Wordfence “Problem” with time.ly calendar plugin: False positive?

Hi dannyletham,
Are you still running into this issue?
To let me get a better idea regarding this problem, please share a screenshot of the scan result showing this modified file warning.

Thanks.

Hello wfalaa – sorry for delay in getting back to you, sadly this is a part-time venture. It turns out that after the latest bundle of updates to the theme in use, jetpack, and wordfence itself – plus your own from 2.5.17 to 2.5.18, there is no issue today.

And thanks for all yur good work!

The screenshot https://s28.postimg.org/o8q2joa25/time_ly_20170406-01.jpg isn’t intended to show the problem, therefore, but simply to illustrate the dialog, especially with reference to #2 of “Three things” at the end of this reply.

Something that strikes me is that there may be some kind of synching issue between Wordfence, WordPress in its own right and the time.ly updates, because today on running a scan I was notified of 62 “issues” all of which – without exception – say this:
This file belongs to plugin “All-in-One Event Calendar by Time.ly” version “2.5.18” and has been modified from the file that is distributed by www.ads-software.com for this version.

Today, however, I can view the changes without any difficulty. Given the quantity and my own comparison with the previous issues that griped about 2.5.17, my best guess is that there is no major problem.

Three things, then:
1. Re last week’s error, I am inclined to speculate that the problem might have related to the creation of a new module since 2.5.16 and wordfence’s perhaps inelegant way of responding to that?
2. Given the snooty comment on wordfence about plug-in developers’ version control, can you confirm that at the time of this writing the latest version of time.ly calendar is indeed 2.5.18?
3. I see that coincidentally you’ve been busy with the language packs! That’s cool.

Kind regards
Danny L.

• This reply was modified 7 years, 7 months ago by dannyletham.

Hello wfalaa – sorry for delay in getting back to you, sadly this is a part-time venture. It turns out that after the latest bundle of updates to the theme in use, jetpack, and wordfence itself – plus your own from 2.5.17 to 2.5.18, there is no issue today.

And thanks for all your good work!

The screenshot https://s28.postimg.org/o8q2joa25/time_ly_20170406-01.jpg isn’t intended to show the problem, therefore, but simply to illustrate the dialog, especially with reference to #2 of “Three things” at the end of this reply.

Something that strikes me is that there may be some kind of synching issue between Wordfence, WordPress in its own right and the time.ly updates, because today on running a scan I was notified of 62 “issues” all of which – without exception – say this:
This file belongs to plugin “All-in-One Event Calendar by Time.ly” version “2.5.18” and has been modified from the file that is distributed by www.ads-software.com for this version.

Kind regards
Danny L.

Apologies if that lengthy reply is duplicated – I am having issues with the forum’s user interface which seems – at my end – to be deleting the thing when I try to edit for typos.

Please forgive any duplication, then, and those horrible italics.

Danny L.

Sorry – but it’s back! I think I missed it last time because WF was ignoring the 2.5.17 vesrion of the complaint. I have another issue with WF which doesn’t relate to time.ly and is actaully potentially even more serious. But, anyway here are two screenshots which relate to the origanl post.

[url=https://postimg.org/image/9b8pdvmcjv/][img]https://s1.postimg.org/9b8pdvmcjv/time_ly_20170406-02.jpg[/img][/url]

[url=https://postimg.org/image/4zmnki9jbf/][img]https://s1.postimg.org/4zmnki9jbf/time_ly_20170406-03.jpg[/img][/url]

[url=https://postimage.org/app.php]screengrab[/url]

Hi Danny,
Yes, I confirm by the time of writing this reply the latest version of “All-in-One Event Calendar by Time.ly” plugin is Version 2.5.18, and after installing this plugin on one of my testing sites, I didn’t get notified for any modified files related to this plugin, so can you see these warnings of the modified plugin’s files after running a new scan by now?

Thanks.

Yes wfalaa, it’s still there. Today’s WF scan altered me to a couple of other uodates – jetpack and the CyberChimps response theme, plus the alleged issue on calendar.js. As before the link to show differences failed to find the WordPress core API file. So in order to be as up to date as possible I have updated the other two and the problem persists.

I am quite relaxed about it btw, and don’t perceive the problem as a real one.Thank you for having the patience to stay in touch over this; I hope that you are at least gaining some info about what’s going on elsewhere in the eco-system. I think that while WordFence is a desirable enough product for what it DOES in fact do, I don’t feel knowledgable enough to scold it for crying wolf which every instinct I possess is telling me is the case.
Thak *you*

Thanks for the update!
Are you sure you are running the latest version of these plugins and theme mentioned? this theme for example just had an update 3 hours ago!

Also, I want to make sure your server can connect to our servers correctly, please check (Wordfence > Tools => Diagnostics => Connectivity).

Thanks.

Updates? Oh yes. It was up to date yesterday at the time of reporting, and after the Tuesday Morning Edition of that theme (2.5) it s up to date again. Every Plugin, the transations, the theme, and WordPress itself. The issue persists.

Re the diagnostis:
http and https connecting both report “OK”, and indeed I do get the daily email, which rather suggests that the site is indeed in touch.

Eerything else presents a catalogue of OKs too, however a couple of things did catch my eye which don’t strke me as germaine to the matter in hand. Even so, I ought to give you the chance to say “that’s it!” if indeed it is.

