vickynitro

Forum Replies Created

Viewing 1 replies (of 1 total)
  • Forum: Plugins
    In reply to: [NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization] Wordfence throws Critical Error with NitroPack
    vickynitro

    (@vickynitro)

    8 months, 4 weeks ago

    Hello Dennis,

    Thank you for your message and for sharing the scan results. I completely understand how unsettling it is to see critical security errors and a drop in performance. Let me clarify what is happening and what to do next.

    You are using NitroPack through WP Engine’s PageSpeed Boost integration. Because this is a modified, paid version of NitroPack, all support is handled directly by WP Engine and not on the WordPress Support Forums. That said, I’d like to give you some clarity so you know exactly what to ask them about.

    On the WordFence alerts: NitroPack is fully compatible with WordFence. The flagged files you see are not in the NitroPack plugin itself, there are no suspicious files inside wp-content/plugins/nitropack.

    Instead, WordFence is flagging files in the cache (temporary copies of your site’s pages). If those cache files are marked as unsafe, it usually means the original site content already contains suspicious code and the cache generated by NitroPack is just storing a copy of it.

    To check this, I ran an external scan:

    • On ihrimedia.com malware was detected: https://sitecheck.sucuri.net/results/https/www.ihrimedia.com
    • On ihrim.org nothing was flagged. It is important to note that the free Sucuri scanner only reviews what is publicly visible when the site is loaded in a browser. WordFence, on the other hand, runs inside your site and can scan much deeper including files and database. That is why WordFence may catch issues that Sucuri does not. Think of Sucuri as checking the “front window” of your site while WordFence walks through all the rooms.

    The best next step is to open a ticket with WP Engine support so they can run a full malware scan and guide you on next steps. After the website is cleaned, purging your NitroPack cache will remove the flagged copies.

    Regarding the performance drop from “good” to “poor” this can also be linked to site-level issues (like malware, plugins, etc.). WP Engine’s team can help you with investigating this in-depth.

    You can reach out to their team directly here: https://my.wpengine.com/support#general-issue.

    To summarize: NitroPack itself is not the source of the problem. With WP Engine’s help, you will get a clear picture of both the security alerts and the slowdown and they can guide you through next steps.

    Best,
    Vicky, Product Manager @ NitroPack

Viewing 1 replies (of 1 total)