No alert for out of date WordPress

  • I use the free plugin on two self hosted WordPress sites. Both sites hosted on the same hosting company. Site#1 WordPress automatically updates fine and WordFence seems to work without any issues as far as I can tell. However the same can not be said for site#2.

    For some reason WordPress was out of date on multiple occasions wrt minor builds. Today April 25/17 I logged in and discovered that even though 4.7.4 has been out for 5 days WordPress has not been updated nor has WordFence alerted me of this update being available. I checked the alert received from WordFence and the last one was 2 days ago alerting me a plugin needed updating.

    What concerns me that when I logged in WordPress indicted that there was a minor update available yet it never updated on its own nor did WordFence alert me that this update was available. I just went through and disabled plugins that haven’t been updated for 2 yrs in case that is the issue. I also looked through the wp-config.php file and could not see any entry disabling the automatic updates for minor versions of WordPress.

    I also noticed that WordFence has a series of plugin directories in its
    Exclude files from scan that match these wildcard patterns (one per line)

    I do not remember ever entering anything in this area of the plugin.

    This site was recently placed on a free Cloudflare account but the lack of WordPress autoupdating was happening before CloudFlare entered the picture.

Viewing 13 replies - 1 through 13 (of 13 total)

  • Hi @frustrated999,

    Sorry about the delayed response.

    Have you implemented your original WordPress installation via cPanel’s Site Software function?

    There are cases when installing WordPress as a cPAddon can cause the behavior you’re describing.

    Also if you’d like to make sure your site hasn’t been hacked please check the steps described here.

    Thread Starter frustrated999

    (@frustrated999)

    This was not installed via cpanel but installed years ago manually. It has been religiously been upgraded and is using 2FA for my login. No other accounts on the system.

    Hi @frustrated999,

    Another explanation could be that updates/notifications have been disabled either via a dedicated plugin or by modifying WordPress files.

    If you enabled the “Scan core files against repository versions for changes” feature, the Wordfence scan would show alerts regarding the impacted files.

    I also suggest you check the web server log files to see if you can find errors related to WP Cron, as the problem could be due to scheduled jobs not running.

    And I would like to reiterate my advice that you make sure your site hasn’t been hacked.

    Thread Starter frustrated999

    (@frustrated999)

    I checked the WP config files and could not see any indication that updates were disabled. I have no plugin installed that is designed to disable updates.

    Wordfence has always been set to scan against repository versions for changes and the other differences it has found were minor comment differences.

    Will see if I can find anything in the server logs.

    I already went through the make sure your site hasn’t been hacked.

    Hi @frustrated999,

    I would need additional information in order to further investigate.

    Could you please:

    • Go to the Wordfence Tools page
    • Click the Diagnostics tab
    • Scroll down to the Send Report by Email section
    • Send the report to “yann [at] wordfence [dot] com”

    Thank you.

    Thread Starter frustrated999

    (@frustrated999)

    Ok sent the report. Should mention a couple of things:
    1) This site is on Cloudflare free account but it was exhibiting this issue months before implementing Cloudflare
    2) This site as of last night has “Easy Updates Manager” bewfore then I was relying on WordPress updating which it never seem to do. I always had to manually update WordPress. The plugins were also manually updated once Wordfence alerted me of outdated plugins.

    Hi @frustrated999,

    After discussing this topic with my colleagues as well as doing research and multiple tests, I was finally able to reproduce the issue you’re experiencing.

    It is very likely that the functions.php file of your active theme has been modified (add_filter instruction) in order to disable update notifications.

    In such case, the modification will also prevent Wordfence from reporting WordPress being out of date. (Note that such modification can also be implemented for plugins and themes).

    I suggest you check the functions.php file of your active theme and see if you can find any code containing “update_core” and “remove_core_updates”.

    I installed the same theme/version you’re using (Business World, version: 1.1.22) but couldn’t find any code disabling updates/notifications in functions.php.

    In case you’re not the only person administering this site, maybe the theme’s code modification was implemented by the same person who added the list of plugins directories in the Exclude files from scan that match these wildcard patterns field.

    In your original post you mentioned another site (site#1) on which WordPress automatically updates fine and Wordfence seems to work without any issues […].

    Are site#1 and site#2 using the same theme? If so, could you compare both functions.php?

    Thread Starter frustrated999

    (@frustrated999)

    First want to thank you for the work behind the scenes regarding this issue.

    As far as I know this theme is a stock install with only modification to text size etc.
    I checked the functions.php file installed for the site and found no reference to either “update_core” or “remove_core_updates”

    I am the only person administering this site and updating the posts. The other site (Site#1) that has no issue updating WordPress or Wordfence automatically is using a different theme which uses a child theme.

    As mentioned in my prior post I have installed “Easy Updates Manager” on the problem site (site #2) and updates to plugins are being applied fine. There has yet to be an update to WordPress since the installation of “Easy Updates Manager” so time will tell whether WordPress is going to be updated or not.

    Hi @frustrated999,

    Thanks for the feedback.

    I’ve done some more testing and it appears that placing such code in one of the plugins’ code also causes notifications to disappear and out-of-date versions not to be reported by Wordfence.

    Can you confirm that along with the “Scan core files against repository versions for changes” option (you already confirmed this one), you also enabled the “Scan theme files against repository versions for changes” and “Scan plugin files against repository versions for changes” options?

    If not, please enable them and run a new scan. If some plugin/theme code differs from what is in the official WordPress repository, you should get a warning from Wordfence in the scan issues list.

    Keep me posted

    Thread Starter frustrated999

    (@frustrated999)

    The “Scan theme files against repository versions for changes” and “Scan plugin files against repository versions for changes” options were already enabled and have been for months.

    Hi @frustrated999,

    WordPress 4.7.5 was released yesterday, so I wanted to check with you if this was reported by Wordfence?

    If not, I suggest you search through all folders of your site in order to locate any piece of code that could disable WordPress notifications.

    I realize that such a task amounts to looking for a needle in a haystack but considering the checks you already performed, I can’t think of any other way to locate the code.

    Thread Starter frustrated999

    (@frustrated999)

    Alas I still had the “Easy Updates Manager” so the site was automatically updated. I have since disabled that Plugin and will monitor the site for outdated plugins or WP versions. I should see notifications of outdated plugins and WP versions if WordFence is working. In fact WP and WordFence should autoupdate themselves automatically. Wished I had disabled “Easy Updates Manager” last week but hindsight is always 100%.

    If you do not mind I will update this thread when I find out more.

    • This reply was modified 7 years, 10 months ago by frustrated999.

    Thanks for the feedback, @frustrated999!

    Keep me posted.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘No alert for out of date WordPress’ is closed to new replies.

Tags