Defender has found an issue..


Defender says this site has a suspicious file. When checking it it looks like it is a wpmudev related file.
Can someone help me what to do in this case?


Access granted

  • Adam Czajczyk

    Hello mpress,

    I hope you're well today and thank you for your question!

    I accessed your site and check Defender log and I can see two files reported there:

    1. "error.log"

    This one is reported as "unknown" but you may safely either remove that file or just mark it in Defender to be ignored. It's a log file that's created automatically by Apache web-server software on your server. Hummingbird doesn't find anything "suspicious" in it but it let's you know about it as it's not a part of WordPress core and it doesn't come from any plugin.

    2. "plugins/mainwp-child/class/class-tar-archiver.php"

    That is the one that is reported as suspicious and it comes from the MainWP Child plugin which is installed on your site. Judging by the name of the file, it includes some compression/archiving code and that may be considered by security algorithms as potentially malicious.

    The way to handle it would be to download the fresh copy of "MainWP Child theme" and then compare that file from that copy with the one on the server. If the one on the server is exactly the same as the one from the fresh copy (though make sure that it's the same version of the plugin!) - I think you may then safely ignore that file. If however files are different, then we'd need to further examine both of them to check whether the one on the server is indeed malicious or if it's secure.

    Best regards,

  • Adam Czajczyk

    Hello mpress!

    1 - If it is a automatic file from Apache I will choose to ignore this file, otherwise it could be generated again, right?

    Yes, it is a file created by Apache web-server. It may be created by a number of different reasons so even though its name suggests that it contains errors, it may actually include only some warnings or notices. That depends on Apache settings so whether other aspects of the site should be investigated or not is a different story :slight_smile: I would ignore that file either as eventually it will get re-generated at some point by Apache.

    2 - I remember that this warning was gave just after having a fresh install from this plugin. So, I will check it just to be sure, but I donot think it is an issue.

    If I was about to guess, I would say that most likely it is actually a "false alarm" or rather a kind of "over-zeal" of Defender. But it's always better to double-check and than ignore the file with a piece of mind rather than just ignore and then be unpleasantly surprised :slight_smile:

    Best regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.