Wordfence warning /wordpress-seo/wp-seo-main.php

  • Resolved wpmakenorg

    (@wpmakenorg)


    3 years, 8 months ago

    On some of our sites we got warnings by Wordfence (today and yesterday)

    Medium Severity Problems:
    * Modified plugin file: wp-content/plugins/wordpress-seo/wp-seo-main.php

    Can you explain what is wrong? As all sites run with Yoast and not all sites get this message.

    Thks Janneke

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support Suwash

    (@suascat_wp)

    Hello @wpmakenorg and thanks for reaching out to us!

    That looks like a false-positive message since the given file is a known file within Yoast SEO. Wordfence is just noticing changes within that file which was a trivial change and won’t impact plugin functioning and the message should eventually disappear.

    An alternative workaround is to delete the Yoast SEO plugin and reinstall it. You are not expected to lose the data.

    However, for your site’s health and safety, we recommend creating regular backups of your site and database. This is especially important before installing, updating, or removing plugins.

    @wpmakenorg if you’ve recently (auto)updated our plugin, this may be the cause of this, as files will get updated and modified.

    However, if you’ve not recently updated the Yoast plugin; does WordFence show you what exactly has changed in the mentioned file? If so, can you share that?

    Thanks for pointing this out. I’m Tim, the Lead Customer Support Engineer at Wordfence and Taco, the Community manager at Yoast, was so kind as to let me answer here.

    In most plugins there is a readme.txt file that, among other things, includes the “Tested up to” value that tells users what version of WordPress the plugin works with. Yoast has changed their code a little (which is totally fine) and added a constant in the code that also includes that information. Wordfence ignores text changes in the readme.txt file but changed code in a plugin is something you should know about. When a site is compromised often times changed code in plugins or themes, or even WordPress core files, is the first sign that something is amiss.

    In this particular case Yoast released version 15.9.1 and this value was not changed and still indicated that the plugin was only tested up to WordPress version 5.6. Team Yoast quickly spotted the problem and fixed it in the repository at www.remarpro.com effectively releasing a second version of 15.9.1. This version corrected the constant to indicate that the plugin is tested up to WordPress version 5.7. As a result, if you had updated before the change was made you would get the scan warning you saw. If you updated after the change, you wouldn’t.

    To fix this, just choose the repair option for that scan result. It will fetch the corrected version and replace the old version on your site. Since this is just a constant there should be no problems at all.

    https://postimg.cc/t7dZYZrn

    I might add that Team Yoast is very on top of these things and super responsive. Thanks Taco and Team Yoast for taking care of this so fast!

    Tim

    Plugin Support Michael Ti?a

    (@mikes41720)

    Hi @wpmakenorg,

    Would it be possible for you to click on the ‘repair’ option (as per the screenshot https://postimg.cc/t7dZYZrn) and see if this fixes the warning?

    Thanks @wfsupport for helping address this concern as well!

    Thread Starter wpmakenorg

    (@wpmakenorg)

    The repair option worked – seems ok now on all sites.

    Thread Starter wpmakenorg

    (@wpmakenorg)

    solved

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Wordfence warning /wordpress-seo/wp-seo-main.php’ is closed to new replies.