access to WF settings

Hi kimbert,
I think this image might be added to this list either by mistake (like you pasted some text there and didn’t notice that) or by any other admin user on your website?

Because if your website was hacked, there are many other dangerous stuff to be done by a hacker than just excluding an image from a security plugin scan.

I recommend deleting this image path from the excluded list, make sure you have the latest WordPress version, check that your plugins are all updated also, finally run a Wordfence scan and watch for any issues that might appear.

Thanks.

I recently found a similar issue: My WF settings ‘Exclude files from scan’ had two .jpg files listed (both with wp-content/uploads path).

I am certain I did not type in those file names, and I did not accidentally copy and paste them. I am the only admin.

I have deleted the image paths from this WF settings box.
However, I am concerned about how any file paths got to be inserted into WF settings. This seems potentially dangerous and I hope WF staff might investigate.

I am very grateful for Wordfence plugin, thank you!

Hi julesjules and kimbert,
I’ve rechecked this issue and I can confirm Wordfence will automatically add files to this list to be excluded from next scans only if these files are large or bulky ones that might cause a scan to fail.

However, if these files added there are relatively small in size that you don’t think they can cause any problem, I suggest following these steps to adjust “max execution time” and “memory limit”.

Also, please go to (Wordfence > Diagnostics) and scroll down the page then choose “Enable debugging mode“, after that go to (Wordfence > Scan) and click on “Start a Wordfence Scan”.

Paste any errors you may get here to check, and don’t forget to turn off the “debugging mode” after you finish the scan.

Thanks.

Hi wfalaa,

Thank you for this information. In my case, the two added files (.jpg) were quite small and seemed unlikely to cause problems for WF scan. My site has other jpg’s larger, smaller and similar size – no others got listed.

I have WF memory set to 256. Execution time is blank for default.
Today I updated WordPress to 4.6

After that, I enabled debugging and ran a new scan:
[Aug 17 14:11:04] Scan Complete. Scanned 3393 files, 4 plugins, 2 themes, 102 pages, 0 comments and 20367 records in 196 seconds.
[Aug 17 14:11:04] Wordfence used 27.37MB of memory for scan. Server peak memory usage was: 88.84MB

I did not see any errors but I’m unsure *where* they would show up. In WF scan windows? In diagnostics list? To ensure I checked completely, could you tell me where I must look for errors please?

Thank you for your help.

Errors should be displayed in the “Scan Detailed Activity“, you can also click on “View activity log” link at the bottom.

Anyway, maybe scan got stuck at one of these images because of a temporary reason, like the server was overloaded due to something else.

I would suggest to keep watching, and remove any of these excluded images in the list that might be added mistakenly.

Thanks.

I checked again, no errors. I think a scan getting stuck (at some past time) seems the most likely explanation.

Feature suggestion for WF: option to send alert email if a scan got stuck. Or include this in the weekly activity report.

Thank you again for your help on this issue. And a very BIG thank you to the whole WF team for the best plugin ever!

that is interesting, I took the jpeg off and will re install

the jpeg had a numbers after it

wp-content/uploads/2016/02/DSC_4078.jpg?255714

I didn’t check the weight of the file