wp-content/plugins/wordpress-seo/vendor/composer/autoload_real_52.php

Viewing 7 replies - 1 through 7 (of 7 total)

  • Yep this is affecting all my sites. I have seen some reports of fatal errors with trying to repair them via WordFence. I am ignoring them for now, but it should probably be patched.

    Thread Starter syzygist

    (@syzygist)

    Yes, I’ve had sites crash in the past when using Wordfence’s repair function with a false flag (I avoid bulk repair), which is why it wasn’t the first thing I tried. Hope they are monitoring this.

    For what it’s worth, I’ve found the plugin comparison feature of the Wordfence scan to be useless. I leave it unchecked. MTN

    @mountainguy2 ain’t that the truth! I use GOTMLS for repo comparisons

    Hi @syzygist
    This has been sorted out by Yoast team as mentioned here, updating Yoast SEO plugin to the latest version then running a new scan shouldn’t show these warnings again.

    Thanks.

    Thread Starter syzygist

    (@syzygist)

    Confirming that the issue is resolved – thanks for the follow-up, wfalaa.

    Guyhaines/mountainguy2, I don’t appreciate you hijacking my support request thread to bash Wordfence. Considering the number of themes and plugins (and the number of authors thereof) they have to make Wordfence compatible with, I think they do a remarkable job.

    @syzygist sorry for hijacking your thread. For the record I love WordFence. However this issue has been long standing and is not new to this version of Yoast.

    Common repo comparison anomalies also include WP-Core files, various caching plugins, and much more. Maybe that is indicative of those respective plugins, but it has been years of issues.

    If you have a lot of sites that clients have access to and you promote WordFence as a value to keep their sites free of malware, problems, etc – then they blow up your email/phone it starts to wear on you… ?? That is all.

    Have a nice day!

    • This reply was modified 6 years, 8 months ago by guyhaines.
Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘False flagging of Yoast SEO files’ is closed to new replies.