[Defender] Why Defender Cal These Files?

Hello ,
By using Query Monitor I found that Defender call two files and gettings errors.
First , "/wp-includes/theme-compat/embed.php" method is GET and Status is 404

Seconed, /wp-content/uploads/wp-defender/index.php , Method Head and Status is 403

Why Defender call them both ? And Why get errors ?
My Firewall company said that it is kind of dangrous to call both files


  • Adam Czajczyk
    • Support Gorilla

    Hello Mohamed

    I hope you're well today!

    Calling out that first file directly should trigger an error (that would actually not affect the site and not do anything to it) and that's exactly why Defender is calling it. It's a part of a "Hide Error Reporting" security tweak check and calling that file is a safe and "user-transparent" sort of "trick" to find out for sure whether there's a need to hide error reporting or not.

    The second file - which is a harmless, internal Defender file - is a part of "Prevent PHP Execution" security tweak check and by calling the file the plugin can find out whether the PHP files can or cannot be executed where the execution should not be allowed.

    I see no reason why these calls could be in any way "dangerous" if performed in this "context" from inside of the site. I agree that if some unknown external service would be calling them out that could mean some attempts to find out more about the site's security, which in turn can indeed be dangerous. But that's a different case and it's actually a part of security check.

    Kind regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.