Hidden Plugin Folder|Files (HPF) Alert

[AITpro Admin]

@ Manuel – You probably have to completely uninstall BPS free using the Uninstall Options on the Plugins page and then download and install the .53.7 version here:  https://wordpress.org/plugins/bulletproof-security/developers/

[Ayanna]

Hi, I’m getting the same annoying email alerts after the most recent BPS update. Yesterday I added the file: /home/***/public_html/wp-content/plugins/php_errorlog to the Ignore Hidden Plugin Folders & Files box and clicked Save but the alerts keep coming. My hosting company rep told me: “I checked the file and it is a standard PHP error log file which records the PHP errors so you should not worry about that. Just in case, I have scanned your account and it seems to be clean of malware.”

What should I do to resolve this?

[AITpro Admin]

@ Ayanna – Do you have a standard WordPress website or is it a Network/Multisite website?

Do these steps.
1. Go to the Ignore Hidden Plugin Folders & Files textarea box.
2. Paste this into the textarea box:  php_errorlog
3. Click the Save Plugin Folder|Files Ignore Rules button.

[Ayanna]

I have a standard WP site. I followed your instructions and there have been no new alerts in the past 30 min (they were coming every 15 or so). I hope that takes care of things and thanks for your rapid response.

[Manuel]

Uninstalled and installed .53.7. No more alerts. I will wait with updating until you fix the bug, thanks for having me noticed!

[AITpro Admin]

@ Manuel – The good news is that this is not a bug in the HPF code.  HPF has been tested on every type of Network|Multisite site and HPF is working perfectly without any of the problems that are occurring on your particular Network|Multisite site.  The bad news is this problem is only occurring for you on your website.  Logically either something else you have installed (plugin or theme) on your website or some extra code that has been added in your wp-config.php file or maybe your host server (or a server configuration or direct cron job) is interfering with and breaking the BPS HPF cron code on your particular website.  So at this point you would have to check your wp-config.php file for any extra code and then do standard WordPress troubleshooting steps:  deactivate all plugins and test and switch your theme and test.

[RJD]

[Topic has been merged into this relevant Topic]
However, I continue to get an HPF warning from your software at this string; /wp-content/plugins/.htaccess
When I first saw this, I deleted the htaccess file, created a new file and pasted in the WP basic code from the WP codex.
That file does not seem to have been tampered with since then.  I hate to “assume” that the file is OK.  What do you think?

RJD

[AITpro Admin]

@ RJD – Do have BPS or BPS Pro installed?  If you have BPS Pro installed then the /plugins/.htaccess file will be the BPS Pro Plugin Firewall htaccess file.  If you have BPS installed then BPS does not create a /plugins/.htaccess file.  So either that htaccess file was created manually by you or automatically by another plugin.

Also do you have Go Daddy Managed WordPress Hosting (this is special type of hosting and is not a standard Go Daddy Hosting account)?  We will adding additional error checking for both HPF Cron and the Plugin Firewall AutoPilot Mode Cron since Go Daddy Managed WordPress Hosting disables the standard WordPress Cron and uses its own Cron that runs every 10 minutes, which causes issues for both the HPF Cron and the AutoPilot Mode Cron.  Both of these Cron jobs need to be turned Off on GDMW Hosting since they will not work correctly on GDMW Hosting.

[RJD]

As a followup to my post about the htaccess file, I am not using Go Daddy hosting.  I did created the htaccess file myself, by manually creating a new file via FTP, then pasting in the the standard WP code for that file straight from their codex page.  Would manually creating this file somehow trigger the warning?

RJD

[AITpro Admin]

@ RJD – You would not want to create standard WP Codex Code in a custom made /plugins/.htaccess file.  You would instead create your own customized code to protect against whatever you want to protect against.  Post the htaccess code you have created in your custom /plugins/.htaccess file so I can tell you whether or not that code is valid and if you need to delete that code or not.

General Info:  Go Daddy Managed WordPress Hosting (GDMW Hosting) is a special/different type of Go Daddy hosting.  It is not the same as regular/standard Go Daddy Hosting.  They are 2 completely different types of Hosting Accounts.

[Patrick]

I have two sites which both started issuing alerts today.  One at around 10am PDT and one around 2:30pm PDT.  The error is the same although one of them has many more alerts than the other on the dashboard.  Did I understand this correctly, this is a bug in the latest copy of BPS and to revert to an older version?

Thank you!

[AITpro Admin]

@ Patrick – Nope no bugs.  So far there are 2 known issues:  1. A GDMW hosting Cron issue/problem, which will require an additional check added for GDMW hosting to alert folks to turn Off HPF since it requires a standard WP Cron and cannot use a custom GDMW cron.  2. Isolated issue/problem on an individual Network|Multisite site and the person decided to revert to an older BPS plugin version.

HPF checks for hidden plugins or non-standard WP files in the plugins folder and displays a Dashboard Alert and sends an Email Alert.  HPF does not display Error Messages (unless some kind of error occurs of course) and only displays Alerts.  See the HPF Read Me help button info below or click the HPF Read Me help button.

