Wordfence reporting possible malware

[WendyParticipant]

I just got a warning from Wordfence that 2 files in my client’s UpdraftPlus folders contain suspected malware. Here are the warnings:

Critical Problems:
* File contains suspected malware URL: wp-content/plugins/updraftplus/addons/googlecloud.php
* File contains suspected malware URL: wp-content/plugins/updraftplus/methods/s3.php

I have this client’s site set to use SFTP/SCP for weekly backups, which deposits the files in an external folder (outside the WordPress folders, but in the same webspace on the server), and have not had any problems with it for the couple of years or so that I’ve been doing it this way. I am not using Google Cloud/Drive for backups (and never did). I’m not sure what s3.php does.

I’m wondering if this is another false positive by Wordfence? Let me know if you need any further information to diagnose the problem.

Many thanks in advance.

[WendyParticipant]

I’ll add more about the details provided by Wordfence about these files:

Filename: wp-content/plugins/updraftplus/addons/googlecloud.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Bad URL: https://drive.google.com/
Details: This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://drive.google.com/

Filename: wp-content/plugins/updraftplus/methods/s3.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Bad URL: https://awsmedia.s3.amazonaws.com/AWS_logo_poweredby_black_127px.png
Details: This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://awsmedia.s3.amazonaws.com/AWS_logo_poweredby_black_127px.png

[BaadenParticipant]

Same here. Some news about that?

[micjunkParticipant]

I am also having this issue:

Filename: wp-content/plugins/updraftplus/addons/googlecloud.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Bad URL: https://drive.google.com/

Details: This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://drive.google.com/

——
Filename: wp-content/plugins/updraftplus/methods/dropbox.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Bad URL: https://www.dropbox.com/developers/apply

Details: This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://www.dropbox.com/developers/apply

————

Filename: wp-content/plugins/updraftplus/methods/s3.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Bad URL: https://awsmedia.s3.amazonaws.com/AWS_logo_poweredby_black_127px.png

Details: This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://awsmedia.s3.amazonaws.com/AWS_logo_poweredby_black_127px.png

[hmaneModerator]

Hi Mike,

Sorry for the delay!

There are multiple False positive alarms reported by Wordfence plugin, But we can ensure the files are safe and good to be there.

Please check this article for more information:​​​
https://updraftplus.com/another-wordfence-false-positive/​​​​

Thanks,
Harshad​​​

[WendyParticipant]

Thanks for the assurance. There is nothing at the link you gave.

Is UpdraftPlus working with Wordfence to work this out? (Edited: not still getting the message.) It’s getting a little frustrating — how do we know when to take the message seriously? It takes a few days for you folks to get back to us in the forum, so it’s hard to know what to do.

Could you please give us an update about this problem and any progress you’re making with Wordfence to avoid more of these false positives?

Thanks for your help.

[Author]

Posts