Hack or False Alarm

  • Resolved verdipro

    (@verdipro)


    3 years, 12 months ago

    I have 53 alerts showing up in Wordfence, about 38 of them are showing as high severity.

    Most pertain to files such as:
    Unknown file in WordPress core: wp-includes/js/tinymce/skins/wordpress/images/animation_81.gif

    I don’t see any other issues elsewhere, including the database. Are these just odd files that WordPress added over time, or is there something else going on here?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @verdipro thanks for your question!

    This could be a case of false-positives but Wordfence checks the www.remarpro.com repository when comparing files for malicious changes, so if your version is showing extra files it might be worth checking your diagnostic – which will include your scan results.

    To me, this looks like a TinyMCE skin/icon pack which you may be aware of installing, which would be why the plugin folder has 53 modifications but let’s make sure.

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    Note: For the fastest response time, please make sure and add any information or questions directly to this topic and not the email address above unless asked.

    Thanks,

    Peter.

    Thread Starter verdipro

    (@verdipro)

    ok just sent it thank you. I agree I think it is false positives also. I have a very good backup/update/backup regimen, so I would be surprised if someone got through before an update was in place.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @verdipro,

    I’ve taken a look at your diagnostics and believe the .gif files are indeed related to TinyMCE skins or icon packs so it would be safe to ignore these files.

    However, there are other reports of file versions that have been superseded or plugins that are abandoned. I would strongly recommend updating plugins where possible and seeking actively developed alternatives to these; or disabling the plugins altogether as the developers will not be looking out to patch vulnerabilities in them. We recommend keeping all of your WordPress installations and plugins up-to-date at all times.

    Thanks again,

    Peter.

    Thread Starter verdipro

    (@verdipro)

    Thank you for the info. All the plugins are updated (they get updated monthly) so all is set there. Is there a way to figure out which plugin caused these files so that I can determine if I can disable it?

    Plugin Support wfpeter

    (@wfpeter)

    Hi @verdipro,

    No problem at all. The plugin causing the additional files that we’re ignoring was TinyMCE which is a commonly used visual editor for HTML or other text-based content. It may be in use, or at least included by a theme or template editor so disabling it may cause knock-on effects.

    The plugins that were reported as abandoned were “Smooth slider” and “Columns”. Both were last updated over 2 years ago.

    Thanks,

    Peter.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Hack or False Alarm’ is closed to new replies.