Ananda Krishna

Hello! You would have to keep the plugin activated for all the Security Fixers to work.

Hi Gary,

Yes, the current version of the plugin places an index.php file inside the wp-includes folder to prevent directory listing.

We’re in the process of re-implementing this feature such that directory listing is fixed by adding Options -Indexes to the .htaccess file, rather than creating multiple index.php files.

Can you try to run the WordFence scans, after disabling the ‘Disable WP API JSON’ security fixer within the WP Hardening settings?

Thanks,
Ananda

Hey @rohitgour! The code snippet you’ve shared isn’t malicious and gets added to the page source by WordPress itself since the wp_enqueue_media(); function is used in the plugin.

Can you please share a like to the security tool that is flagging this code as malware?

Hey @beamkiller! Yes, it’s possible to change the admin login url. You’ll have to first disable the “Change Login URL” fixer, then enter the new login url slug, and re-enable the fixer. In an upcoming release, we’ll add a tooltip to make this more intuitive. If you still need help with this, do let us know ??