Wordfence Warnings

Hi sgmiller,

Does Wordfence say which file it is referring to when it says “this file” ?

That a file has been modified could be harmless or could be troubling – it’s not possible to say which without more information. Like most plugin authors, we sometimes update the version at www.remarpro.com without changing the version number – e.g. to release a bug fix which is affecting only a tiny number of users (if we make everybody update too often by changing the version number then some people complain). So it is not necessarily a problem.

To be on the safe side, just de-install UpdraftPlus, then re-install it using the WordPress dashboard’s built-in plugin installer. UpdraftPlus will remember all your settings.

David

I have experienced the same issue. I will reinstall the plugin, but if you want a snippet of what WordFence has found, I can send that to you.

Changed lines 655-659

and deleted lines 1317 & 1318
if ($a == $table_prefix.’users’) return -1;
if ($b == $table_prefix.’users’) return 1;

Yes, those lines changed have changed in the version available for download at www.remarpro.com, without the overall version number changing.

Really, Wordfence needs to change its algorithm, because it’s a false warning. Lots of plugins (I speak as someone who manages approximately 100 WordPress websites and uses change management tools to monitor them) release small changes without bumping their version numbers. The problem with bumping the version number is that it shows an update to everyone, and that may annoy more users than it helps, especially if the change is small. Wordfence needs to adapt to this situation, which isn’t likely to change (it is widespread across many plugins) and stop giving the false warnings when it happens. Wordfence could monitor the changes in versions available at www.remarpro.com, instead of assuming that if the version number hasn’t changed then nothing else has changed.

David, Thanks for the update, I appreciate your feedback.