Got warning on sucuri regarding possible plugin file/infiltration?

Hi tg1, I just did some test using sucuri.net website and I am also running the latest version as you are and I don’t get any warning messages like you do.

I suspect that your site has been compromised. To prove if my theory is correct, can you disable this plugin and delete the plugin. Carry out another test in sucuri.net website?

If the warning still appears then you know that it has nothing to do with the plugin and that your website has probably being compromised.

Kind regards

I too just received a notification via Sucuri for the same file about 10 mins ago. I just installed the plugin 2 days ago.

@tg1 and @matt_sawyers,
If you can tell us exactly which line from that file sucuri is triggering the warning for and if you can please paste the line’s code we can confirm it for you.
This might simply be a case of false positive.

Probably a false positive, got exactly the same warning by sucuri for another plugin last night which is 100% clean.

Hi

I got the same warning last night from Sucuri for all of my sites that use the All In One plugin.

I have submitted all of the affected sites for a manual malware clean by the Sucuri team.
I will let you guys know what they come back with when they have done their work.

I looked at the plugin’s PHP file the warning referred to on one of my sites but to me it looks completely clean.

The warning email was:
Warning: File possibly compromised: ./wp-content/plugins/all-in-one-wp-security-and-firewall/admin/wp-security-filesystem-menu.php (php.backdoor.webshell_gen.045). Manual review recommended.

but the Sucuri dashboard, nor the plugin, seem to give any more info than that.

Hi there,
same problem here, got a warning today from Sucuri:

“Warning: File possibly compromised: ./wp-content/plugins/all-in-one-wp-security-and-firewall/admin/wp-security-filesystem-menu.php (php.backdoor.webshell_gen.045). Manual review recommended.”

I just downloaded the latest version of the plugin (which i already use on my site) and compared the file i’ve installed with the file from the archive, everything is the same. No difference at all ???

I got this message from Sucuri for all of my scans:

The site is clean and was not reinfected. The warning was caused by some suspicious code we found inside:

/wp-content/plugins/all-in-one-wp-security-and-firewall/admin/wp-security-filesystem-menu.php

However, that plugin is just looking for malware and is not malicious.

In the next scan, it will show up as clean.

thanks,

So looks like its all ok.

Yes, I apologize for the scary warnings. We incorrectly flagged a file inside the plugin, but our team corrected it already.

On our next scans, it will return as clean as it should.

Hi @tg1, as pointed out by @daniel Cid it was an incorrect flagging of a file. If your question has being answered could you mark this support thread as resolved.

Thank you

@daniel, Tannk You for clearing that up.