Hummingbird causing .js files to appear

I have many sites with the following issue. Any sites using hummingbird are creating .js files on the server in content/uploads/images/2017/3 . These accounts are on different servers and different themes. This never happened before. The gentleman that watches my sites for security asked me to reach out to you. (I've posted in another part of the site, but I think that's for users and I am assuming this is for the support team at wpmu. If it's not please forgive the duplicate posts.)

He sent me the following:
But these files just started appearing and I don't see why a professional
plugin would be putting .js files in the uploads directory in this way.
It's very non-standard.

While I agree the .js files don't appear to be malicious. They are blowing up my scanner every time it's run. I have not seen this with any other
site I'm managing "which is running WP Hummingbird."

Can you assist me in asking the authors of the plugin whether this is
normal behavior, saving .js files in the uploads directory?

-------
If I can send anything else to help figure this out please let me know.

  • Nastia

    Hello debbien , hope you're doing well!

    I had a feedback from a developer and the Hummingbird uses the upload directory that is defined in the configuration settings. So it looks like this content/uploads/images/2017/3 path is defined in your site's settings.

    Would you please check for a similar line in wp-config.php file:
    define('UPLOADS', 'wp-content/uploads');

    Also please let me know, these sites are single or multisite installation.

    While I agree the .js files don't appear to be malicious. They are blowing up my scanner every time it's run

    Would you please clarify to what scanner you are referring here? Is that the Hummingbird performance report scanner?

    Please advise,

    Cheers,
    Nastia

  • debbien

    Nastia, I don't see
    define('UPLOADS', 'wp-content/uploads');
    in my wp config file. I compared the wp config files of those currently using hummingbird, those that I had hummingbird on but have now deleted, and one that never had hummingbird on it and they all look the same.

    The one thing that remains constant throughout all of these sites is that they all use wordfence. Could that be doing something?

    As far as the scanner goes? I'll ask the guy taking care of hacks and see what he meant by that.

    All of my sites are single sites.

  • debbien

    Nastia, I never got an answer from the security guy about the kind of scanner he is using. But I heard from my host provider and he said there's is definitely something wrong with my hummingbird plugin because morning that site got about 500k connections per second all looking for those files.

    At this point I'm super confused but since I had hummingbird on a bunch of sites I'm hoping we can get to the bottom of it. Thanks

  • Sajid

    Hello debbien,
    Hope you are doing good today :slight_smile:

    I can not see any instances of files coming from /wp-content/uploads/images/2017/03/ on your site. Did you deactivated the plugin ?

    I tested it on my own site and it is loading files from uploads folder but it does not create images folder. For example the URL (no images folder in the URL) of minified CSS is:
    http://jwebsol.com/wpmu/wp-content/uploads/2017/03/7a94d489e53a2cee419c304e209fd208.css

    As mentioned by Nastia above, the plugin does store the assets in uploads folder.

    If you don't want plugin to store assets on local server, then you can enable Store my files on the WPMU DEV CDN option from Dashboard -> Hummingbird -> Minification -> Advanced Settings.

    This way, it will store assets on our secure cloud server and linked files directly from there. This reduce load on your server and ultimately increase site speed.

    Best Regards,
    Sajid - WPMU DEV Support

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.