This documentation is only valid for older versions of Wordfence. If you are using Wordfence 7 or later, please visit our new documentation.

Difference between revisions of "Understanding scan results"

From Wordfence Documentation
Jump to: navigation, search
Line 23: Line 23:
 
The scan result also shows if this plugin has a known security issue that has not been fixed. If that is the case, it is recommended that you remove the plugin as soon as possible, and replace it with a different plugin if you need the same functionality.
 
The scan result also shows if this plugin has a known security issue that has not been fixed. If that is the case, it is recommended that you remove the plugin as soon as possible, and replace it with a different plugin if you need the same functionality.
  
'''Example scan result:'''
+
'''Example scan results:'''
: The Plugin "Plugin Name" appears to be abandoned.
+
: The Plugin "Plugin Name" appears to be abandoned (updated April 20, 2015, tested to WP 4.1.18).
: Plugin has unpatched security issues.
+
: It was last updated 2 years 2 months ago and tested up to WordPress 4.1.18. It may have compatibility problems with the current version of WordPress or unknown security issues.
: It was last updated 2 years 11 months ago. It has unpatched security issues and may have compatibility problems with the current version of WordPress
+
  
  

Revision as of 13:49, 17 July 2017

Scan results can require some interpretation, and you might take different actions depending on how you run your WordPress site. Below are details of of some of the scan results.

File appears to be malicious

Wordfence detects known malicious files and files that have suspicious code. In most cases, you will want to repair or remove the file, but you should investigate the contents first.

Example scan result:

File appears to be malicious: wp-content/uploads/footer.php
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: "(example)". The infection type is: Example Infection.


Resolution: If you don't know what the file is, we recommend making a backup before you remove it, in case it was a false positive. Some plugins could create files containing code that is similar to malicious files but is not actually malicious, especially backup plugins that produce an installer that you could use to restore the backup.

We always recommend saving a backup copy of the file first, whether making a full backup of the site, or saving only the file and the location where it belongs, so you could replace it if necessary.


Plugin appears to be abandoned

This scan result was added in version 6.3.11.

This scan result means that a plugin has not been updated in 2 years or more. This can be a problem, since it means the plugin author has not made any changes for a long period of time. Sometimes that means it won't be fully compatible with newer WordPress versions, reported bugs may not be fixed, and new security issues might not be addressed.

The scan result also shows if this plugin has a known security issue that has not been fixed. If that is the case, it is recommended that you remove the plugin as soon as possible, and replace it with a different plugin if you need the same functionality.

Example scan results:

The Plugin "Plugin Name" appears to be abandoned (updated April 20, 2015, tested to WP 4.1.18).
It was last updated 2 years 2 months ago and tested up to WordPress 4.1.18. It may have compatibility problems with the current version of WordPress or unknown security issues.


Resolution: If you are certain that the plugin is still safe, and the scan result doesn't show unpatched security issues, you can continue to use it, but we recommend that you consider replacing it with a plugin that is currently maintained in most cases. But some small plugins may remain safe and may not need any compatibility changes for new WordPress versions.


Plugin has been removed from wordpress.org

This scan result was added in version 6.3.11.

This is similar to abandoned plugins described above, but in this case, the plugin is no longer available to install from wordpress.org, and it will likely never release updates again.

Plugins can be removed from wordpress.org for a variety of reasons, including the author intentionally stopping development, converting it to a "paid only" plugin, or various other reasons that the wordpress.org staff might remove the plugin.

Example scan result:

The Plugin "Plugin Name" has been removed from wordpress.org.
It may have compatibility problems with the current version of WordPress or unknown security issues.


Resolution: In most cases, we recommend removing the plugin and finding a similar plugin that is currently maintained. Some hosts pre-install plugins on all new WordPress sites, so if you have a plugin installed that you have never used, and it is no longer available on wordpress.org, it is best to remove it.

There may also be rare cases where a plugin you have from another source shares a name with a wordpress.org plugin, so if you know that is the case, it would not be necessary to remove it.

Note: The author of the plugin "Contact Form 7 to Database Extension" has moved it to a separate site. Updates are available at https://cfdbplugin.com/


Unknown file in WordPress core

This scan checks your WordPress core files and notifies you about files that do not match the current version of WordPress that you have installed.

Example scan result:

Unknown file in WordPress core: wp-includes/js/info.php
This file is in a WordPress core location but is not distributed with this version of WordPress. This is usually due to it being left over from a previous WordPress update, but it may also have been added by another plugin or a malicious file added by an attacker.


Resolution: If you already know about the listed file, you can click the link to ignore the file until it changes. If you don't know what the file is, it may require some investigation, to find out if your host has placed it there, or if it may have been created by your FTP application or OS, or if it is malicious.

Some "Managed WordPress" hosting plans do not allow you to change core files, and on some hosts, if a new version of WordPress no longer includes a particular file, it may be left in your site's files after they update WordPress. In this case, it is generally safe to ignore the file, or you can contact the host if you believe it should be removed.

In a few cases, we have seen that a host's support staff or a host's control panel may place "php.ini" files in every subdirectory of WordPress's core files, most likely to change PHP settings throughout the site.

  • If that occurs, we recommend checking the contents of some of these files to make sure they are safe. We can help if you're not sure whether the files are safe or not.
  • Assuming that they are safe, they your host may have a better way to set the same PHP settings without adding additional files -- usually through the PHPRC environment variable or by using .user.ini, depending on the server configuration.
  • Alternately, if you are sure they are safe, you can use the "ignore all new issues" link at the top of the scan results list to ignore all of these files. You may need to resolve other scan results that you do not want to ignore, first.