Wordfence false positive

  • Resolved gabier2

    (@gabier2)


    8 years, 4 months ago

    Hello!
    I use Wordfence with Ninjafirewall. NinjaFW is very good as a guard against attacks, and Wordfence is very good at detecting true infections.
    The problem is NinjaFW logs attacks in a log file, writing a list of such attacks with their signature.
    When this log file is scanned by Wordfence, it detects this system file has changed, and detects also the hacks signatures. It sends an alert for a potentially malicious file.
    This is not a bug of one of the 2 plugins, it is clearly a false positive but it is quite time consuming to check the WF alert entry and clear it.
    Would it be possible that NinjaFW logs the attacks in a modified text and not the exact signature so that these entries cannot look as true attacks ?
    ?? gabier

    https://www.ads-software.com/plugins/ninjafirewall/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    Do you have the possibility to exclude the log folder (/wp-content/nfwlog/)? That would solve the problem.
    We can’t modified or even encode the data in the log, because there are users (including ourselves) who run scripts to parse it on multiple or very busy servers and that would break them I’m afraid.

    Thread Starter gabier2

    (@gabier2)

    Thank you for reply,
    I understand it is not possible to modify your log.
    I can “exclude files from WF scan that match wildcard patterns” I entered “/nfwlog/”.
    It may work.
    ?? gabier

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Wordfence false positive’ is closed to new replies.