Modified plugin file: wp-content/plugins/wp-mail-smtp/wp_mail_smtp.php

  • Resolved happik

    (@happik)


    7 years, 9 months ago

    Dear support.

    I got the message
    “Modified plugin file: wp-content/plugins/wp-mail-smtp/wp_mail_smtp.php”
    from WordFence.

    Should I reinstall it or leave it?

    Thank you.

Viewing 9 replies - 1 through 9 (of 9 total)

  • I also have the same notification on several sites from my Wordfence security alert.
    I clicked “See how the file had changed” in the notification on the WF scan page and it seems to me that is something related to the new maintainers of the plugin.

    Anyway a note from the plugin author would clear these doubt.

    The previous credits were attributed to WP Forms / Syed Bahkli. Now the modified reverts back to Callum Macdonald, the original author. I always thought Callum is/was the maintainer, only today I noticed the previous takeover by WPBeginner enterprise. There should be definitely a clarification from original author…

    • This reply was modified 7 years, 9 months ago by bsusala.

    I have the same problem and have had it with other plugins. It’s the result of the plugin author changing the files distributed by www.remarpro.com.
    It can be fixed but reinstalling the files.
    I believe some authors can some files and do not mark them as a new version number so wordfence catches the change in files and treats it like a threat.

    Looks something like you forgot to register the file modification with the WP plugin repository, Callum. Please remember to do that when updating files to save your users the time of having to security-check the modified file. Thanks.

    The plugin was acquired by WP Forms: https://wptavern.com/wpforms-acquires-wp-mail-smtp-plugin.

    Mistery solved.

    The question of ownership is answered – but the transition shouldn’t have involved a lapse in updating the repository. Could have been handled more smoothly.

    Thread Starter happik

    (@happik)

    Dear all.

    1) Should the reinstall of the plugin solve the problem?

    2) How to reinstall the plugin without loosing the settings of the plugin? I have there an application password to google account and I would like to preserve the settings.

    There is no functional problem with the plugin, so there’s no reason to uninstall. The only issue is that they changed the name of the author and contact URLs in a file, but they didn’t create a new version of the plugin to do that, and register the changed version with the plugin repository. This means that WordFence saw the difference and alerted its users. So, all you have to do is ignore this change. In WordFence, you can mark the security issue with “Ignore until the file changes” or even “I have fixed this issue” so that the alert goes away.

    Thread Starter happik

    (@happik)

    Ok, thank you. I will choose ignore.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Modified plugin file: wp-content/plugins/wp-mail-smtp/wp_mail_smtp.php’ is closed to new replies.