Scan’s false possitive?

  • Resolved Panos

    (@xpanos)


    4 years, 3 months ago

    We have an index.php file in a wp-includes folder of our installation, with a line on it “Silence is gold” for no attempt to happend and open by an attacker.

    Occasionally when wordfence scan scanning, comes back with medium or high risk issues found regarding that file.

    When it comes with th medium says that this file has been changed, something that after we investigate if changed, isnt true.

    When it comes with the high risk it says Unknown file in WordPress core: wp-includes/index.php Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. Learn More..

    In both cases we proceed with mark as fixed, but wordfence occasionally again, find the same file again as a threat.

    Is that a fault positive or not?

    How can we manage to avoid that to happend?

    Thanx in advance

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @xpanos, thanks for reaching out to us for this.

    In the same way that we check www.remarpro.com plugin files for inconsistencies between known release version files and the files you have on your installation, we do the same with WordPress itself. This will be flagged because you have created a index.php that is not included with the WordPress installation package, so it assumed to be an inserted file.

    I would recommend either deleting your extra index.php to suppress the errors and using .htaccess to disable directory browsing, or selecting the “ignore” option in Wordfence > Scan > Results Found if you prefer.

    It’s not a catastrophe that your users know the directory contents, but they don’t need to know. So you can block that information if you choose.

    Thanks,

    Peter.

    Thread Starter Panos

    (@xpanos)

    Peter, thank you very much for your recommentation.

    As for the choice of ignore the file option we tried many times but wordfence it comes back again..
    I think it would be wiser to go with your suggestion on deleting index/php and add a rule for that in .htaccess
    Btw do you have in handy that .htaccess rule to avoid lookin around for that?

    Rgrds

    Plugin Support wfpeter

    (@wfpeter)

    Hi @xpanos,

    Firstly, download your .htaccess file and make a copy so you can restore it immediately if anything goes wrong. This should be found in the root directory of your site when accessing via FTP or your host’s file manager.

    Open it in a text/code editor of your choice. Find the line that says # END WordPress and add the following lines directly below:

    
# Disable Directory Browsing
Options All -Indexes

    Upload the new .htaccess file and overwrite the existing one.

    You should be able to visit folders like /wp-includes to verify that directory browsing is now disabled by seeing a “Page Not Found” or “Forbidden” error message.

    I hope that helps you out and has the desired effect.

    Thanks again,

    Peter.

    Thread Starter Panos

    (@xpanos)

    Peter thank you very much, indeed.
    Your help is precious as always!
    Regards

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Scan’s false possitive?’ is closed to new replies.