Defender for novices?

Some of our graphic designer's and also our clients that are not developers for designers are having a hard time understanding when action should be taken when we get warnings from defender like this from defender plugin:

May I ask another defender question in the string or should I open a new one?

My question is for non-developers or non-engineers, how are people supposed to react responsibly two reports we get from defender like this without doing more damage than just leaving them. Basically a non-technical person would not have any clue on what these files do or do not do or if they're appropriate to have:

Hi

WP Defender here, reporting back from the front.

I've finished scanning http:// for vulnerabilities and I found 10 issues that you should take a closer look at!

File Issue
upload.php
/wp-admin/uploader/upload.php Unknown file in WordPress core
functions.php
/wp-includes/functions.php This WordPress core file appears modified
functions.php.orig
/wp-includes/functions.php.orig Unknown file in WordPress core
load.php
/wp-includes/load.php This WordPress core file appears modified
pclzip.lib.php
/wp-admin/uploader/pclzip.lib.php Unknown file in WordPress core
theme-uploader.php
/wp-admin/theme-uploader.php Unknown file in WordPress core
upgrade.php
/wp-admin/includes/upgrade.php This WordPress core file appears modified
upgrade.php.orig
/wp-admin/includes/upgrade.php.orig Unknown file in WordPress core
plugin-uploader.php
/wp-admin/plugin-uploader.php Unknown file in WordPress core
wordfence-waf.php
/wordfence-waf.php Unknown file in WordPress core

We don't necessarily want to take action because we don't know what the negative repercussions would be. How do we educate ourselves and our clients to be more aware of what is dangerous and should be eliminated and what is a false positive in your scan?

  • Luís

    Hi MSAMike ,

    Hope you're doing well today!

    Regarding to the scan, let me clarify some information from Defender:

    1) To some files, Defender is mentioning "Unknown file in WordPress core", this means that file is not supposed to be there, is not a core file and may was placed by a plugin or a theme.

    So, as the file don't belongs to the WordPress core, Defender gives an alert. It can be considered a false positive or not, i.e:

    If you know why the files are there and which feature (plugin, theme, etc) place them and if are trustable, you can ignore. Otherwise we will need to investigate them.

    The best option maybe is make a backup of your entire site and try remove that files, or duplicate your site to staging server and try investigate the origin of them.

    2) For the reports "This WordPress core file appears modified", Defender compares the current files with the original core files, and if they are differents, it give an alert.

    Looking for the file names, as an example, "upgrade.php.orig", it immediately confirms that was modified, the original file name should be "upgrade.php".

    Is this situations its recommended to restore the file by clicking on resolve icon and then restore the file, unless you know why and who modified it.

    However, are you using Plesk? In my research I found some feedback pointing to files created by Plesk.

    May I ask another defender question in the string or should I open a new one?

    I would like to suggest to open a separate topic, it allows us to focus in each issue and to cross information.

    Cheers, Luís

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.