Defender not auto scanning each day

I have system cron jobs running for all sites in the network but defender never seems to run an auto scan. It has always been set to run auto scans.

I just updated a few moments ago to the lastest version will this fix the auto scan problem I am having?

  • Lee

    For the 1st time Defender ran as scheduled. It was scheduled for 2:30am and ran at 2:40am. It reported some files "Unknown file in WordPress core"

    This multisite is blocked allowing only my IP to access the site. I assume that the "Unknown file in WordPress core" are from plugins. Do you have a list of wpmudev plugin added files that defender will report as a problem or "Unknown file in WordPress core" ?

    I have loaded wpmudev and wordpress.org plugins. Do you have general guidance on how to determine if the "Unknown file in WordPress core" are ok to keep ?

    thank you

  • Predrag Dubajic

    Hi wpmudevorg24,

    Glad to hear scan run normally now :slight_smile:

    Could you give me some more info about those Unknown files, plugins shouldn't be reported like this as this usually reported unknown files from WP root folder, wp-admin and wp-includes folder.

    wp-content contains your themes, plugins and media files so it would pretty much be useless reporting files from there :slight_smile:

    Does it say what are those unknown files and where are they located?

    Best regards,
    Predrag

  • Lee

    SUSPICIOUS FILE TYPE ISSUE
    upload.php
    /wp-admin/uploader/upload.php
    WORDPRESS CORE Unknown file in WordPress core

    functions.php.orig
    /wp-includes/functions.php.orig
    WORDPRESS CORE Unknown file in WordPress core

    pclzip.lib.php
    /wp-admin/uploader/pclzip.lib.php
    WORDPRESS CORE Unknown file in WordPress core

    theme-uploader.php
    /wp-admin/theme-uploader.php
    WORDPRESS CORE Unknown file in WordPress core

    plugin-uploader.php
    /wp-admin/plugin-uploader.php
    WORDPRESS CORE Unknown file in WordPress core

    upgrade.php.orig
    /wp-admin/includes/upgrade.php.orig
    WORDPRESS CORE Unknown file in WordPress core