General Help Info
The Setup Wizard automatically sets up and activates all BulletProof Modes and all other BPS settings with default settings. The Setup Wizard can be re-run at any time. If you change any BPS default settings, your custom settings will not be changed/reset by re-running the Setup Wizard. The manual Security Modes option settings are for doing things like changing default settings, adding custom htaccess code to BPS Custom Code, testing and troubleshooting by deactivating (turning Off) BulletProof Modes.

Hidden Plugin Folders|Files (HPF) Cron General Info
A hidden or empty plugin folder is a plugin the exists in your /plugins/ folder, but is not displayed on the WordPress Plugins page. A hidden plugin can be used as a hacker backdoor to gain access to your WP Dashboard, hosting account, create user accounts, completely control your website and hosting account, etc. A non-standard WP file or modified/altered file in your /plugins/ folder can also do all of the things a hidden plugin can do.

The HPF Cron is setup automatically by running the Setup Wizard. The HPF Cron checks the WordPress /plugins/ folder for hidden or empty plugin folders and any non-standard WP files or altered files in the /plugins/ folder. This is a lightweight Cron check that uses an insignificant amount of resources/memory. So 4 checks per hour (check every 15 minutes) will not cause any significant resource/memory issues whatsoever. Even choosing Run Check Every 1 Minute would not cause any significant resource/memory issues whatsoever.

What to do if a hidden plugin folder or file is detected
If a hidden or empty plugin folder is detected or a non-standard WP file is detected then you would use FTP to check the folder or file. If the folder or file contains hacker code or is a hidden plugin or is a non-standard WP file then make a copy of it and delete it. If the plugin folder is just an empty plugin folder then delete it. If you recognize the folder or file you can use the Ignore Hidden Plugin Folders & Files textarea box option to ignore/not check this folder or file.

Dashboard Alerts & Email Alerts:
If a hidden or empty plugin folder is detected or a non-standard WP file is detected then a BPS Dashboard Alert will be displayed and Email Alert will be sent to you. BPS Pro Only: The HPF Email Alert setting is in S-Monitor: HPF: Hidden Plugin Folders|Files (HPF) Cron and the option settings are: Send Email Alerts or Do Not Send Email Alerts.

HPF Cron Check Frequency:
Available Cron Check Frequency Settings are: 1, 5, 10, 15, 30 or 60 minutes. The default HPF Cron Frequency is: Run Check Every 15 Minutes, which is setup automatically by running the Setup Wizard. Click the Save HPF Cron Options button to save your settings.

HPF Cron On|Off:
To turn on the HPF Cron choose HPF Cron On. To turn off the HPF Cron choose HPF Cron Off. Click the Save HPF Cron Options button to save your settings.

Ignore Hidden Plugin Folders & Files:
This option is for adding ignore rules for Hidden or Empty Plugin Folders Detected by BPS or Non-standard WP files detected by BPS in your /plugins/ folder. This is an independent option setting that does not require clicking any other buttons. Example Usage: If you intentionally have an empty plugin folder in your /plugins/ folder or you have a custom file in your /plugins/ folder then you can add the plugin folder or custom file name in the Ignore Hidden Plugin Folders & Files textarea box so that the HPF Cron check will ignore any folder or file names that you add. Add Ignore rules using plugin folder names or file names. Use a comma and a space between folder and/or file names. Example Ignore Rules: plugin-folder-name, example-file-name.php

[Maria Eugenia Vigna]

Hello I have the same issue, but I delete the folder in the FTP > plugin, ad since then I cannot acces to teh page or admin. Error 505. I’ve tried desacrtivate plugin folders or de .htacces file, but nothing works.
Thanks

[AITpro Admin]

@ Maria Eugenia Vigna – Restore the folder you deleted.  If you did not make a copy of the folder before deleting it then use your web host file restore to restore the folder you deleted.  If you are not sure what the folder is then make a zip backup of that folder and send it to us:  info at ait-pro dot com.

[bill]

Hi, AITpro.

I too ran into a dilemma concerning the Hidden Plugin Folders|Files (HPF) Cron after my most recent BPS Pro update. Long story very short: my warning/error emails began coming in almost immediately after updating – and it singled out a limit-posts.php file. After checking the file via FTP, I found that it was about four years old or so. And, being that this particular site had been hacked prior to my coming to know of AITpro and BPS; coupled with the onslaught of email warnings, I felt it best to delete the file.

I didn’t find out until a few days later that the file may’ve been safe after all. Apparently, it had something to do with my homepage content display and my product descriptions because they no longer appear. Instead I have a message that reads: “You have not uploaded and acivated the limit posts plugin. This is required.” (yes, activated is misspelled to boot -sigh) plastered across my homepage. I’ve tried to reinstall the plugin “limit posts” as the message suggests, but even after install and activation, the message remains and the descriptions aren’t displaying as intended.

At this juncture, my question is: is there a way to undo what’s been done?

Thanks -Bill

Edit: website’s homepage: http://christfirstclothing.com/

[Author]

Posts