Defender Reports a file in ManageWP as a problem

ManageWP uses a file /SSH2.php which "Defender" reports as a major problem. Is there a way to whitelist this? or work with ManageWP so that Defender doesn't report this as an issue?

The ManageWP worker is released under GPL licence as Open Source and its code is publicly available in Wordpress repository.
As such it is using a number of other Open source libraries as well.

One of them is PHPSec library: http://phpseclib.sourceforge.net/

This particular file in ManageWP worker (https://plugins.trac.wordpress.org/browser/worker/trunk/src/PHPSecLib/Net/SSH2.php) is using this library’s ability to execute one-off commands with exec() (http://phpseclib.sourceforge.net/ssh/intro.html).

I believe that due to this function exec() code is falsely interpreted as suspicious by the WPMU defender plugin.

  • Adam Czajczyk

    Hello Frank,

    I hope you're well today and thank you for your question!

    The ManageWP code may indeed be reported as "suspicious", especially given the fact that the "exec()" function is not considered safe. Actually, many hosts do block it entirely. However, our developers are looking into adding "whitelist" function to Defender plugin.

    This should hopefully be introduced soon and you'll then be able to add any file that you're sure of to the "ignore" list and Defender will no longer report it. We're also working on many improvements to Defender's scan engine in order to make it more compatible and more "aware" of various plugins' specifics.

    That said, I'm not able to give you any ETAs on these improvements but I'm sure they'll be introduced really soon.

    Best regards,
    Adam

  • Adam Czajczyk

    Hello Frank!

    Even better you could allow a feature to choose, whitelist this instance OR whitelist all..

    That sounds like a handy feature! Even "one by one" whitelisting would be useful though, I think. I hope this will be introduced soon so please make sure that you keep Defender up to date and hopefully the feature will be included in one of the nearest upcoming releases :slight_smile:

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.