wp-content/php.ini critical error

  • Resolved bksub84

    (@bksub84)


    2 years, 7 months ago

    I use Wordfence plugin alongside with iThemes Security and Sucuri. My host is MojoHost.

    I got this critical warning today. Is this a false positive or legit warning?

    File appears to be malicious or unsafe: php.ini
Type: File
Issue Found April 18th, 2022 12:10 am
Critical

Filename: wp-content/php.ini
File Type: Not a core, theme, or plugin file from www.ads-software.com.
Details: This file contains an insecure configuration that may have been legitimately added by a developer for testing purposes or maliciously added by an attacker. Since it may make your site vulnerable we strongly recommend replacing it with a safer configuration as soon as possible. The matched text in this file is: safe_mode = Off\x0d\x0adisable_functions = NONE\x0d\x0asafe_mode_gid = OFF\x0d\x0aopen_basedir = OFF\x0d\x0aexec = ON \x0d\x0ashell_exec = ON

The issue type is: IOC:TXT/ini.unsafe.9269
Description: Insecure settings in a PHP.ini file. Often seen in conjunction with malware
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wftiffany

    (@wftiffany)

    Hi @bksub84,

    Thanks for reaching out!

    We’d like to take a closer look at your whole php.ini file so that we can see everything in it. Would you send it to wftest @ wordfence.com? Be sure to include your forum username (@bksub84) as the subject line and include a link to this thread.

    Let me know after you’ve sent the file so that we can be on the lookout for it.

    Thanks,
    Tiffany

    Thread Starter bksub84

    (@bksub84)

    Just sent. Thank you!

    Plugin Support wftiffany

    (@wftiffany)

    Hi @bksub84,

    Thanks for sending us the file.

    We ran it through our threat database to see if it was flagged and the system says it is suspicious. It contains insecure settings that could have been added by a developer for testing. But because it disables security settings, the possibility exists that it was added by a hacker.

    It doesn’t seem to be something that should be in the wp-content folder. We would recommend removing it but make sure to save a backup copy to your local computer so that it can be added back just in case.

    Is the wp-content folder the only place you found the file?

    Thanks,
    Tiffany

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘wp-content/php.ini critical error’ is closed to new replies.