Interpreting Security Scan

  • Resolved jhaber31

    (@jhaber31)


    7 years, 10 months ago

    WP All in One runs its scans weekly. Most often, the results are easy to interpret as updates to plug-ins, because (1) I’ve recently updated a plug-in manually and (2) the files reported as changed are in the folder for that plug-in.

    My last scan, though, is trickier. It reports 20 files in wp-includes. They were changed on 5/17, and WP’s update to 4.7.5 was 5/16. That is suggestive, the files listed look essential, and there are no visible changes to my site suggestive of a hacker. Still, as opposed to plug-in updates, WP updates are automatic, and it’s harder to know which files are involved. Do I have an easy way to feel safe? I realize that I can subscribe to another security scan that looks not for changes but dangers, and I did for a month, all great, but the clean results also made me think there has to be a way to do without that. Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, do you know if those files reported have anything to do with a cache plugin?

    Thread Starter jhaber31

    (@jhaber31)

    I don’t know what I cache plugin is, but I suspect not. As I say, my best guess is that it is documenting the WP upgrade, but my fear is that it may point to unauthorized access.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, can you share your log files here so that I can check them? If you don’t want to share your log file here, you can contact me via my website. Click on my profile name to access my website.

    Regards

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi @jhaber31,
    One way to quickly check if those changes in the wp-includes directory (or any other WP core files) are from an official WordPress auto-update, is to see if “wp-includes/version.php” was also changed.
    This file will always be updated when a new WordPress version is pushed out to your site.

    • This reply was modified 7 years, 10 months ago by wpsolutions.
    Thread Starter jhaber31

    (@jhaber31)

    Thanks to you both. Indeed, it includes version.php, and that may be just what I needed to know. Definitely reassuring, especially given the dates I’ve already mentioned.

    But here’s the whole list, as requested:

    blog/readme.html
    blog/wp-includes/class-wp-customize-manager.php
    blog/wp-includes/taxonomy.php
    blog/wp-includes/class-http.php
    blog/wp-includes/class-wp-xmlrpc-server.php
    blog/wp-includes/version.php
    blog/wp-includes/js/plupload/handlers.js
    blog/wp-includes/js/plupload/handlers.min.js
    blog/wp-includes/js/wp-api.js
    blog/wp-includes/js/wp-api.min.js
    blog/wp-admin/js/customize-controls.js
    blog/wp-admin/js/updates.min.js
    blog/wp-admin/js/updates.js
    blog/wp-admin/js/customize-controls.min.js
    blog/wp-admin/js/common.js
    blog/wp-admin/js/common.min.js
    blog/wp-admin/about.php
    blog/wp-admin/includes/file.php
    blog/wp-admin/includes/update-core.php
    blog/wp-admin/customize.php

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Interpreting Security Scan’ is closed to new replies.