Multiple php.ini files

  • Resolved dickina

    (@dickina)


    2 years ago

    I have installed the free version of Wordfence and on the first scan I received the following message.

    Filename: …/wp-admin/includes/php.ini
    File Type: Core
    Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. 215 more similar files were found. Learn More

    On inspection of the file shown above the timestamp is the same time as when Wordfence was installed and activated. Is this a coincidence?

    No other activities appeared to be running at the time.

    How can I see the full list of the 215 files? Sure I don’t have to delete each one in the interface or use something like FileZilla.

    Am I safe to use the Delete All Deletable Files as the warnings are worrying?

    My site is hosted on IONOS and I also have Jetpack installed for backup.

    Regards

    Andy

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @dickina, thanks for reaching out to us!

    This definitely sounds like an issue we’ve seen on click & build WordPress installations on IONOS that causes these files to be created. This is not ideal as WordPress core folders should be left unchanged, which is why Wordfence flags their presence. You can choose to ignore these for future scans as it’s my understanding that deleting them will result in the host just recreating them.

    To prevent bulk-ignoring a real issue, you may have to ignore each file individually but you should only have to do this once.

    Thanks,

    Peter.

    Thread Starter dickina

    (@dickina)

    Hi @wfpeter,

    Thanks for the reply. So as it’s a known issue I can safely ignore the files. But as you say and as I have found out, I will have to ignore all 215 but I can’t do this in one action I’ll have to run a scan, ignore the file and repeat 214 times.

    As this is a known condition with some hosting providers can the software provide a bulk ignore.

    Regards

    Andy

    Plugin Support wfpeter

    (@wfpeter)

    Hi @dickina,

    You should be able to ignore them all when they are presented after just one scan, but will require an individual click on each line/file.

    I will mention a feature request to the team about allowing a bulk ignore option to the product in future, although I can’t guarantee delivery or timescales on these requests here on the forums.

    Thanks,

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Multiple php.ini files’ is closed to new replies.