wp-config.php injection not caught

  • Resolved gazloc

    (@gazloc)


    1 month, 2 weeks ago

    My site has recently recovered from plugin “wp-logo-showcase-responsive-slider-slider”‘s backdoor link injection. While I am not happy about the vulnerability the plugin added to the site and how WordPress managed the removal, I am concerned there was no notification from Wordfence that the wp-config.php was modified, the link injection component. While the injection appended to a valid line, the length of the line and the file size jump should have been noticeable/alarming. Does or can Wordfence check and report for these modifications? Is there a “paranoid” option? I would rather be inundated with information than be ignorant at this point.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfphil

    (@wfphil)

    1 month, 2 weeks ago

    Hi @gazloc

    The scanner doesn’t notify of modifications to the wp-config.php file as it is meant to be modified under normal WordPress operation scenarios, such as enabling caching on your site for example.

    However, the scanner does scan the wp-config.php file for malicious code.

    If the scanner doesn’t detect the malicious code then you can send it to [email protected]

    Please follow our site cleaning guide below:

    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Thread Starter gazloc

    (@gazloc)

    1 month, 1 week ago

    Hi @wfphil,

    Thank you for the confirmation wp-config.php should be scanned and where to report. I will dig through backups to get the infected wp-config.php and send to [email protected]. I assume there isn’t an active watch for file change then and might have been caught on the next automatic scan, depending on when the infection happened.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.