I recently conducted a security scan using Wordfence, and it flagged several critical issues that I need assistance with. Here’s a summary of what was detected:
Malicious or Unsafe Files:
Wordfence flagged two files within the Wordfence Activator plugin:
File: wp-content/plugins/wordfence-activator/main.php
File: wp-content/plugins/wordfence-activator/functions.php
Both files were marked as “Critical” with potential security risks, but I’m unsure how to address them or if they should be deleted or repaired.
Vulnerable Plugin:
Plugin: “WP Affiliate Platform”
Issue: Wordfence identified this plugin as having a security vulnerability, which it flagged as critical. I’d like to know if this can be resolved by updating, or if removing the plugin is recommended.
Outdated Plugin:
Plugin: “WordPress Automatic Plugin” (version 3.99.0 -> 3.107.0)
This plugin was flagged for needing an upgrade. The issue was rated as “Medium.” I’d like to confirm if simply updating this plugin will resolve the issue without any compatibility risks.
I’d greatly appreciate guidance on the safest steps to take to resolve these issues, particularly for the critical flags. If there are specific actions I should take within Wordfence or any alternative solutions, please advise.
Thank you for your assistance!
Contact Information (optional): If you need further information, feel free to contact me at [email redacted by moderator]
]]>“We would like to notify you that a malicious code was detected on newly uploaded/edited files that are part of your website lonniebusch.com. The permissions of the detected files have been changed and they are currently?not executable.”
I restored my website from Siteground’s backups, then updated my website and plugins. When I did, I got a curious behavior from my Backups Migration plugin, an annoying popup window prompting me to click it so I could continue. Each time I dismissed it, then went to do something else, it popped up again. So I removed the Backup Migration plugin. But now, even though the plugin is gone, I am still getting notices from Wordfence that these malicious files are on my site. See below:
Critical Problems:
* File appears to be malicious or unsafe: wp-content/backup-migration/backups/latest_progress.log
How can I remove them or stop them from being generated? I have used WordPress Advanced Database Cleaner several times but with no luck. I still get these prompts from Wordfence about malicious files with the .log extension. Do you have any suggestions?
Sorry this is so long, but I felt I needed to explain the situation as best I could.
Thank you,
Lonnie
]]>I found this message :
How do I change scan settings, so that these 6 paths are not skipped?
Also : [Aug 23 00:06:36:1692749196.160924:2:info]?Adding issue: File contains suspected malware URL: wp-content/wphb-cache/cache/mobile/myeatingright.com/a-sustainable-way-to-eat/40db2b3d386790521c5e155076f794cf.html
Has this malware been removed?
Thank you for your advice,
Enrique Vanegas
]]>Description:
A sufficiently privileged user can upload malicious documents to the target application.
Detailed Information:
A crafted and known malicious (yet controlled and benign) document was uploaded to the target application and was seemingly not blocked by antivirus software. The risk associated with this is that the application (and by association, the Azure storage service) can be used to house malicious and unfiltered content which may be against policy or introduce risk to the business. The web application could unwittingly be used to indirectly store malicious software that could be used to attack users of the application and spread malware.
Suggested Remediation:
Filter all uploaded files through anti-virus software to ensure user-provided documents are not malicious.
The main point is that I want to avoid the possibility of uploading malicious code. How does Wordfence deal with that problem? It was recommended by a colleague, but I do not see any areas in the backend that are dealing with the topic.
Thanks
Raphael
Unknown file in WordPress core: wp-admin/css/index.html
Type: File
Unknown file in WordPress core: wp-includes/js/jquery/jquery.dev.js
Type: File
Publicly accessible config, backup, or log file found: wp-content/debug.log
Type: Publicly Accessible Config/Backup/Log
Unknown file in WordPress core: wp-admin/css/press-this.out.css
Type: File
Thank you
Melanie
Running WordPress 5.5.3
running PHP 7.4
I had this same problem a few days ago on another website – on a completely different server. FVM ver 3.0.0.
This was, in part, your response:
“There are two possibilities here, either:
a) You are not installing the plugin from www.remarpro.com or
b) There is malware on your site, which is infecting the plugin as you are downloading it and installing it.”
Plugins auto updated via www.remarpro.com
What are the chances of 2 hacked websites on 2 separate servers ?
This email was sent from your website “Cleary’s Landscape and Lawn Care” by the Wordfence plugin.
Wordfence found the following new issues on “Cleary’s Landscape and Lawn Care” (1 existing issue was also found again).
Alert generated at Tuesday 29th of December 2020 at 12:18:33 AM
See the details of these scan results on your site at: https://clearylawn.com/wp-admin/admin.php?page=WordfenceScan
Critical Problems:
* File appears to be malicious or unsafe: wp-content/plugins/fast-velocity-minify/layout/admin-layout-help.php
* File appears to be malicious or unsafe: wp-content/plugins/fast-velocity-minify/layout/admin-layout-settings.php
* File appears to be malicious or unsafe: wp-content/plugins/fast-velocity-minify/layout/admin-layout-status.php
* File appears to be malicious or unsafe: wp-content/plugins/fast-velocity-minify/layout/admin-layout-upgrade.php
]]>I got a serious malware attack on my website.
I checked my webiste with wordfence and it is showing so many malicious files. I just want to ask whether these files are core WP files or not is not?
Filename: wp-content/chitoge.php
Filename: wp-content/albedo.php
Filename: wp-content/404.php
Filename: lonT.php
Filename: ryukz.html
Filename: 4dfeed
Filename: wp-content/themes/novo/lonT.php
Filename: wp-content/themes/ryukz1/chitoge.php
Filename: wp-content/themes/ryukz1/lonT.php
Filename: wp-content/wp-uplods.php
Filename: wp-includes/Mobile.php
Filename: wp-zici.php
Any ideas please?
]]>