Wordfence needs to detect presence of extraneous PHP files

Just so I understand, do you have the option to ‘scan files outside your wordpress installation’ checked ion the options page?

tim

I don’t know (haven’t changed options since installing Wordfence). However, how is it relevant considering that wp-includes/fonts is WITHIN wordpress installation?

Because that looks for folders/files that aren’t commonly in the core. Also, if you wouldn’t mind pasting a link to a screenshot of your complete options page, that would be helpful.

Thanks

tim

I had the same issue – the site was compromised and the scanner picked up files that had *changed* but not files that were *added*. I had “scan files outside your WP installation” checked. It went and scanned some stuff in an “archive” folder off the root, and found some dodgy files in the uploads folder but did not pick up

/I.php
/wp-admin/I.php

Here’s a screen shot of my config:
https://www.screencast.com/t/Ur80x4rSU

WordPress 4.3.1
WordFence 6.0.17

Any thoughts?

ccarey75: We have a feature request open to add checking of extra files in core folders, but it is not implemented yet. While cleaning up a hack, you may want to enable the “high sensitivity” scanning option. It might show alerts about some false positives (files that are ok, but have similar code to bad files), but this option searches for more patterns that could be in malicious files. Hackers are always coming up with new ways of hiding their code, so if you have new files that are not caught in the regular scans, you can send them to samples (at) wordfence.com, and we will investigate, so they can be caught in the future.

If you have further issues, can you create a new topic, using the form at the bottom of the list of posts? www.ads-software.com asks us to keep each person’s issues in a separate post, even if they’re related, and it helps us keep track of open issues, too. You can include a URL of an existing post if it’s related, so we can still see the prior posts you are looking at too. Thanks!