Wordfence market all WP 6.7 files as suspect

  • Hi.
    After updating WordPress to version 6.7, received an email from Wordfence that found more than 1500 files with High sensitivity problems.
    After investigations into the problem, WordPress released a new update yesterday.
    Downloaded new WordPress version from www.ads-software.com and checked some of the files but the hash of the files was the same as the files on my website.

    This email was sent from your website “********” by the Wordfence plugin.

    Wordfence found the following new issues on “********”.

    Alert generated at Wednesday 13th of November 2024 at 07:14:41 AM

    See the details of these scan results on your site at:?https://*********.com/wp-admin/admin.php?page=WordfenceScan

    High Severity Problems:

    * Unknown file in WordPress core: wp-admin/about.php

    * Unknown file in WordPress core: wp-admin/admin-footer.php

    * Unknown file in WordPress core: wp-admin/admin-header.php

    * Unknown file in WordPress core: wp-admin/admin.php

    * Unknown file in WordPress core: wp-admin/css/admin-menu-rtl.min.css

    and etc.

    Seems files are safe (because files hash was same as downloaded files from www.ads-software.com).

Viewing 11 replies - 1 through 11 (of 11 total)

  • I’m seeing this too on a customer’s site. A bit disconcerting. :-).

    Ronny

    Same for me.

    I upgraded Wordfence but I got also the same result.

    Same here and agree this is very disconcerting, as it is wasting time trying to figure it out if it is a false positive. It happened on multiple client sites which made it seem like it could be related to yesterday’s upgrade.

    same here…

    +1

    Jason Ryan

    (@viablethought)

    Hello all –

    Ok, so I have found that if you are using the Free version of Wordfence, the “Rules” are only updated every 30 days – which means that this is completely out of sync with the release of WP 6.7.

    If you go to Wordfence -> All Options -> Advanced Firewall Options -> Manually Refresh Rules and then run a new Scan, this resolves the issue (tested one site thus far and seemed to do the trick).

    Wordfence changed this a bit ago where the rules are only updated once every 30 days – not sure this was a great idea on Wordfence’s part.

    @viablethought Thanks, makes sense. Irritating that Wordfence can’t deal with this rather than just flagging all the files as bad and scaring the bejesus out of us before coffee! ;-).

    Plugin Support wfpeter

    (@wfpeter)

    Thanks @moes9 for reaching out.

    This issue was ultimately unrelated to the firewall rules being updated and it was remediated as we made changes on our side. The issue was due to one of our integrations that was incorrectly reporting the files as unknown. This was fixed earlier today and subsequent automatic or manual scans should no longer show the files as unknown. We have some documentation on these scan results here in general for reference, and restoring deleted or repaired files from a backup if the site has issues is the best option:?https://www.wordfence.com/help/scan/scan-results/#unknown-file-in-wordpress-core

    Peter.

    Plugin Author Wordfence Security

    (@mmaunder)

    Further clarification on what the underlying issue was and that this had nothing to do with firewall rules.

    https://www.ads-software.com/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181

    Mark Maunder – CTO @ Wordfence

    musictheorysean

    (@musictheorysean)

    I’m seeing the same thing.

    I found a 2 year old issue where WordFence recommended clearing caches and rescanning. I did and the new scan came back clean.

    Edit: I took too long to post and my response is no longer relevant.

    lakelounge

    (@lakelounge)

    @viablethought Thanks! Solved this issue here too …

Viewing 11 replies - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.