Different behaviour between Wordfence plugin and CLI

Hi @lanreoyewole, thanks for reaching out about this.

I would be more than happy to speak with the CLI development team to double-check whether the Wordfence plugin’s scan results should’ve also been picked up, although I’ll need to know a little more first.

Do you have screenshots, or copy/pasted scan results from the plugin about which file(s) and precise malware was detected. This will just help us run any tests necessary to reproduce any issues.

Many thanks,
Peter.

Hi again @lanreoyewole,

I assume you’re using the free Wordfence plugin, as the paid version of the plugin will access a different set of malware signatures. Do you also have the specific CLI command you were using for the malware scan to compare the two results? I should’ve asked for that as part of the screenshots but hadn’t made that clear.

Thanks,
Peter.

I do not have the output of each run, just the email that is sent afterwards. The tasks are run as cron jobs, between midnight and 0030hrs, every morning.
I can forward the relevant emails to you, one from the plugin and the other from the cron job.

Yes, I am using the free Wordfence plugin. The CLI command is in the subject of the email that I said I would send to you, but I can reproduce it here, if you want.

Thanks a lot for the support, I really appreciate it.

Regards and God bless.

Hi @lanreoyewole, thanks for getting back to me.

I’ve spoken to the team about the issue you’ve seen here. CLI currently uses a manually curated subset of our signatures, so different detections to the free plugin’s signatures are expected. The intent is to ensure results match in future by bringing the plugin and CLI signature sets inline with each other. I don’t have a date for that, but it is currently being planned.

Many thanks again,
Peter.