Suspicious file 'wordfence_tmpfile_wfsd_engine.php'

Yes, what’s happening here is that while Wordfence is doing various tasks like scanning, it stores data temporarily in your database. Some of the data we store comes in chunks and if a chunk is larger than your mysql database’s “max allowed packet” then we are smart enough to know that the mysql query will fail with an error if we try to write it. So instead we store it in your tmp directory.

It’s serialized data which is why it looks like garbage.

So the file is quite safe.

Regards,

Mark.

1) Doesn’t adding the inherent ability to write to the servers /tmp directory pose any security risk? Wouldn’t it be more prudent to write to a module tmp directory?

2) I have several sites running on this server, all with WordFence running. This file name is not unique. What occurs if more than one WF needs to write a temp file?

3) The client that this particular tmp file looks to belongs WF is not currently running a scan. Can I safely delete this file?

Thanks for the assistance.

Why has there been no answer to this?
1) seems like a very good question deserving of an answer.

Wordfence does attempt to write to its own temporary directory first, and falls back to the system’s tmp folder if that directory is not writeable. This might have changed since the original post 8 months ago. The current version of Wordfence also uses a unique filename for each installation.

I haven’t had to delete the temp file before, so I don’t know if it might break a running process. It might be used for process other than a regular scan, but if the file has an older date, it should be safe to remove.

I saw this tmp wordfence file for the very first time today. I deleted it.
I don’t feel it is secure for wordfence to be writing to the system tmp file

You could try checking the permissions on:
/wp-content/plugins/wordfence/tmp/
… to make sure that your web server user is able to write there. If Wordfence is able to write to that folder, I believe it should be using that one first.

/wp-content/plugins/wordfence/tmp/
Permissions 755

That’s what makes me wonder why Wordfence would, and could, write to the system tmp directory. Doesn’t seem right to me.

Ok, I can’t seem to duplicate the problem myself. Sorry if this doesn’t help — it might be something unusual in your host’s setup that is preventing the temp file from being created in that folder. The code that creates the temp file looks like it will use the Wordfence tmp folder if it can.

If you know where to find your host’s error log, it might have a message about what went wrong. The file might be in your web root folder, or in wp-admin (usually named error_log if using apache) — or it may be in another location, depending on your host.

No errors in log files.
My problem is the fact that a plugin, Wordfence, installed in a domain is able to access system files outwith the domain. It seems like a security hole just waiting to be exploited.