WP Rocket False Positives (index-https.html)

  • Resolved yesyeah

    (@yesyeah)


    3 years, 5 months ago

    Hello. I have read through mentions of this issue on here before posting, but there doesn’t ever seem to be a resolution to any of the threads. ?? So I am sorry but have to post again.

    After installing WP Rocket, the scans are coming back with false positives.

    EXAMPLE:

    File appears to be malicious or unsafe: wp-content/cache/wp-rocket/(DOMAINNAME).com/XXXXXXXXXXXXX/index-https.html
    Type: File

    None of the listed URL’s are malicious, they are ALL blog posts. Essentially it appears that each listed URL has “index-https.html” tacked on to the end of the URL. I have on numerous occasions cleared cache and then run the scan and it’s all good and all listed urls are gone. But this always comes back.

    WP Rocket said to check with Wordfence. Since this appears to be a very common issue, can you please provide a solution? It’s odd that this isn’t happening on all sites we have that use WF and WP Rocket, but I do know this is a common problem.

    Thanks so much!!

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @yesyeah

    Please send an email to wftest [at] wordfence [dot] com with the full URL for a cache file that still exists and has not been purged.

    Make sure to put your forum name yesyeah in the subject field of the email so I can find it and let me know here when it has been sent.

    Thread Starter yesyeah

    (@yesyeah)

    @wfphil
    Thanks. Emailed you yesterday.

    Plugin Support wfphil

    (@wfphil)

    Hi @yesyeah

    Thank you for the update.

    They are false positives due to the word “cialis” being part of the word “specialist”.

    I have let our threat intelligence team know about this so that they can improve that malware signature rule.

    Thread Starter yesyeah

    (@yesyeah)

    That’s hysterical. ?? Ok, thanks.

    2 Quick Questions:

    1. What’s odd though is this NEVER came about until WP Rocket was used and “index-https.html” was tacked on to the end. Why all of a sudden?

    2. If they are false positives, should I officially “Ignore” them all and if so, how do I ignore all 300+ of these in bulk?

    Thanks!

    Plugin Support wfphil

    (@wfphil)

    Hi @yesyeah

    Our malware signatures are run on files and not posts so hence why the scan result for cache files.

    Can you run a manual scan and see if you get the same scan results.

    Thread Starter yesyeah

    (@yesyeah)

    I just ran a manual scan and it didn’t come up.

    But I will also say that in the past when I saw them all there, I cleared cache ran the scan and they were gone. But ultimately, they came back again.

    Thoughts?

    Plugin Support wfphil

    (@wfphil)

    Hi @yesyeah

    Thank you for the update.

    Did you flush the cache before running the scan?

    Thread Starter yesyeah

    (@yesyeah)

    First, thanks for your continued replies and help, greatly appreciated!

    The first time I tried that – I cleaned the cache and all the errors went away. However, a few days / week later or whatever it was, we got the notification that the scan picked up another 300+ errors so they were back. I can’t say I have cleared cached and tried this several times to see how common it is, but I’m doing it now and if you can keep this thread open and let me try it out over a week or so, that would probably be best in order to track / monitor it.

    I just cleared cache and am scanning again right now (last scan had no related errors) so we’ll see.

    Plugin Support wfphil

    (@wfphil)

    Hi @yesyeah

    Thank you for the update.

    There is no need to delete the cache files as you should no longer be having these scan results for these cache files as we made a change at our end.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘WP Rocket False Positives (index-https.html)’ is closed to new replies.

Tags