Hello there @ajtruckle
We just flag all files found on the root that are not coming from WP core as found when initially downloaded, so we are on the safe side of things.
Warm regards,
Dimitris
Thread Starter
Chuckie
(@ajtruckle)
Hi
IMHO I feel your plugin should add some intelligence for things like favicon. They may be outside of WordPress but they are part of a standard. One does not expect a vulnerability checker to flag files that are freely documented as required for standards compliance.
Up to you of course!
In the end I stopped using the plugin. It is nicely laid out but I already have other plugins that perform some of the actions (like Redirection handling 404 logs). I did start to try the 2FA but the plugin told me to switch off “Theme My Login”. I have spent too much time fine tuning my styles and adding custom php hooks for TML to remove it.
Anyway, thanks for making the plugin available to the community!
Hello @ajtruckle
I trust you’re doing well!
An .ico file can be malware in disguise. It can have a malicious code inside and having an .ico extension. Agree that it is very common to have a favicon.ico file. However, there could be other .ico files with random names that could be causing a threat to a site’s security. These files usually contain PHP code, and if these files run as PHP code, they can do all kinds of harm.
A harmful file like this, can be also named a favicon.ico. For that reason, we can’t exclude favicon files.
If you know that an .ico file is not harmful, you may ignore it from Malware Scanning, and it will not going to be shown again.
Hope this helps!
Kind regards,
Nastia
Hi @ajtruckle,
Since we haven’t heard from you in a while, I’ll mark this thread as resolved. Feel free to re-open this thread or let us know if you have any further queries.
Best Regards
Nithin