  • Lee

    Plugin Description
    AutoBlogNetwork Active "This plugin automatically posts content from RSS feeds to different blogs on your WordPress Multisite...
    Version 4.1 | By WPMU DEV | Visit plugin site"
    ClonerNetwork Active "Clone sites in a network installation
    Version 1.7.2 | By WPMU DEV | Visit plugin site"
    Comment IndexerNetwork Active "Indexes comments into a global table
    Version 1.0.9.1 | By Paul Menard (Incsub) | Visit plugin site"
    Domain MappingNetwork Active "The ultimate Multisite domain mapping plugin - sync cookies, sell domains with eNom, and integrate with Pro Sites.
    Version 4.4.2.3 | By WPMU DEV | Visit plugin site"
    Google Analytics +Network Active "Enables Google Analytics for your site with statistics inside WordPress admin panel. Single and multi site compatible!
    Version 3.1.5.1 | By WPMU DEV | Visit plugin site"
    Google MapsNetwork Active "Easily embed, customize, and use Google maps on your WordPress site - in posts, pages or as an easy to use widget, display local images and let your site visitors get directions in seconds.
    Version 2.9.0.8 | By WPMU DEV | Visit plugin site"
    Lock PostsNetwork Active "This plugin allows site admin to lock down posts on any blog so that regular ol' users just can't edit them - for example, with a school assignment - stop it from being edited after submission.
    Version 1.1.6 | By WPMU DEV | Visit plugin site"
    Log In MessageNetwork Active "Add custom log in messages
    Version 1.0.2 | By S H Mohanjith (Incsub)"
    ModerationNetwork Active "Moderate posts, comments and blogs across your WordPress Mu install
    Version 1.0.8.6 | By WPMU DEV | Visit plugin site"
    Multisite Content CopierNetwork Active "Copy any content from any site in your network to any other site or group of sites in the same network.
    Version 1.5.2 | By WPMU DEV | Visit plugin site"
    Multisite Theme ManagerNetwork Active "Take control of the theme admin page for your multisite network. Categorize your themes into groups, modify the name, description, and screenshot used for themes.
    Version 1.1.3 | By WPMU DEV | Visit plugin site"
    Post IndexerNetwork Active "Indexes all posts across your network and brings them into one spot – a very powerful tool that you use as a base to display posts in different ways or to manage your network.
    Version 3.0.6.1 | By WPMU DEV | Visit plugin site"
    ReportsNetwork Active "Displays post and comment activity per blog and per user
    Version 1.0.8 | By WPMU DEV | Visit plugin site"
    Simple Sitemaps For MultisiteNetwork Only "The ultimate search engine plugin - Simply have sitemaps created, submitted and updated for every blog on your site
    Version 1.1 | By Viper007Bond (Incsub) | Visit plugin site"
    Site CategoriesNetwork Active "Easily categorize sites on your multisite network with Site Categories!
    Version 1.0.9.1 | By WPMU DEV | Visit plugin site"
    SmartCrawlNetwork Active "Every SEO option that a site requires, in one easy bundle.
    Version 1.7.7 | By WPMU DEV | Visit plugin site"
    SnapshotNetwork Active "This plugin allows you to take quick on-demand backup snapshots of your working WordPress database. You can select from the default WordPress tables as well as custom plugin tables within the database structure. All snapshots are logged, and you can restore the snapshot as needed.
    Version 2.5.0.1 | By WPMU DEV | Visit plugin site"
    Support SystemNetwork Active "Set up an awesome support ticket system on any WordPress site, complete with FAQ.
    Version 2.1.9.1 | By WPMU DEV | Visit plugin site"
    Ultimate BrandingNetwork Active "A complete white-label and branding solution for multisite. Login images, favicons, remove WordPress links and branding, and much more.
    Version 1.8.2 | By WPMU DEV | Visit plugin site"
    Update ServicesNetwork Active "Multisite automatically removes the update services box from the settings
    Version 1.0.2.1 | By S H Mohanjith (Incsub), Andrew Billits (Incsub) | Visit plugin site"
    WP DefenderSettings | Network Active "Get regular security scans, vulnerability reports, safety recommendations and customized hardening for your site in just a few clicks. Defender is the analyst and enforcer who never sleeps.
    Version 1.0.7 | By WPMU DEV | Visit plugin site"
    WP HummingbirdNetwork Active | Settings "Hummingbird zips through your site finding new ways to make it load faster, from file compression and minification to browser caching – because when it comes to pagespeed, every millisecond counts.
    Version 1.2.1 | By WPMU DEV | Visit plugin site"
    WP Smush ProSettings | Network Active "Reduce image file sizes, improve performance and boost your SEO using the WPMU DEV WordPress Smush API.
    Version 2.2.2 | By WPMU DEV | Visit plugin site"
    WPMU DEV DashboardNetwork Active "Brings the powers of WPMU DEV directly to you. It will revolutionize how you use WordPress. Activate now!
    Version 4.0.9 | By WPMU DEV | Visit plugin site"

  • Lee

    New data

    Fresh install of wordpress 4.5.2, loaded wpmudev dashboard and defender. Scan shows these files
    8 ISSUES FOUND File Type
    All

    SUSPICIOUS FILE TYPE ISSUE
    upload.php
    /wp-admin/uploader/upload.php
    WORDPRESS CORE Unknown file in WordPress core

    functions.php
    /wp-includes/functions.php
    WORDPRESS CORE This WordPress core file appears modified

    functions.php.orig
    /wp-includes/functions.php.orig
    WORDPRESS CORE Unknown file in WordPress core

    pclzip.lib.php
    /wp-admin/uploader/pclzip.lib.php
    WORDPRESS CORE Unknown file in WordPress core

    theme-uploader.php
    /wp-admin/theme-uploader.php
    WORDPRESS CORE Unknown file in WordPress core

    upgrade.php
    /wp-admin/includes/upgrade.php
    WORDPRESS CORE This WordPress core file appears modified

    upgrade.php.orig
    /wp-admin/includes/upgrade.php.orig
    WORDPRESS CORE Unknown file in WordPress core

    plugin-uploader.php
    /wp-admin/plugin-uploader.php
    WORDPRESS CORE Unknown file in WordPress core

  • Adam Czajczyk

    Hello wpmudevorg24!

    I apologize for the delay here.

    I reviewed the list of this files and most part of them seem to be core WP files. Defender should report them only if they were changes and this would suggest that "something bad" had happened. I'm not sure though if there are any other reasons why it may be picking up those files. I can see that Hoang did not had a chance to respond yet (he's extremely busy with all the updates and new features, working on Defender plugin) but I asked him again for help.

