MarkMadeDesign

@calle81 – I have not. Unless a very minor update was automatically to WP made back when this Wordfence email was sent to me about these files on 9/18. Otherwise I manually update WP when I can.

Any idea on how I should proceed? How can I share the file differences to someone for further inspection?

I got the same high-alert notices for the same files on a recent site scan, in addition to a couple more file. Any further developments on what this could be?

So I tried disabling some plugins and refreshing, including Ultimate Shortcodes plugin which has a gallery feature with it’s own included lightbox (figured that might be conflicting), but no luck.

HOWEVER, I decided to try another bridging lightbox plugin that was listed in the MetaSlider Lightbox plugin details. I deactivated Simple Lightbox and installed Easy Fancybox and now my meta slider example is actually working with that effect (https://bayaging.net/housing/) but for some strange reason the “Open in Lightbox” advanced setting for my meta slider still won’t stay saved or checked. As long as the effect is working somehow though, it doesn’t matter. I assume this new Fancybox out of the box applies to all linked images which is why it’s working on the meta slider.

Thanks @kbat82. I actually removed all of that footer JS and the corresponding links in the head of my site related to this odometer feature I was testing, but after refreshing I’m still not able to save or apply the Open in Lightbox advanced setting for my MetaSlider.

Any other suggestions?

Thank you @wfgerald and @yet-another-wp-user!

It does appear to be that plugin because I just updated that plugin only and ran another Wordfence scan, only to see that empty file not being flagged this time. I assume it was removed w/ the plugin update. Thanks again!

Hi wfasa,

It sounds like that web.com link that was inserted in the core files does not ring a bell to hosting support and they said their system does not automatically change file names like that. So there’s a chance it could be malware but they said to try and correct those files to what they were. Or to remove those files and “re-install” (WordPress I assume they meant, which I’ve never re-installed before). I would also change my passwords too. Here’s a screenshot below to the Wordfence alert.

https://cl.ly/0dd2dba5e3a7

Would you recommend the same? Something else?

• This reply was modified 6 years, 4 months ago by MarkMadeDesign.

Thank you so much! I too thought it might have something to do with the hosting based on some research I did find. I will download those files as a record and reach out to my hosting based on your feedback.

Thanks for your response David. Hostway support didn’t have much insight to offer on the matter and since the file appears to be 0 bytes I’m going to back it up and delete from hosting server.