WPwebbouw

Today WordPress 4.01 was released and on some of the sites I manage this minor update was automatically executed. This led to a couple of Critical Problem Alerts in my inbox from Wordfence, like this:

Alert generated at Friday 21st of November 2014 at 07:44:45 AM
Critical Problems:

* WordPress core file modified: wp-admin/css/deprecated-media-rtl.min.css
* WordPress core file modified: wp-admin/css/deprecated-media.min.css
* WordPress core file modified: wp-admin/css/install-rtl.min.css
* WordPress core file modified: wp-admin/css/install.min.css
* WordPress core file modified: wp-admin/css/login-rtl.min.css
* WordPress core file modified: wp-admin/css/login.min.css
* WordPress core file modified: wp-admin/css/wp-admin-rtl.min.css
* WordPress core file modified: wp-admin/css/wp-admin.min.css
* WordPress core file modified: wp-includes/css/admin-bar-rtl.min.css
* WordPress core file modified: wp-includes/css/admin-bar.min.css
* WordPress core file modified: wp-includes/css/wp-auth-check-rtl.min.css
* WordPress core file modified: wp-includes/css/wp-auth-check.min.css

This looks like a timing matter. First I thought the files have obviously been changed by the automatic core update, but Wordfence still compares them to the previous version. However, when I look at the List of Files Revised in the release notes https://codex.www.ads-software.com/Version_4.0.1 I don’t see the above mentioned files listed.

So what’s going on here? All the modified files WF reports are css files and the modifications are harmless. However, the fact that they have been modified poses the question where were they modified? Was it done by WordPress and did they accidentally forget to mark the files as modified? Or anything else? I’m puzzled. Are these false positives and if so, what is the cause?

Erik

Hi Derek,

Thank you. I must correct my original post. At the time I wrote it the layouts feature was more or less confusing to myself. It may be a very interesting feature to end users. However, the concept of the custom css from different layouts being stored in one and the same dynamic.css file may still need some improvement.

I am working on a theme where I use the layouts feature to distribute several preset layouts with the theme. The layouts are loaded upon theme installation. I added this function to functions.php:

/** load standard layouts in options table
 *
 */
add_action('after_switch_theme', 'bb_setup_options');

function bb_setup_options() {
	if (file_exists( dirname( __FILE__ ) . '/lib/layouts/stdlayouts.txt')){
		$stdoptions_file = file_get_contents(dirname( __FILE__ ) . '/lib/layouts/stdlayouts.txt');
		$stdoptions = unserialize($stdoptions_file);
	update_option('option_tree_layouts', $stdoptions);
	}
}

The file stdlayouts.txt contains the code in OptionTree->Settings->Export->Layouts

Hi Marcin,

You’re welcome.
Does this mean there will be an update to 1.6.4 soon?

Best regards,
Erik

Hi Marcin,

Can I send you one or two of the comparison files Wordfence produced, for you to review? They are plain html and show two panels with the differences.

Hi Tim,

Thank you for your reply and for forwarding my suggestion. I would say the example you give would be an excellent occasion to issue a warning. If a plugin developer changes something in a plugin file and WF issues a warning that makes sense. I then can compare the files (great function!) and judge for myself if this is a threat or not. I think this wouldn’t conflict with my suggestion that WF should – if possible – compare the installed plugin files with the plugin files of the same version in the repository even when the installed version is outdated. However, that would require older versions to be available in the repository. I don’t know if they are.

Erik
WP Webbouw

Hi Tim,

Thanks for your prompt reply. This is no big issue, good to know it’s a known bug on your list.

All the best,
Erik

Right, thanks

Makes sense. I will keep the public spam database check on for this site. If something like this happens again I will mark the comments as spam.

Thanks Caspar. Leaves me with the questions: where did this sudden massive comment spam come from (already >1000 this day, all directed to the same post). And why did Antispam Bee not intercept these, while it intercepted every spam until now?
I checked ‘Trust approved commentators’ again so the only difference in my settings is the checked ‘Use a public antispam database’. Also the fact that I manually deleted the first >300 spam comments of this attack could have caused the rest of this batch to be marked as spam. They all seem to come from the same ip.

So why did Antispam Bee not intercept these in the first place?

@leslierad:

Under mqtranslate Settings:
Open: Advanced Settings
Find: Settings Migration
Select: Import settings from qTranslate

Easy transition to mqtranslate. Visual editor is back. I only had to reinstall the language chooser widget, as this had it’s name changed and hence had disappeared after switching to mqtranslate. Thanks @arctablet for pointing me to mqtranslate.

Hi Sebastien,

WordPress 3.8.1.
GF 1.8.4.
MailPoet 2.5.9.4.

Just tested again: both issues are still unsolved.

I send you an email

Regards,
Erik

Hi Sebastien, I don’t know what you consider ‘timely’, but it’s been 2 weeks now since I posted my 2 questions / bug reports in this forum and I have seen no replies yet. Any ETA on that?
Erik

I don’t see where you can select an existing image from the library.

Thanks for the update and mention. I will keep you posted on further updates of the language file.

Yeah sure @wysija, we’re awesome. As are you ?? However I would still like to see you comment on the issue itself. Has this bug been scheduled for fixing in a next version?