1. “Warning: posix_getpwuid() has been disabled for security reasons in […]/wp-content/plugins/wordfence/lib/wfDiagnostic.php on line 196” But I don’t imagine that user IDs or passwords are part of the problem?
2. “Enable SSL connectivity” is checked as per default. Since this will be running in a non-SSL environment (yes – I know!!) I mention it for completeness.

Please go to (Wordfence > Tools => Diagnostics) and scroll down the page till “Send Report by Email” and send the report to “alaa [at] wordfence [dot] com”, make sure to include your forum username, I will take a look at this report and let you know my findings.

Thanks.

Have done that now Sorry for delay.
In fact I did it twice because no sooner had I turned my back than a polylang update appeared! Since I’m not party to exactly where you are looking or what for (or whether it’s for my specific benefit or the community as a whole) I thought I’d send you a before and an after just in case – unlikely though it might be – the polylang update provided a fix. Of course the polylang update made no difference, and the issue persists. Accordingly the first one timed around 2151BST I guess you can disregard, and the one timed around 2157BST is the one currently of interest.

I investigated the diagnostic report and I can see “WP_ALLOW_MULTISITE” is enabled, do you have WordPress Network activated? if so, are you sure you have installed and activated Wordfence through the main network dashboard not on every single website you have on the network?

Also, after running a new scan by now, please check two things, the first one is the browser console looking for JavaScript errors, and the second one is a list of the “modified files” issues you currently have.

Thanks.

First – thank you once more for attention, clues and pointers.

There is a long version below of my latest outcome in which you may find some of the asides to be noteworthy, but the punchline is this:
Following an update of the PHP version which was at end-of-life and an update to the calendar plugin (not in that order unfortunately which would have been better diagnostic path) there are no differences for WordFence to fail to find. So I guess that’s the end of that.

While I don’t know for a fact that it didn’t contribute, I can say that it wasn’t MULTISITE alone. I removed the MULTISITE statement from wp-config.php first of all, because as you quite rightly detected I wasn’t seeking to create a WP network. It seems that the WP install inserted that code because it was going into a subdomain. When that didn’t make any difference and I logged into my ISP account to remove the code for that its dashboard flagged the PHP issue, and so after checking that the WP/WF problem persisted I pursued that. And then – there was the curveball of Calendar 2.5.19 which I will own up to having mismanaged as regards diagnostic purposes in my fatigue/haste.

The long version:-

Re. Multisite: I presume that because I set the thing up in a conventionally externally hosted subdomain, WordPress set that parameter to true. It wasn’t ever my intention to be multisite. In fact I have an old and curently inactive Joomla implementation of something entirely different as the main domain’s site content which I opted to leave in place for the time being. By way of proving the assumption about the subdomain, I had a look at the wp-config.php on a copy of the site running locally under wampserver but in a main domain setting, and sure enough the code for that parameter was absent, and so (I presume!) false.

However, I couldn’t activate Wordfence in the virtual server environment to test the change locally, as my attempt to do so broke the copy site (“connection reset”) This was fixed easily enough by renaming the wordfence folder. I thought you might like some intelligence of that if you don’t have it already.

So, next I edited the wp-config.php on the externally hosted subdomain and ran a scan. The error persisted.

Now, I mentioned that old Joomla site not for the fun of it but because my main hosting was still on PHP 5.3 and I see that WordPress recommends PHP7.0. The Joomla release o n that site is out of date and not compatible with that; it can’t go beyond 5.6. I need to update the Joomla version – but not right now! Like I say it’s inactive anyway and the subject of a business related rethink.

So, was PHP5.3 the source of the problem? Well, I updated to 5.6 and no it wasn’t. What then of 5.6? I went to 7.0 temporarily, but before scanning again I was surprised by an update to the calendar plugin from 2.5.18 to 2.5.19 which inadvertently I agreed to before re-test – and when I did run the scan again there were no issues raised at all about the calendar plugin, and thus no changes to look for! Apologies for failing to have a cast-iron iterative process here.

You asked for a list of problems detected. Prior to this there were 66, of which 63 related to the calendar and of those 63 most were related to language files – and as it happens not the one in which I have an interest! After the 2.5.19 / PHP7.0 update there were only the other 3 “issues” and those related to:
wp-admin/includes/upgrade.php
wp-includes/functions.php
wp-includes/load.php
I can see the differences in those cases and there is nothing dramatic or scary – just some changes to exit logic in error handling e.g. die→ exit. So, I’m okay with that.

I have since reverted to PHP5.6. And the issues didn’t come back. I intend to stay on 5.6 for the time being, until either I can address that Joomla update or WordPress stops recommending 7.0 and starts to insist on it.

The ISP self service console won’t take me back any earlier than PHP5.6 since 5.3 thru 5.5 are at end of life. Accordingly, it seems likely there was some conflict between Calendar 2.5.18 and WordFence, but there is a chance too that PHP5.3 was all or part of the annoyance. My money would be on the calendar plugin, but I guess we may never know!

No point in reinstating the MULTISITE parameter given the final outcome – at this point I’ll gamble on our not needing to know.

Thanks for everything w
Kind regards
Danny L.

Thanks Danny for this update, actually, I was testing on my server with PHP 7 installed, so maybe it’s the old PHP version you were running is the root cause for this issue, anyway, it’s great that you had the chance to upgrade to version 5.6 for now, and it’s even better to upgrade to version 7, you will notice a huge performance improvements then.

Thanks.