sucuri-auditqueue.php and other files

  • Resolved hbox11

    (@hellobox)


    6 years ago

    Hellos,

    There are Sucuri related files with names like:

    sucuri-auditqueue.php
    sucuri-settings.php

    and other files in /wp-content/uploads folder..

    They seemed to have been updated today! Are they genuine? Is it okay to delete them?

    Is there any documentation on the list of genuine Sucuri files?

    Thanks in advance for the response.

Viewing 2 replies - 1 through 2 (of 2 total)
  • yorman

    (@yorman)

    Hello @hellobox

    The files may be genuine.

    • File sucuri-auditqueue.php is used to temporarily store the security events triggered by your website before the plugin sends them to Sucuri for secure storage. The plugin re-creates the file every time WordPress triggers an event with relevancy
    • File sucuri-settings.php is where the plugin stores the user configuration. If you modify the options from the plugin’ settings page, the changes will be added to this file. Deleting the file implies that you are resetting the plugin configuration

    I say “may be” because a hacker could inject a file with the same name in other parts of your website, so even though the plugin creates files with these names, you shouldn’t necessarily trust them without close inspection. You said the files are in “/wp-content/uploads/” but in reality, the plugin uses “/wp-content/uploads/sucuri/” so it’s possible that the files you found are corrupt.

    Marking as resolved, let me know if you need more information.

    Thread Starter hbox11

    (@hellobox)

    Thanks so much for the response! I appreciate. ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘sucuri-auditqueue.php and other files’ is closed to new replies.