Hacked “Optimize Wordfence Firewall” ?

  • Resolved brucemiracle

    (@brucemiracle)


    5 months, 3 weeks ago

    This site that has been running for years but today emailed me with warnings about 6 files that have been modified, high security risk. When I went it to look this popped up, and it said it would prepend this file /opt/php8.0.30.1/lib/mysql-vars.php

    I haven’t changed anything recently, so this popping up, along with the email notification, looks suspect. Please advise.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @brucemiracle, thanks for reaching out.

    It sounds potentially like your host (or another plugin) wants to use the auto_prepend_file directive in .htaccess, so it is possible that the mysql-vars file has been added legitimately. For instances where this file would still be required after Wordfence optimization, the INCLUDE option in our optimization wizard will make sure that our wordfence-waf.php also includes the mysql-vars file so that they both load: https://www.wordfence.com/help/firewall/optimizing-the-firewall/#firewall-optimization-setup

    As you mention six files rather than just the one above, if your host can’t tell you that they’ve made these changes, it may assist us to see a report from the Wordfence > Tools > Diagnostics menu. You can send that to us at wftest @ wordfence . com. Click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.