WordFence API error and Modified plugin file message

So there are no differences highlighted? Most of the time this happens when a developer changes code in the wordpress repo but does not make an update. If there are no differences highlighted (remember adding blank lines to the file might have the same effect), just select ignore this and the warning will go away.

\
tim

In fact, it is a kind of “false-positive”.

In fact, Wordefence send email to tell “problem found” or “file has changed” but finally at many times everything is OK.

It lacks a kind of “double check”…

A better behavior would be instead of the “API error” message, a best message like : “the developper has changed the code without updating wordpress repository”.

I would be very less “alarming” for the end-user.

THX

So then what if, a hacker changes the file on your server. Its not changed in the wordpress repository but it is on yours. Whats in the repo is different than what is on your server. Its not a false positive because the file is different, even if the plugin author was just adding text or blank lines or whatever. If we didn’t, then we wouldn’t be doing our job.

tim

Well. This is not answering my question.

I agree, the core function of wordfence is to find differences between my files and the official ones. It worked perfectly until now, but :

1: I frequently receive a wordfence mail saying: “problem found, file has changed”

2: I clic “see how the file has changed” and wordfence responds :
– API error
or
– There is no differences.

I am still thinking that it is possible to do something to improve this behavior.
– I mean, why wordfence is not able to compare the files it is talking about ?
– Why it is telling me that there are differences while there are not ?

Here’s an idea. How about you send me a zipped folder with copies of the files that we claim or being modified. Just take them straight out of your server and give me the file bad so I know what folders they would be in and I can do a manual comparison. If it turns out that these are false positives and that will help us diagnose the problem.

Thanks

Here is an example for API problem. Wordfence says “file has changed”.
When I clic “see how the file has changed” I get “WordFence API error: An error occured trying to open the requested file.” :
Here is my file :

<?php
defined('WYSIJA') or die('Restricted access');
class WYSIJA_view_front extends WYSIJA_view{
	var $controller='';
	function WYSIJA_view_front(){

	}
}

Here is the file just dowloaded from the official wordpress plugin directory :

<?php
defined('WYSIJA') or die('Restricted access');
class WYSIJA_view_front extends WYSIJA_view{
	var $controller='';
	function WYSIJA_view_front(){

	}

        /**
         * deprecated, but kept for conflict with plugin Magic action box
         * until it's fixed.
         * @param type $print
         */
        function addScripts($print=true){
        }
}

Initially I too thought the email alerts of plugin files changes were too frequent, but now am grateful for a couple of reasons.

One is the notice a plugin might be in need of updates and I’m currently waiting for a few to get up to speed and fix issues before I can fully activated them.

And second, I would not have known that MailPoet (WYSIJA) hadn’t properly removed all its files when I had deleted the plugin. *grrrr* Not happy with the discovery of these files sitting in the server. But WF had sent an alert about some file change and mystified, then discovered the residual junk. (It is possible it was my error in my hast to remove the plugin because of the recent hacks to MailPoet and didn’t click the right buttons, but still, WF came through.)
——

Note, there is the possibility of a plugin being updated before checking WF notices. The alerts might still be there even after you have fixed/updated the plugins, and therefore it will look like a false call.

Thanks WF.

* * * *

Yes, for this part I agree with the big interest in wordfence.
I like also to be advised when a plugin need to update.

But I am still wondering why I frequently get “API error” when I clic “compare the files”. Why WF can’t open the files it is talking about differences ?

Hello,
Sorry about that but now this is what I get when I clic “Restore the original version of this file” in response to a wordfence issue :

An error occurred
We could not get the original file to do a repair.

This concern for example “wp-content/plugins/wysija-newsletters/js/tinymce_init.js”

(Note, this topic is noted “RESOLVED”. I not agree.)

Hi,

This issue is now fixed. Please check your system and verify that for me if you can.

Our systems were out of sync due to a recent system-wide upgrade in our data center. This has now been resolved and we’ve taken steps to prevent it from reoccurring in future.

Thanks for the report and for your patience.

Regards,

Mark.

Yes ! It works perfectly. No more API error. ?? This is answerwing my question !

Does it explain also the fact that I have received this morning more than 150 wordfence mails from my website (user locked out) ?

Possibly.

tim