Wordfence reporting possible malware

UpdraftPlus Home Forums Paid support forum – UpdraftPlus backup plugin Wordfence reporting possible malware

Tagged: ,

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #369321
    Wendy
    Participant

    I just got a warning from Wordfence that 2 files in my client’s UpdraftPlus folders contain suspected malware. Here are the warnings:

    Critical Problems:
    * File contains suspected malware URL: wp-content/plugins/updraftplus/addons/googlecloud.php
    * File contains suspected malware URL: wp-content/plugins/updraftplus/methods/s3.php

    I have this client’s site set to use SFTP/SCP for weekly backups, which deposits the files in an external folder (outside the WordPress folders, but in the same webspace on the server), and have not had any problems with it for the couple of years or so that I’ve been doing it this way. I am not using Google Cloud/Drive for backups (and never did). I’m not sure what s3.php does.

    I’m wondering if this is another false positive by Wordfence? Let me know if you need any further information to diagnose the problem.

    Many thanks in advance.

    #369326
    Wendy
    Participant

    I’ll add more about the details provided by Wordfence about these files:

    Filename: wp-content/plugins/updraftplus/addons/googlecloud.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Bad URL: https://drive.google.com/
    Details: This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://drive.google.com/

    Filename: wp-content/plugins/updraftplus/methods/s3.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Bad URL: https://awsmedia.s3.amazonaws.com/AWS_logo_poweredby_black_127px.png
    Details: This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://awsmedia.s3.amazonaws.com/AWS_logo_poweredby_black_127px.png

    #369475
    Baaden
    Participant

    Same here. Some news about that?

    #369956
    micjunk
    Participant

    I am also having this issue:

    Filename: wp-content/plugins/updraftplus/addons/googlecloud.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Bad URL: https://drive.google.com/

    Details: This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://drive.google.com/

    ——
    Filename: wp-content/plugins/updraftplus/methods/dropbox.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Bad URL: https://www.dropbox.com/developers/apply

    Details: This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://www.dropbox.com/developers/apply

    ————

    Filename: wp-content/plugins/updraftplus/methods/s3.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Bad URL: https://awsmedia.s3.amazonaws.com/AWS_logo_poweredby_black_127px.png

    Details: This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://awsmedia.s3.amazonaws.com/AWS_logo_poweredby_black_127px.png

    #370087
    hmane
    Moderator

    Hi Mike,

    Sorry for the delay!

    There are multiple False positive alarms reported by Wordfence plugin, But we can ensure the files are safe and good to be there.

    Please check this article for more information:​​​
    https://updraftplus.com/another-wordfence-false-positive/​​​​

    Thanks,
    Harshad​​​

    #370583
    Wendy
    Participant

    Thanks for the assurance. There is nothing at the link you gave.

    Is UpdraftPlus working with Wordfence to work this out? (Edited: not still getting the message.) It’s getting a little frustrating — how do we know when to take the message seriously? It takes a few days for you folks to get back to us in the forum, so it’s hard to know what to do.

    Could you please give us an update about this problem and any progress you’re making with Wordfence to avoid more of these false positives?

    Thanks for your help.

Viewing 6 posts - 1 through 6 (of 6 total)
  • The topic ‘Wordfence reporting possible malware’ is closed to new replies.