- This topic has 9 replies, 3 voices, and was last updated 3 years, 5 months ago by
.
-
Posts
-
Good afternoon,
I’m getting some malicious code reports via Wordfence in my child theme on my live and local servers. I recently duplicated the site from my local server and pushed it to live. I’m trying to understand two things:
- If the code is indeed malicious
- How the bad files might have gotten there
I’d like you to review the files to make sure Wordfence is not giving me a false report. Eg. I see .bt and .DS files included. I know .DS are ok, and it appears (after researching) that .bt files “might” be ok. But the others…
I’ve created a temporary admin user so you can go in to review the report (see below)
thanks
Customer Support
Hi Daniel,
There shouldn’t be anything Malicious code-wise in GeneratePress or any of our plugins. We make sure that our code is written in line with WordPress’ codex.
Checking the malicious code notified by Wordfence would be out of our scope of support.
There are multiple ways for malwares or other stuff to enter into your site. The most common reason us if you installed a plugin from an unverified source.
It would be best to reach out to Wordfence for more information with regards to the Malicious code. I found this article from Wordfence which might be helpful: https://www.wordfence.com/learn/remove-suspicious-code-wordpress/
Thanks, Fernando. I know malicious code wouldn’t be in anything that GP released. My question was more whether or not the files that were there (that WF identified as critical) were actually supposed to be there. I imagine that if I reach out to WF, they may say that, ultimately, I would need to check with you guys. So…vicious circle. Do you mind just looking at the names of the files that were identified and verifying whether or not you recognize any of them? I’d appreciate it. It should take you 5 minutes once you’re in.
Thanks again.
I see. What’s the specific malicious code notice?
Can you share the login link as well?
Sorry, sure. See below.
Customer Support
Hi Daniel,
Unfortunatley this isn’t something we can help with as it’s just doesn’t sound like it’s related to the GP at all.
Please refer to our support scope here:
https://generatepress.com/what-support-includes/I imagine that if I reach out to WF, they may say that, ultimately, I would need to check with you guys.
I would say that checking with WF first is your best bet. If they somehow pointed out that the theme files (not child theme) are causing the issue, then we can address it.
Alternatively, you can try posting the malicious code/file in a WP general forum like this and see if anyone has encoutnered similar issue:
https://wordpress.stackexchange.com/Thanks for your understanding.
Ok, thanks for your response. I am going through each file identified by WF and removing or fixing code in my local server, emptying my cache and refreshing my browser on the front end. Gradually eliminating files that are suspicious. There were a couple of plugins that WP repository no longer supports, so those were definitely possible portal and I deleted them. Also, saw a chunk of code ingested into my functions.php file so removed that. After rescanning it’s looking clean except for some .bt files that are being created. Should those concern me?
I’m not familiar with
.btfiles but I don’t think you can judge whether a file should be a concern or not by looking at its name or file type.Unfortunately I’m not able to offer more comments on this.
Thanks for your understanding.
Thanks for your help. I posted the question on stackexchange.
No problem 🙂
- You must be logged in to reply to this topic.
