File Change Warning

If those files are located in a /wp-content/wflogs folder, I believe those are WordFence files. It seems these files are regularly updated by WordFence, so there is probably nothing to worry about. Do doublecheck this in the WordFence plugin forum ??

It’s common practice to exclude files/folders that are regularly updated from the File Change Detection (FCD) scan. This can be done in the iTSec plugin FCD module settings page.

To prevent any confusion, I’m not iThemes.

Ok thanks. I will ignore the warnings.

@lordvader,

Personally, I would disable the File Change Detection feature of this plugin. We have.

There is no strong, useful purpose for this feature (i.e., does not detect malware injection) and slows down websites.

Simply perform a regular malware scan of your website using Sucuri Sitecheck, Google Safe Browsing, or VirusTotal and you’ll be just fine.

Cheers!

Read the iThemes Security Pro Feature Spotlight – File Change Detection post on iThemes blog and make a better informed decision ??

@nlpro,

Great post, thank you.

Unfortunately, it does not tell the user how to “spot” malware. Many plugins, files, etc. are changed from time to time which may trigger the file change notice (hashes don’t always match). It’s still up to the user to figure out potentially-harmful changes. From the post:

What To Do If You Spot a Security Breach or Hack

If you get a notification from iThemes Security that a suspicious file change has occurred and you suspect a breach has happened, there are a few quick steps you can take to mitigate the damage.

Last, the post suggests that every time you get an alert, there’s a malicious code in the website. Well, we had the feature turned on for a long time, received said alerts, and never experienced malware.

Recommendations:

(1) Update the File Change Detection feature notice to HIGHLIGHT the code that changed (not a long stream of data that the user has to pour through) .

(2) Perform an immediate, automatic malware check of the website when a file change is detected and add the results to the notice before it’s emailed to the website administrator.

(3) Improve the code such that websites are not impacted (i.e., slowed down) by this feature.

We’ll stick with our current settings for now.

Thanks for your contributions. Looking forward to the plugin developer doing the same.

Finally, don’t get me wrong, iTSec is a great plugin and appreciate its continuous improvement.

Cheers!