New to the community? Start here

[Defender Pro] quantine files

0

As WordPress and plugins update, there is a never ending stream of useless files left behind. However, sometimes the files flagged for malicious activities are actually needed and the site or plugin will crash without them.

It would be great if Defender allowed us to quarantine files before they are formally deleted. They could then auto-delete 7 days later (or by any timing) but only after we determined their removal doesn’t crash the site/plugin. This would save a lot of support time because we could restore the files easily instead of doing a full site restore.
This would save WPMUDEV hosting a lot of bandwidth and processing power too ;-)

-Ed

Fri, 19 Aug 2022 19:56:30
More Defender Pro discussions
Defender Pro
  • Patrick Freitas
    • FLS

    Hi Ed Speyers

    I hope you are doing well.

    It would be a nice option but there is the main issue with this, moving a file from one location to “quarantine” would cause the same problem as we would remove it definitely, to know if the file is not necessary we would need to prevent it from loading and then check the status of the site, but if we do it from PHP ( WordPress dashboard ) there is a big change of WordPress returns a fatal error.

    The best way to verify if that file does exist in the plugin is by downloading the fresh copy of the plugin and then checking the reported file, if that matched the Defender report you can ignore the file, otherwise you can take a full backup and reinstall the plugin or remove the file.

    Best Regards
    Patrick Freitas

  • Ed Speyers
    • Design Lord, Child of Thor

    Thank you Patrick! That is very helpful.

    In the cPanel platform I’ve used before (which I’m thankful to get away from) we changed the permissions on the file so that it couldn’t be accessed. Otherwise it stayed in the same place. Admittedly, I don’t know the process of accomplishing that from the WordPress Dashboard. It might not be an option.

    By my guesstimate, 99% of the time, it’s perfectly ok to remove the file. But a few times I’ve done that it’s crashed the site. My hope was that there was a better way to get rid of a file that didn’t require a full restore in the event Defender chose to eliminate a file that was still being used.

  • Kasia Swiderska
    • Support nomad

    Hello Ed Speyers ,

    Admittedly, I don’t know the process of accomplishing that from the WordPress Dashboard. It might not be an option.

    Depending on the hosting you are using there are other methods to change permissions. FTP/SFTP would be the most popular. And then it can also be done with SSL.
    Also, many site management platforms, besides the cPanel, have file managers that allow changing the file’s permissions.

    kind regards,
    Kasia

  • Tony G
    • Mr. LetsFixTheWorld

    Please pardon my jumping in… Ed Speyers wrote :

    As WordPress and plugins update, there is a never ending stream of useless files left behind.

    Could you provide some examples?

    I understand that if a plugin doesn’t clean up after itself that dead files can be left behind – like writing logs and such to /uploads. But I haven’t looked into frequently updated plugins to see if there are some number of old files left over from renames or other refactoring done by developers.

    I thought (silly me?) that in the plugins folder, that all files are removed in the update process, and then all new files are inserted. Are you saying that if there is some file X.php or Y.css, that if those files are not in an update, that the files will remain in the file system next to all of the others that are newly imported?

    However, sometimes the files flagged for malicious activities are actually needed and the site or plugin will crash without them.

    I’m not understanding that. Maybe you’re talking about OTHER files, not files left behind by updates. The word “However” links the topics. If you’re talking about live plugin code that looks malicious, but you/we have verified that it’s not, then sure, we need to Ignore the report.

    What I’m not understanding here is that you’re saying there are files left over from an update, as though they’re no longer needed, but then you’re saying the files are needed. Uh, which is it? Can you provide an example?

    Confused.
    Thanks.