Unknown script tag wordfence_syncAttackData

  • Resolved kenoutcome

    (@kenoutcome)


    1 year, 8 months ago

    Hi,

    I’m using Web Falsification Detection service to detect unknown changes on website due to company strict security policy.

    It’s been more than 2 years for using WordFence to secure website, but today, below unknown script tag detected.

    I’m assuming this is placed by WordFence plugin, if so, could you let me know what is that for and how it is working?

    <script type="text/javascript" src="https://mydomain/?wordfence_syncAttackData=123456789.101112" async></script

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @kenoutcome, thanks for getting in touch with us about this.

    The wordfence_syncAttackData script has been in the plugin for many years and is a normal process run by Wordfence to ensure your malware signatures and rules are up-to-date with the latest ones we have released.

    When implementing CSP on a site, multiple plugins could be affected as the majority of our customers will have other plugins using inline scripts.

    WordPress added some functions to dynamically add nonces for CSP and we are currently looking into adding them for a future version of Wordfence. However, we will need to be careful that we don’t introduce conflicts with other plugins or custom code that already tries to address this.

    I hope that helps you out,
    Peter.

    Thread Starter kenoutcome

    (@kenoutcome)

    Hi @wfpeter, thank you for replying and understood how it works.

    >The wordfence_syncAttackData script has been in the plugin for many years

    I see, not sure why it’s suddenly detected but I believe that’s the behavior I need to look at in the Web Falsification Detection service side.

    Thank you.
    Ken

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Unknown script tag wordfence_syncAttackData’ is closed to new replies.