[Defender] Yet another file scan goes to x% post

Kinda old news - Defender file scan, brand new site, just new plugins, no visitors or uploaded files ... and this is in a new WPMU DEV hosted site. The scan went to 98.x% and then froze.

It might be more memory than allocated in PHP.INI (RC). Might be too many plugins. Might be just my lucky day. Whatever it is, this is a very common issue. I strongly recommend that whatever it's doing that there should be logging in the plugin on exactly what its doing. There should be occasional memory checks to see if maybe this process is a little too intense for currently available resources. There should be a link to the access log and error log (not a big stretch for a security plugin, right?). With those tools we might not need for you guys to "fix" this plugin, because the issue might be on our side every time.

But if it's not on our side, um, please fix it.

Oh yeah, and when it does finish it still reports robots.txt as being a "potentially harmful" "Unknown file in WordPress core". Really? C'mon. Oh, go to fix the problem and it says "As far as we can tell, the file is harmless (and maybe even from an older WordPress install) so it's safe to ignore it. " So I guess it was neither potentially harmful nor unknown.

(A little miffed but still lovin it)
Thanks.

  • Ash
    • WordPress Hacker

    Hello Tony G

    Thank you for your detail explanation and suggestion, very appreciated. I will pass this to the defender team :slight_smile:

    About the frozen issue, would you please enable debug mode and check if there is any error? To enable debug mode please go to wp-config.php and change

    define( 'WP_DEBUG', false );

    to

    define( 'WP_DEBUG', true );
    define( 'WP_DEBUG_DISPLAY', false );
    define( 'WP_DEBUG_LOG', true );

    Now try to scan again. That will create a file called debug.log inside wp-content folder. Open that file, check the very bottom and you will see the latest errors. Please send me those.

    Have a nice day!

    Cheers,
    Ash

  • Andy
    • Product Design Lead

    Tony G Thanks for the feedback, have noted down the issue where Defender's highlighting the robots.txt file - super annoying! Will have a fix in the mix soon. As per Ash's notes above, we *should* be able to fix the issue you're having with the scans with a little more info. 90% sure it'll be host/server related as this appears to be a rare one.

    Cheers,
    Andy

    • Tony G
      • Mr. LetsFixTheWorld

      Your patience with me has not gone un-noticed, and is much appreciated. :slight_smile:

      Note again that this is in a WPMU DEV hosted site, so if it is indeed host/server related then diagnostic info can be of use to a number of people there.

      It will take about a week to get back around to this to get debug info.

      Thanks guys.

      • Andy
        • Product Design Lead

        Hi Tony,

        A fix won't likely be in the next release as this was already in QA but we're looking at a solution for a coming release. The tricky bit, I am told, is that robots.txt can be compromised with code injection but we'll try and do some wizardry to check those files specifically for anything malicious, and pass it otherwise.

        Cheers,
        Andy

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.