scott5598

I just tested @brbrbr work around on the one (and only of several) multi-site installs that I have that was flagging a slew of non-existent upload files reported in this thread.

Steps:
1. Re-enabled “Scan wp-admin and wp-includes for files not bundled with WordPRess” that I had unchecked as a containment action.
2. Started a scan, which again began to report no-existing files in upload
3. Aborted the scan
4. Implemented the work around
5. Ran a full scan . . . NO non-existing files reported in Upload!

FYI only comment: Of the total of five existing directories that I found in blogs.dir, one of them (blogs.dir/4/files) had no contents at all, the same as the blogs.dir/1/files folder I added.

Thank you @brbrbr for this easy to implement, nil risk to leave in place (as I see it) work around!

Scott

• This reply was modified 2 years, 5 months ago by scott5598.
• This reply was modified 2 years, 5 months ago by scott5598.

Matt R,

Thanks for the feedback. From what I have read so far based on the concern as reported by others in this thread, starting with @staze, it appears to me we’re all seeing/reporting on the same thing!

To quote the title of the thread: “Wordfence seeing files in uploads that aren’t in uploads” in a WP multi-site installations. That’s exactly what I’ve seen, including literally hundreds of severe warnings for files that aren’t in the uploads directory but turn out to be in the admin directory, as @gothickgothickorguk noted.

I’ll keep following the thread, as whatever resolution is identified I believe is what I’m looking for as well.

Thanks again.

Scott Simpson

Just sent both requested diagnostic items
Scott

Woke up to see the same thing this morning in a WP network install Wordfence email alert this morning. It freaked me out!

Wordfence FREE is reporting 574 instances of “Unknown file …”

Here is one example:”Unknown file in WordPress core: wp-content/uploads/js/inline-edit-post.min.js.

After reacting too quickly, in hindsight, by manually and then automatically deleting all of the files . . . WHICH BROKE THE WEBSITE . . . and after doing a full restore, the problem was back!

The second time, I started by looking for a selection of the reported files using cPanel File Manager and Filezilla FTP. None are in the the uploads (or other?) directory/directory as reported by Wordfence. I then clicked on VIEW FILE link for a few of the instances. Wordfence displayed the files but indicated they are located in their apparent correct locations in wp-admin (for the instances I checked). So, I believe I’m seeing the same issue that others have reported.

I’ll post this and then capture/send the diagnostic report.

Scott

Ashley,

Well, maybe it is the official link and a false positive or maybe it’s not!

The BETTER approach is for UndraftPlus to sort this out on behalf of all of its Customers working with Google and/or Wordfence and then to let us know what the resolution is.

Thank you, in advance.

Scott

I’m seeing the same warning as well . . . so far for three sites.

I just updated one to UpdraftPlus version 2.16.6.24, cleared the Wordfence warning and then ran a full scan. The warning re-generated.

Good suggestion! I just posted it to GitHub.
Thanks Neil!

@yehudah
First, thank you for your hard work on this. I join the others in thanking you for your efforts.
Using the approach you indicated to deactivate the plugin, overwrite the files and then reactivate it, I installed the plugin code you provide at GitHub. While the new code is working and emails are being sent, I have found one apparent issue.
For the code to work on the host I use for several clients that blocks SMTP access to send through Google’s servers, the only option that works is the Gmail API option. While I can manually add the values needed on the Account tab to select this, the Wizard won’t select this option. When I run the Wizard, it counts down through all of the connectivity test options, but doesn’t show Gmail API or any other option as selected after it completed the Connectivity test. Nothing appears below “Your connection settings depend …” If I then click on the Next button, the Connectivity Test flag turns red. The wizard won’t go any further.
If I overwrite your revised code with the code for the original plugin, the Connectivity test completes and indicates Gmail API is the recommended solution. I can then complete the next steps in the wizard.
Please let me know if you have any questions or if you need any more information from me.
Once again, thank you for your work on this!
Scott

Daniel,

Permission given! In fact, please contact me before you do so as I would like to add a bit to the feedback. I noticed and appreciate that you offer extensions to the plugin that you, quite justifiably, charge for. Your business approach to the plugin is “spot on” in my opinion.