Posted: December 1, 2016 at 11:46 am
Please read the below email from our website security service company and the malware warning from wordfence. Please advise if you agree with our website security service company or if this does infact pose a threat. *********wordfence warning**************** Wordfence found the following new issues on “Acute”. Alert generated at Wednesday 30th of November 2016 at 04:00:55 PM Critical Problems: * This file is suspected malware: wp-content/plugins/event-espresso-core-reg/core/libraries/messages/defaults/default/email_payment_cancelled_to_admin.template.php * This file is suspected malware: wp-content/plugins/event-espresso-core-reg/core/libraries/messages/defaults/default/email_payment_declined_to_admin.template.php * This file is suspected malware: wp-content/plugins/event-espresso-core-reg/core/libraries/messages/defaults/default/email_payment_failed_to_admin.template.php NOTE: You are using the free version of Wordfence. Upgrade today: Receive real-time Firewall and Scan engine rule updates for protection as threats emerge *****web security company response********** Thank you for passing this alert on, since you are the Wordfence contact and we do not receive these messages. We looked into this yesterday and it is most likely a false positive from Wordfence, as our security scans did not pick up malware. However, if you are the owner of the Event Espresso licence, then I would suggest putting in a support ticket to see what the developers have to say. You could also download a clean copy of the plugin and compare the mentioned files between the clean and installed copy to check for any code injections (or just install a fresh copy onto the site, if you are concerned). Let us know how it goes, and continue forwarding on any additional alerts like this so that we are aware. Many thanks! |
|
Hi Chris, The 3 files mentioned above should basically be empty template files (they may have a PHP comment within them but other than that nothing else), they are used to tell EE that those sections of messages should be empty. If you download those 3 files from the site, do they have any content? |
|
Hi Chris, You should probably take the time tocheck your copies of email_payment_cancelled_to_admin.template.php to ensure that they match what ships with Event Espresso core. That’s what the email from the security company said to do:
If you take the time and actually look at the files in question as shipped with Event Espresso, you’ll see that they are virtually empty files. So if your copies have actual PHP code, then that’s a good indication that your server has been compromised. |
|
The support post ‘Cray Cray email from Wordfence Please advise’ is closed to new replies.
Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.