Wordfence alert on changed files

  • Resolved syzygist

    (@syzygist)


    5 months ago

    Users of the Wordfence security plugin (5+ million) who also have your plugin installed got this notice today:

    Medium Severity Problems:

    * Modified plugin file: wp-content/plugins/advanced-custom-fields/acf.php

    * Modified plugin file: wp-content/plugins/advanced-custom-fields/includes/class-acf-site-health.php

    * Modified plugin file: wp-content/plugins/advanced-custom-fields/includes/upgrades.php

    This is a notification that the version of the file in the user’s installation differs from the version in the repo, and is meant to alert users to hacked files. Wordfence provides a tool to compare the changed file, and also to update it to match the file in the repo, but for users without advanced coding skills, there is no way to assess whether the plugin author has not followed proper procedure in making an update to the plugin, or the file on their site has actually been hacked.

    If you change a file, please release it in a new version of the plugin. That is what you are supposed to do. You are making a LOT of extra work for a LOT of people who maintain sites.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor Liam Gladdy

    (@lgladdy)

    5 months ago

    Hey there,

    We have released a new version of ACF. Is not possible for us to modify files outside of a release, so if you’re receiving this notification you do likely have local modifications. We’d recommend reinstalling ACF to ensure you’re on a genuine copy of all the files.

    Plugin Contributor Liam Gladdy

    (@lgladdy)

    5 months ago

    Hey again @syzygist,

    It does look like WordFence is warning you that you’re on the Direct install of ACF which has different files than the WordPress.org version, as it’s able to contain it’s own updater.

    We’ll look to fix this in our next release, or work with Wordfence to stop the warnings sooner if we’re able.

    Thanks,
    Liam

    Thread Starter syzygist

    (@syzygist)

    5 months ago

    The affected site is hosted at WP Engine, so I understand the version of the plugin provided there may not match the forked repo version. However, in the wake of the injunction decision reopening the repo to WPE and halting the ACF fork, I thought the two versions would’ve been re-merged into one again by now.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.