    Kind regards,
    Adam

  • Adam Czajczyk

    Hello wpmudevorg24!

    Hoang suggested that these files are not "in place". I double-checked the default WP install and the Defender is picking them up because:

    upload.php
    /wp-admin/uploader/upload.php
    WORDPRESS CORE Unknown file in WordPress core

    There shouldn't be such file in this location, there's even no "uploader" folder inside "wp-admin" folder

    functions.php
    /wp-includes/functions.php
    WORDPRESS CORE This WordPress core file appears modified

    This file must have been modified.

    functions.php.orig
    /wp-includes/functions.php.orig
    WORDPRESS CORE Unknown file in WordPress core

    The name of this file confirms that the "functions.php" (mentioned above) was modified. It seems like it's an original file and I suppose the "functions.php" file was modified "manually". WordPress core files should never be modified regardless of the reason.

    pclzip.lib.php
    /wp-admin/uploader/pclzip.lib.php
    WORDPRESS CORE Unknown file in WordPress core

    The same as in case of first file, there shouldn't even be the "uploader" folder inside "wp-admin" folder so "pclzip.lib.php" file is a file that don't belong there and Defender detects it.

    theme-uploader.php
    /wp-admin/theme-uploader.php
    WORDPRESS CORE Unknown file in WordPress core

    There shouldn't be "theme-uploader.php" file inside "/wp-admin" folder.

    upgrade.php
    /wp-admin/includes/upgrade.php
    WORDPRESS CORE This WordPress core file appears modified

    This file must have been modified.

    upgrade.php.orig
    /wp-admin/includes/upgrade.php.orig
    WORDPRESS CORE Unknown file in WordPress core

    And this one confirms that the "upgrade.php" above has indeed been modified. That's the case similar to the "functions.php" above.

    plugin-uploader.php
    /wp-admin/plugin-uploader.php
    WORDPRESS CORE Unknown file in WordPress core

    There's no such file in "wp-admin" folder originally.

    That being said, I suppose that some of these files may have been modified by you or by someone that's been working on your site. WP core files and structure should never be modified and that's why Defender detects these files as "suspicious".

    If you're 100% sure that none of the changes in these files are actually suspicious/malicious you should be able to ignore them on "Defender -> Scan" page. I think however it would be worth some effort to move all the changes that were made - if they are still necessary - to e.g. child-theme files and/or MU Plugins or to custom written plugins.

    Best regards,
    Adam

  • Lee

    Don't remember getting an email on your post. Thanks for the response.

    I said above ALL these files show up after a fresh install of wordpress with no changes, no modification, no action on my part and I am the only one with access to the system.

    If your plugins are not creating these files could this be a Plesk thing and how it installs wordpress ? I have ask about wpmudev plesk testing with defender in another ticket and I was told that defender recommendations for "Prevent Information Disclosure" and maybe other things don't work and will be tested in plesk soon.

    In plesk 12.5 panel they have a wordpress item to selected in admin. There you can manage wordpress, install wordpress, update wordpress etc. I use it because it is quick and easy plus plesk seems to run better if you use tools they offer vs downloading 3rd party installs.

    As far as the wordpress installs they seem to work fine. I do not use the plesk wordpress management and updating I have been using wpmudev tools or updating from the network admin.

  • Milan

    Hey wpmudevorg24

    Hope you are well today. :slight_smile:

    Umm, I neither heard that our plugin creates those files on member's site nor default WordPress installation. But to get accountable information, i suggest you to contact your hosting provider as they will be able to give you clear idea is it due to default WordPress instillation or some other thing.

    Let us know then what they say. :slight_smile:
    Cheers,
    Milan

  • Dimitris

    Hey there Anthony,

    hope you're doing good and thanks for reaching us! :slight_smile:

    These issues may occur when auto-installers are using older or modified WP versions.
    You can always use the default WP installation process though and have the latest and default WP filesystem. https://codex.wordpress.org/Installing_WordPress

    As this is a rather old and long thread though, would you mind creating a new one?
    https://premium.wpmudev.org/forums/#question
    We tend to keep support threads related to specific member (so that other members don't get "irrelevant" email notifications) and specific issue (especially when issue is server related due to the variety of different setups).

    Warm regards,
    Dimitris