file changes detected

Hi Kimbert,

Nothing to worry about there. Just minor text changes between versions. Sometimes a security plugin will detect a change in a file and it’s not in synch with the repository. That file doesn’t affect how the plugin runs. If you have any concerns, just install a fresh copy.

– Scott

thank you Scott
but I think there may be some fishy business on our site
with this file

`/wp-content/plugins/wp-spamshield/js/jscripts.php

There has been multiple visits to our site to this page and I have
been getting more and more spam

The plugin is extremely secure. That file doesn’t provide an attack vector. Every visitor of your site will request that file, just like they would any JavaScript file that is called from your page. (It is essentially a JS file with additional PHP functionality.)

If your copy of the plugin matches the version distributed on WordPress [dot] org, then it is safe. If the code doesn’t match, then you need to delete your current version and install a fresh copy.

Just because a bot visits a particular file doesn’t mean it is insecure. Bots often crawl sites. Some are probing for security flaws. A visit to a URL on a site, whether it exists or not, doesn’t necessarily mean there is a security flaw on your site. Attackers do automated research before launching attacks. They try to determine if your site has one or more flaws that they are looking to exploit, so they may request pages that don’t exist as well.

However, if you suspect that the files on your site have been compromised, you need to do a security audit on your site. That would not be plugin tech support issue though.

If you are getting spam, that would be a tech support issue.

We will be happy to help you out. You will need to take the following steps:

1. The Troubleshooting Guide and FAQs are the place to start.

   Please take a few minutes to work through these, as they solve over 90% of issues users have. (Please be sure to follow all the steps, not just read through them.)

   Once you have gone through the Troubleshooting Guide and FAQs, if that doesn’t solve the issue, we’ll need a bit more info from you on the specifics, and we’ll need to email back and forth, so you should move on to the next step.

2. Submit a support request at the WP-SpamShield Support Form, our main support channel for the plugin. We have an excellent diagnostic process.

That will allow us to help you diagnose this, find out what the real issue is, and get things working right for you.
– Scott

Please note that the WP-SpamShield Support page is our main support venue, not the WordPress forums here, so that will always be the best way to get a quick response and resolve any tech support issues.

I don’t understand why they would go into that one file and not the other JS files also?

the visits have been to that page only
-K

Please see my updated post above.

here is the change I had in my files

￡https://wwwdotdropbox.com/s/mrfduazexdh07l2/Screen%20Shot%202016-06-22%20at%2015.53.32.png?dl=0`

Yes, my initial response already addressed that.

Nothing to worry about there. Just minor text changes between versions. … That file doesn’t affect how the plugin runs.

We made those changes to the original in the WordPress directory.

What happened is:

1. You updated the plugin right after we released a new version.
2. We made a minor update after this to the readme.txt in order to update the page on WordPress [dot] org. The readme.txt file cannot execute code and does not affect how the plugin runs.
3. If the code on your site doesn’t match the WordPress [dot] org version at the time it is checking, WordFence detects this type of thing as if the plugin had changed on your site even if no code had changed. In essence the original changed, not the code on your site.

If you have any further questions or issues, please use the WP-SpamShield Support page as noted above.