14 {{ upvoteCount | shortNum }}
14 {{ upvoteCount | shortNum }}

wordpress, woocommerce, security question?

by remdistributors
12 replies
  • WEB DESIGN
    • |
I keep getting emails from wordfence saying wordpress files have been changed? Is this normal? I have no idea what the files are im looking at in the explanation. Im not an I T guy. Website has only been live for like a week. I do have some basic plugins. Is this something I should be worried about or is it normal? I also have 1 ip adress that visits my site a couple times a day and only looks at 1 page then bounces, comes back, 1 page bounce and so on. Its been 3 days in a row.
Thanks
Chris
#question #security #woocommerce #wordpress
  • Profile picture of the author Istvan Horvath
    And what did your host say when you asked them about the security/logs of your site?
    Signature

    {{ DiscussionBoard.errors[8897363].message }}
  • Profile picture of the author remdistributors
    Didnt ask them? Guess i should?
    thanks
    chris
    {{ DiscussionBoard.errors[8897374].message }}
  • Profile picture of the author nettiapina
    Well, did you change anything on the site? Or do you have a caching plugin? In those cases it's normal for some files to change, but you should really read what it says on the list in the mail.
    Signature
    Links in signature will not help your SEO. Not on this site, and not on any other forum.
    Who told me this? An ex Google web spam engineer.

    What's your excuse?
    {{ DiscussionBoard.errors[8897641].message }}
    • Profile picture of the author pnehal
      could be just a random bot? -- if it's a direct attack -- why would you be attacked?
      {{ DiscussionBoard.errors[8897713].message }}
  • Profile picture of the author remdistributors
    I do have a cache plugin, And i did contact bluehost. They said not to be worried. There really isnt any real reason anyone would want to hack it. I have 3rd party shopping cart. Im a complete newbie and was just being cautious.
    Thanks for the replies
    Chris
    {{ DiscussionBoard.errors[8898135].message }}
  • Profile picture of the author RobinInTexas
    You SHOULD IGNORE the idiot at blueghost who doesn't know squat about hackers. Hackers can insert code into your site and turn it into a spambot.

    Wordfence, together with the way the WordPress depository and theme authors manage files ends up with the changed file alert wrong initially.

    The way I handle it is to go to the scan report screen and tell Wordfence to "Restore the original version of this file."

    That way Wordfence is happy, and then if there are changes later, you should investigate.
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[8898289].message }}
    • Profile picture of the author remdistributors
      Originally Posted by RobinInTexas View Post

      You SHOULD IGNORE the idiot at blueghost who doesn't know squat about hackers. Hackers can insert code into your site and turn it into a spambot.

      Wordfence, together with the way the WordPress depository and theme authors manage files ends up with the changed file alert wrong initially.

      The way I handle it is to go to the scan report screen and tell Wordfence to "Restore the original version of this file."

      That way Wordfence is happy, and then if there are changes later, you should investigate.
      Thanks, Good Advice
      Chris
      {{ DiscussionBoard.errors[8898524].message }}
    • Profile picture of the author nettiapina
      Originally Posted by RobinInTexas View Post

      The way I handle it is to go to the scan report screen and tell Wordfence to "Restore the original version of this file."

      That way Wordfence is happy, and then if there are changes later, you should investigate.
      Wordfence isn't exactly 100% accurate, and sometimes the complaints are for language versions it doesn't understand. That's been getting steadily better, but it's still doing it. "Ignore until file changes" would be better if you know it's the original file.

      You should try to understand what Wordfence or any other security plugin is trying to tell you. Is it complaining about cache files changing? Is someone trying to break in? Do you have an old version that you need to update? Almost never are these things are critical no matter what it says on the mail, but you should keep an eye of them anyways.

      If possible, try to configure the security plugin to not complain about changed cache. You might get tired watching the same bogus report over and over again.

      Originally Posted by remdistributors View Post

      Can they hack through the pics, ie when you hit a pic, you have the option to inspect elements, which i think is all pics on internet. Like i said im a total newb
      thanks
      chris
      I'm not sure what you're trying to say here. Can the users upload something to your site?
      Signature
      Links in signature will not help your SEO. Not on this site, and not on any other forum.
      Who told me this? An ex Google web spam engineer.

      What's your excuse?
      {{ DiscussionBoard.errors[8900309].message }}
  • Profile picture of the author remdistributors
    Can they hack through the pics, ie when you hit a pic, you have the option to inspect elements, which i think is all pics on internet. Like i said im a total newb
    thanks
    chris
    {{ DiscussionBoard.errors[8898573].message }}
  • Profile picture of the author Ron Killian
    Probably just that Wordpress or a plug-in is on auto-update, and it updated.

    I noticed the other day one of my blogs automatically updated Wordpress. Don't remember setting it for that.
    Signature
    PLR Affiliate Program Has Launched! Easily Promote Over 5,000 PLR and MRR Products.

    Largest Selection of PLR Articles on the Planet! PLR Ebooks, PLR Video, PLR Websites and more with Private Label Rights
    {{ DiscussionBoard.errors[8905750].message }}
    • Profile picture of the author RobinInTexas
      Originally Posted by Ron Killian View Post

      Probably just that Wordpress or a plug-in is on auto-update, and it updated.

      I noticed the other day one of my blogs automatically updated Wordpress. Don't remember setting it for that.
      The default in WordPress 3.8 is set to automatically update WP minor releases, major updates such as 3.8.x to 3.9 are manual, to give you a chance to make sure any plugin incompatibilities don't arise and break a site.
      Signature

      Robin



      ...Even if you're on the right track, you'll get run over if you just set there.
      {{ DiscussionBoard.errors[8906010].message }}
  • Profile picture of the author Shopitpress
    nothing to worry about mate. that IP is probably some search engine bot.

    and files what was changed is image cache files or other cache files. or software what does checks for you have bugs. what version of wordpress you are using? if it's 3.8 wordpress got auto updates in place.

    if you want to be 100% sure what's going on. Keep a back up of your site files locally. And after you getting that file change notification. Just download all files and compare them with your old back up. Can use a tool like winmerge for that.

    Take care
    {{ DiscussionBoard.errors[8905827].message }}

Trending Topics