Quarantine exception: root /wp-content folder

[semik42]

I have an advanced cookie plugin that periodically (every few days) generates a few .js files and drops them into the /wp-content folder. Unfortunately, these are quarantined every time. I already tried the subpage -> Quarantine -> Exclude specific folder and also Autorestore -> Exclude other folders & files and then -> ‘For WordPress Folder & Files (only)’ to insert the path /www/htdocs/yyy/zzz.de/wp-content/, but it doesn’t work and within a day i have over 100 new quarantined files and that’s with a couple of domains.

How and at which point should I proceed best, to make the path /wp-content as an exlusion? Thank you guys a lot.

[AITpro Admin]

You cannot exclude the entire wp-content folder.  There is a failsafe built into AutoRestore|Quarantine that will automatically disable AutoRestore if you try to do that.  There are several important reasons for the wp-content folder failsafe.  Are the cookie plugin’s js files randomly named or do they have a static file naming convention?  Does the plugin allow you to choose where the js files are created?  Does the cookie plugin allow creating a self-contained folder instead of dumping files in the root of the wp-content folder?  example:  /wp-content/cookie-plugin-js-files/.  All randomly named files should be in a self-contained folder.  That is industry standard best practice.  You cannot exclude randomly named files due to the way the PHP copy() and other similar functions work.

[semik42]

Thank you for your reply.

Unfortunately, the cookie plugin throws the generated .js files into the root /wp-content folder. All names are random and change every few days. In the following, I have inserted why the developers of the plugin do this (translated from German to English):

“Directly in the wp-content/ folder you will find JavaScript files with a long name, e.g. f7f4fee493316e29b0676d9d962174f5.js. There can be up to eight such files.

Adblockers and cookie banner blockers are increasingly fighting against cookie banners. They block the cookie banner in the same way as advertising. As a result, visitors with such tools would never see your cookie banner and you can never get consent from them to set cookies. Consequently, you can’t load many services like Google Analytics, Google Fonts or YouTube for these users. In case of doubt, this harms not only your users, if they can’t see the YouTube video, for example, but especially you as a website operator, who loses important data. For this reason, we have developed an anti-adblock system.

The anti-adblock system delivers, among other tricks, the JavaScript of Real Cookie Banner (file with the cryptic long name) under a dynamic file name (changes every 7 days or with a plugin update). The path of the file must be as useless as the filename, so that adblockers and cookie banner blockers can’t detect if the JavaScript is Cookie Banner or something else. That’s why we put a copy of the JavaScript we need in the wp-content/ folder. But don’t worry, we also make sure to automatically delete files that are no longer needed!”

Is there any other way to exclude this? I am literally getting hundreds of mails each day that files got quarantined.

[AITpro Admin]

You can reply to the plugin developer with this statement > All WordPress caching plugins put their cache files in a self-contained folder since that is best industry standard practice.  Having randomly named and randomly generated files is a good thing to do. Not having randomly named files in a self-contained folder is not a good idea since it does not follow industry standard best practices.  You can of course request that the plugin developer creates a self-contained folder for their randomly named files.  If the plugin author does not feel that is important to do then I recommend that you find another plugin that does the same thing.

[Author]

Posts