Malware file missed by WordFence

  • Resolved jeffersonpowers

    (@jeffersonpowers)


    1 year, 2 months ago

    I recently had a security issue where a hacker had added an extra file to the following directory:

    wp-includes/js/tinymce/utils/

    The file was named “wp-tinymce.php” which is the name of a file from the parent directory, but doesn’t belong in this directory. Also, the file was about 10 times larger than normal. A Wordfence malware scan did not detect the file. My hosting company flagged it as malicious, and gave me the all-clear once I deleted it.

    Is there a known reason why the Wordfence scan didn’t catch this file? (In fairness, Sucuri Sitecheck didn’t catch it either.)

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @jeffersonpowers

    You can send a copy of the file to samples [at] wordfence [dot] com and if we deem that malicious code has been added to it then we can create a malware signsture for it.

    Thread Starter jeffersonpowers

    (@jeffersonpowers)

    Unfortunately I deleted the file, so I don’t have a copy to send.

    The hosting company found it, I wonder what they are scanning for that Wordfence is not.

    Does Wordfence scan and warn for extra files in places where they shouldn’t be, even if they don’t come up as malware? For example, in this case, the file was in a directory in wp-includes where no file of that name should have been.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Malware file missed by WordFence’ is closed to new replies.