Scan Result: What to do?

  • Resolved frank08

    (@frank08)


    1 month, 1 week ago

    Good Morning,

    Just installed WordFence last week. After the first scan I got the following critical message:

    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: =”position: absolute; left: -99999px;”>Quel-le:&nbsp;<a href=”https://

    Trying to find the according file (/www/htdocs/XXX/DOMAIN/wp-content/cache/wpo-cache/DOMAIN/impressum/index.html) with FileZilla lead to no results. Everything after “wpo-cache” seems not to exist.

    Any idea, whether this alert is really critical? And if so, how to find the according file with FileZilla?

    Thanks a lot for your support.

    Frank

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @frank08, thanks for your detailed message.

    I normally see /wpo-cache directly inside the /wp-content folder but the directory structure could differ from site-to-site depending on settings. Some customers choose to place expected/known cache folders in Wordfence > All Options > Exclude files from scan that match these wildcard patterns to prevent false-positives or scans taking too long to execute. You can select an entire directory to be excluded with a pattern similar to wp-content/cache/*

    The directory might be a hidden one so you may need to show all files/folders in your FTP client to navigate there manually. It may also be missing because the cache has recently been cleared so hasn’t been recreated yet, but the last scan is still showing the result. You could try running a new scan manually to see if anything changes.

    If you’re still concerned about the file being flagged, you are welcome to send it to samples @ wordfence . com to see if our Threat Intelligence team have any more information on whether it’s a false-positive or not.

    Many thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.