false alarm – WordPress core file modified: wp-config-sample.php

  • Resolved peraburek

    (@peraburek)


    7 years, 8 months ago

    Hello Wordfence Team,

    I would like to report false alarm with wp-config-sample.php

    WordPress 4.8
    and
    Wordfence Security – version: 6.3.12

    I am using official WordPress releases in other (non-English) languages for example: German, Croatian etc.

    after Wordfence scan, there is warning:

    This WordPress core file has been modified and differs from the original file distributed with this version of WordPress.

    but everything is fine with this file, it is just that Wordfence is not comparing against WordPress installation language, but against WordPress english version of file wp-config-sample.php

    idea for BUG FIX:
    could you please add rule to compare WordPress files against official WordPress releases in installation language of particular installation

    that would resolve false alarm with wp-config-sample.php

    Thank you very much for such a great plugin, and for keeping Wordfence free for students :))
    Thank you very much for your understanding, time and effort!
    Best Regards,
    Peter

    • This topic was modified 7 years, 8 months ago by peraburek.
Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi Peter,
    Thanks for bringing this issue to us, the thing is that starting from WordPress 4 you have the option to install WordPress in different languages during the installation process, and you can change the Dashboard language from (WordPress Dashboard > Settings => General), following both scenarios won’t lead to such a problem.

    As you have already installed WordPress in the way you described, you can simply click on “Ignore until the file changes.” for this file.

    Thanks.

    On a related note, I’ve seen some malicious bot traffic that attempts to hit wp-config-sample.php, so I delete it after each WordPress update, and keep that file name and URL in my Wordfence “Immediately Block URLs” list in Wordfence Options.

    Yet another example of standardized WordPress file names and URLs that make it easy for bad bots.

    Please Wordfence, offer option to “Delete Selected Core Files after WordPress Update.” This could be checkboxes, or just the option for us to fill in a dialog with the files we’d like deleted each time a WordPress update installs them.

    MTN

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘false alarm – WordPress core file modified: wp-config-sample.php’ is closed to new replies.