Modified plugin file: wp-content/plugins/wordfence/readme.txt

Usually, changes to readme.txt files in various plugins are ok. Most of the time, it means the author has updated the plugin’s field that shows which version of WordPress it is compatible with.

Whenever this happens, you can click the link to show what has changed for each modified file in the scan results. Since it is a text file, it is easy to see what the changes were (that may be harder when .php files change). You can click the link to ignore the file until it changes.

-Matt R

Hi,
I had a similar issue.

I got a warning that the readme.txt has been modified. I compared the original and modified versions, and it seems all three modifications concern Learning about WordPress Security (they were deleted).

Is this normal?

Thank you Matt for your explanation. However, it does not make sense to me. As far as I understand the way Wordfence operates is it compares the files of WordPress core, themes and plugins against their originals in the WordPress repository. When a difference is found, Wordfence issues a warning. Very often these alterations are obviously applied by the developer. So how can it be those altered files are not in the repository? I can only guess this is caused by a developer who has forgotten to upload an altered file to the repository. But my guessing is not good enough. In our common quest to make websites more secure, a clear understanding of how things happen is key. That is why to me it is not sufficient if a Wordfence rep states that changes to readme files are usually ok. Especially when this occurs to a Wordfence readme file, as happened this morning, I want to know how it is possible such a difference can occur and why it so often occurs after an update. If anyone can analize how this is possible it must be the Wordfence staff, especially in this case.

Please clarify what is causing the false positives, that occur strikingly often, but not exclusively, in readme files.

My main concern is that too many warnings undermine security, as I become less alarmed by them if nine out of ten times they concern a false positive.

I have wordfence installed on about a dozen wordpress sites and in the last 24 hours they have all reported the wordfence readme.txt having been changed.

If you’re generating false positives with your own development/distribution, does that imply you’re not following best practice yourselves?

I commonly receive these minor readme.txt changes for other plugins but this is the first time I’ve seen Wordfence detecting changes to it’s own readme.txt. Please can you confirm whether this is expected behaviour on this occasion? as it’s happening on the majority of sites I maintain.

Thank you for all your hard work on Wordfence.

Hi All,

To answer your question about whether we are not following our best practices: That is correct. We did not follow our own best practices in this case. We screwed up. We’re sorry. We have had an internal conversation about this and I’m going to share some of our current thinking:

1. We should not have checked in a change to a current version that produced this warning. Sorry about that. Won’t happen again.

2. We’re also questioning how useful it actually is to be alerted about a change in readme.txt vs a change in a .php file for example. We haven’t made any decisions about this yet, but we will be rethinking this as our product design goes forward.

Hope that helps clarify what happened here.

Regards,

Mark.

Hi Mark,

Thank you for your reply.

Hope that helps clarify what happened here.

As a matter of fact: no. Not really.
You make it seem as if the problem only applies to readme’s. As I wrote in my previous comment: the large number of false positives do not exclusively occur in readme’s.
And you haven’t explained how it is possible that so many false positives occur. It would really clarify things if you would describe the process that leads to those false positives. What exactly is being compared to what and when? Is this possibly related to the moment a plugin or theme is updated by the developer? Could I get less false positives if I waited a bit before updating? Or is it all due to developers not following the right procedures? If so, then which faults do they make?

So I will weigh in on this one too. Why was the information about the free wordfence learning center deleted from the readme file that has been modified in my sites? Is WordFence planning on charging for access to the currently free information?
===========================
While readme txt files may not be important, they are good files to hack and see the response. I suspect most plugin developers leave backdoors to the plugin to fix small things on the fly rather than issue a big update. That does not make the practice a good one for security.

I have also found that sometimes readme files do not get updated in update releases for some reason.

@wpwebbouw Sounds like you have a different problem to the original poster who was referring to our own readme.txt being modified. I recommend starting a new thread and posting the specific false positives you’re seeing. We’re not currently aware of any issue like the one you’re describing at this time.

@flyfisher842

So I will weigh in on this one too. Why was the information about the free wordfence learning center deleted from the readme file that has been modified in my sites? Is WordFence planning on charging for access to the currently free information?

No. Absolutely not. Unlike some other security providers who charge a lot of money for that kind of content, we are providing it completely free for the community to help secure you. You’re welcome.

While readme txt files may not be important, they are good files to hack and see the response. I suspect most plugin developers leave backdoors to the plugin to fix small things on the fly rather than issue a big update. That does not make the practice a good one for security.

LOL! No we don’t backdoor our own software. That would be both criminal and stupid because it’s open source and you can check the code yourself.

I think that’s all we have to say re this thread guys. If you have a further issue, please start a new thread with your specific problem, include as much supporting data as you can and we will be happy to address it.

Regards,

Mark.