Wordfence failed to scan its own files for infection

  • Resolved jonwarmington

    (@jonwarmington)


    7 years, 1 month ago

    Hello, one of my websites was recently exploited, and it turns out it was the wordfence log config file that had injected code at the top.

    wflogs/config.php

    The wordfence scan always returned no issues. I was checking to see what files had changed in the past days, and only the wordfence ones had, so i just happened to open up the config file and it was loaded with injected code. Then I noticed in WP if you go to the firewall it states the file is corrupt, click here to rebuild.

    Maybe you should include your own wordfence files in the scan? Would have saved me alot of time, and also avoided loads of bad traffic!

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @jonwarmington,

    I can confirm that Wordfence does scan its own files.

    This may just be a case of new malware we aren’t detecting yet. Therefore we would really appreciate if you could send a copy of the file to samples[at]wordfence[com], so we can look at adding a signature for that malware.

    I’d also strongly advise you to follow our site cleaning guide as there is most likely additional malware — the wflogs/ directory has an .htaccess file that prevents direct access, so it generally wouldn’t be useful to infect just those files; most likely the same malware or different new malware is in other files too.

    Thread Starter jonwarmington

    (@jonwarmington)

    Hello thanks. It looks like somehow the injection caused wordfence to not scan properly? I saw it happen on another site, once i removed the injection it was able to scan again.

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Wordfence failed to scan its own files for infection’ is closed to new replies.