Wordfence alert: critical files

  • A couple of my sites have this problem.

    • I can’t see or activate disabled plugins.
    • Wordfence was sompulsive deactivated by a bot or something else happend
    • I can’t re-install or activate Wordfence again.
    • I can’t re-connect this sites to Worfence Central
    • I was able to install other antivirus ok, but so far it’s not seeing the critial files that WF alert me by email.
    • All WP Core, plugins and themes were updated to last versions in all my sites.
    • Linux hosting, with SSL installed.

    By email Worfence sent this, it’s not clear if false positive, hosting provider did not answer yet:

    * El archivo parece ser malintencionado o inseguro /public_html/wp-includes/js/dist/viewport.mind.php

    * El archivo parece ser malintencionado o inseguro wp-includes/sodium_compat/src/Core32/index.php

    Problemas de alta severidad


    * Archivo desconocido en el núcleo de WordPress wp-includes/Requests/src/Exception/Http/Status406p.php

    * Archivo desconocido en el núcleo de WordPress wp-includes/Text/Diff/Renderer-5.php

    * Archivo desconocido en el núcleo de WordPress wp-includes/js/dist/viewport.mind.php

    * Archivo desconocido en el núcleo de WordPress wp-includes/sodium_compat/src/Core32/index.php

    • This topic was modified 1 year, 4 months ago by WPfanAR.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @wpfanar, thanks for getting in touch.

    I would normally ask for a diagnostic to privately take a look at your site, host, installed plugins list etc. but I’m working on the assumption that being unable to see or reactivate Wordfence in this scenario will not make that possible.

    Would you be willing to share your site’s URL here for me? You can space it like yoursite . com to not provide a direct hyperlink. I would also suggest that you look inside the /wp-content/plugins/ directory for a “wordfence” or renamed Wordfence folder (like “wordfence_xxx”) to see if there are any files inside or whether it’s missing altogether.

    Also let me know if your host respond with anything that may be useful to know in the mean time.

    Let me know what you find out,
    Peter.

    Thread Starter WPfanAR

    (@wpfanar)

    Hi Peter, thanks for getting back. My host says there’s not much happening, even though five sites are stuck in the same situation. I’ll continue investigating.

    In phpMyAdmin, I can observe the Wordfence folder, which is currently deactivated but I can’t look inside, rename or delete it; it just says “Contact the Administrator.”

    Are the files I mentioned legit threats or false positives?  

    Please confirm, so I can proceed and try deleting them.

    Thanks!

    wp-includes/Requests/src/Exception/Http/Status406p.php

    wp-includes/sodium_compat/src/Core32/index.php

    Etc.

    Also, the first time you login to your WP panel after the plugin is delete, the only sign to know that it happened is this message: “El plugin?wordfence/wordfence.php?ha sido desactivado debido a un error: El plugin no tiene una cabecera válida.” “The plugin wordfence/wordfence.php has been deactivated due to an error: The plugin does not have a valid header.” Hope this helps.

    • This reply was modified 1 year, 4 months ago by WPfanAR.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Wordfence alert: critical files’ is closed to new replies.