Wordfence only allows me to see 1 of 107 files

Hi @marywt

The scan result is saying that Wordfence has detected 106 php.ini server configuration files that don’t come with WordPress. The files are amalgamated into one scan result so that you don’t have 106 separate scan files for the same file name.

IONOS / 1&1 hosting is known to us for automatically adding a php.ini server configuration file in every directory that it finds in a WordPress file system. Their support team can confirm this for you.

One should not delete any files without investigating them and backing them up first.

Thank you.
However, as I have said I have deleted files with no apparent ill effects in this case. I had a backup and investigated online as much as I could but I can not afford to have WordFence check that the site hadn’t been hacked, this is only a hobby.

Do you recommend that I just mark these current ones as ‘ignore until change’?

If Ionos is known for doing this then is there any way WordFence could not mark them as ‘Critical’ thus causing extreme worry that the site has been hacked? Perhaps saying if Ionos is the host then ignore these?

Thanks, Mary

Hi @marywt

Thank you for the update.

If IONOS / 1&1 confirms that they added the php.ini files then you can use the IGNORE option to ignore that scan result.

The severity for that scan result should be marked as High and not Critical.

You will notice in the scan result it says, “Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. 105 more similar files were found.”

It does mention that they may have been added by your hosting provider. You can always ask your hosting provider about such files as they can quickly help you investigate them as they have full access to the server.

Thank you for your continued help.
You are right that these are marked ‘high’ not ‘critical’ it was the others that I deleted which were critical.

However, I still have the same problem with marking them as a batch/all at the same time.

If I mark one of them as ignored then the next one doesn’t show up until a scan is run. So to do them individually I have to run over 100 scans, wasting time on your servers and for me.

Could you please tell me how to do them all in one go?
Thanks, Mary

Hi @marywt

Thank you for the update.

Are the scan results all specifically for php.ini files because if they are then you should only have one scan result as you saw before below?

Unknown file in WordPress core: wp-includes/blocks/audio/php.ini (+ 105 more)

I don’t know because I can only see the first result! ??

To see any other result I have to do something with the result that is showing and then run another scan.

What I see is the bit that you quoted. How do I affect it (and the 105 others) all in pne go?

Mary

Hi @marywt

Thank you for the update that you are seeing the scan result as outlined in my last reply.

The scan result is set up this way to prevent you from having 106 separate scan results where you would have to use the IGNORE >> Always Ignore option for each scan result.

For the single scan result you can use the IGNORE >> Always Ignore option as no further action is needed as your hosting provider has legitimately created those 106 php.ini files.

I understand that it is displayed that way initially to avoid having 106 results.

Are you confirming that I have to do 106 different scans in order to mark them separately? Because that is what is happening if I do ‘ignore until changes’ or if I just delete the file.

Will IGNORE >> Always Ignore do 106 in one go?

Hi @marywt

Thank you for the update.

You don’t want to delete those files without asking your hosting provider first if they have been added there by your hosting provider.

You only need to use the ignore option for the scan result and the scanner will then ignore all of the 106 php.ini files in subsequent scans.

Thank you for all the help, you have answered most of my queries.
However, the question of HOW to ignore them has still not been answered.

Is there any way of doing this as a bulk action?

Or do I have to mark one ignored, and then run a scan so that the next one shows up and I can mark it as ignored, and then run a scan ……. 105 times?

If I have to run a scan to be able to find a thing to ignore it is a laborious job and also put unnecessary load on your servers.

Mary

Hi @marywt

Thank you for the update.

For the scan result Unknown file in WordPress core: wp-includes/blocks/audio/php.ini (+ 105 more) you just need to use the IGNORE option for that scan result.

Subsequent scans will then ignore all 106 php.ini files.

Thank you for your patience, I have done it and it has worked.
Mary

Hi @marywt

Thank you for the good news.