Is unkown file in wp-admin/.rnd a false positive?

  • Resolved madleine

    (@madleine)


    11 months, 3 weeks ago

    Hi,
    Wordfence high severity scan shows “unknown file in wp-admin/.rnd”. By clicking “see file” within wordfence scan, it is full of weird and chinese characters

    we have on this website updraft plugin. Is this file good or is it malicious?
    Let me know, thanks
    Best regards,

Viewing 2 replies - 1 through 2 (of 2 total)

  • Sounds like a dodgy file possibly. See what other people say.

    Someone dodgy had put an rnd directory in my public directory in the hosting where all the other wordpress files were. Then they had about 10 other files with scripts inside that. This all happened last week. Sounds similar.

    I’ve been dealing with some files in my wordpress site full of chinese characters which on my site were dodgy. I’ve been cleaning out dodgy files on my backend last few days! They were also hidden in the error-logs on my site as well.

    Good luck!

    Plugin Support wfpeter

    (@wfpeter)

    Hi @madleine, thanks for getting in touch about this.

    It looks most likely to be a file created by PHP’s random number functions, as we’ve seen this before: https://updraftplus.com/forums/topic/wordfence-unknown-file-in-wordpress-core-wp-admin-rnd/

    You should be able to safely set “ignore” on the result, especially if you’re using Updraft Plus on your site. Any plugin that uses those functions may create that file, though.

    Thanks,
    Peter.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Is unkown file in wp-admin/.rnd a false positive?’ is closed to new replies.