AprilLHamilton

@brandon
But none of these files appeared to be malware: they were always index.html files. I understand an index.html can host a malicious script too, but malware injections are usually accomplished through .js or .php attacks, and injecting a lone, foreign index.html that doesn’t link into my actual site and can’t be reached from any page on my site isn’t a very effective means of spreading malware.

And the iThemes security report wasn’t listing potential invasions or infections, it simply always includes a list of files that have been added, modified or changed. So for example, when I deactivated and removed your plugin that report showed all the files for your plugin in the Deleted section. If I update a given plugin, the report shows all the plugin’s files in the Modified section.

@brandon
As soon as I disabled your plugin and deleted all of its files, the problem went away. No more reports of mystery files since then.

However, I think it may be a compatibility issue between your plugin and my security plugin (iThemes Security Pro), since it’s the security plugin that does the change reporting and the issue cropped up after the last security plugin update. Whatever the case, I’m leaving your plugin off my sites for the time being—don’t want to risk the possibility that there really are foreign files being added to my sites.

Nope. And as you can see, nobody has chimed in here, either. =’/

Same here.

This is still happening. Does anyone have a solution?

P.S. Should’ve mentioned – every time this happens the fix is the same: I paste the missing block back in, and my site’s immediately back to normal. It’s just that there are some days when I can’t check it (e.g., away from computer) and my site ends up being down all day if the mod_rewrite block has been removed by Better WP Security.

Great, thanks!