Wordfence Malicious Files???

  • Resolved wolfkettler

    (@wolfkettler)


    7 years, 8 months ago

    A few days ago WF notified me about three potentially malicious files on my website. I asked my webspace provider to run a scan, they confirmed the findings but also identified two other files, which appear to be Wordfence related.
    They are …/wordfence/lib/wfGeoIP.php and …/wflogs/config.php.

    Do I need to worry about these?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfphil

    (@wfphil)

    Hello,

    The following files that you mentioned are Wordfence files and you shouldn’t worry about them unless a scan says that they have been modified. If they have been modified let us know and we can investigate further for you:

    ~/wp-content/plugins/wordfence/lib/wfGeoIP.php

    ~/wp-content/wflogs/config.php

    • This reply was modified 7 years, 7 months ago by wfphil.
    Thread Starter wolfkettler

    (@wolfkettler)

    Hi,

    that’s good news. Thank you very much. However, I had a look at the files and the content of the config.php file looked extremely odd. So odd that I actually deleted the file – I have a copy, though, saved as a text file.

    WF does not seem to mind that the file is now missing.

    Would you be happy to look at the file?

    Thanks,
    Wolf

    Plugin Support wfphil

    (@wfphil)

    Hello Wolf,

    It is not a problem that you have removed the config.php file from the wflogs directory.

    Whenever you visit any page on your website the wflogs directory will repopulate itself with the config.php file.

    Make sure though that the Firewall is set to “Enabled and Protecting” on the “Firewall” page.

    Thread Starter wolfkettler

    (@wolfkettler)

    Okay, that’s great. Thank you very much for your help!

    Best wishes
    Wolf

    Plugin Support wfphil

    (@wfphil)

    Hello Wolf,

    You’re welcome!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Wordfence Malicious Files???’ is closed to new replies.