Hi @vaniivan, thanks for getting in touch.
Many plugins use the default WordPress posts and comments database tables to store data, so if you have an online store or forum (as two common examples) they will increase your count in these areas. With URLs specifically, that number is typically much higher than you may expect due to Wordfence scanning URLs in every plugin and file we see, not just in the site’s visible content itself.
I hope that helps you out!
Peter.
Thanks for responding!
However this is a less than 10 page site, couple of images here and there. Also the status says URLs checked, not files scanned. Maybe I’m missing the connection between plugin files and URLs, but aren’t most of plugin files just php files with disabled direct execution? There also isn’t that many plugins active on this site.
I should also add that Norton/Symantec deems this site not safe for browsing.
-
This reply was modified 4 years ago by
vaniivan.
Hi @vaniivan,
URLs could be any reference to paths within your site’s code, which could be very many even with a small amount of plugins because they can still be large in size or have a large amount of PHP, Javascript and HTML containing URLs behind the scenes.
I don’t suspect unusual activity in cases such as this due to your scan not reportedly flagging malicious code, but after running a successful scan on the Wordfence > Scan page, you could click the “EMAIL ACTIVITY LOG” link and send it to wftest @ wordfence . com
You could also send a diagnostic report to the same email address as above. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email
Thanks again,
Peter.
