[Wordfence Alert] Problems found on RobertKleinOnline.com
I just had an email that identified problems found on WordPress.
The question I have for you is, “Do you read the emails coming from Wordfence for your WordPress website?”.
I typically have a quick look and yesterday some low severity problems were identified.
And more specifically it was noted that four old WordPress core files were not removed during the update.
All four files were located at this path:
wp-includes/blocks/block/
And the four files identified are:
- editor-rtl.css
- editor-rtl.min.css
- editor.css
- editor.min.css
The Techie in Me
I’ve had a lot of experience with the files located in a WordPress installation and the techie in me wanted to verify that the offending files actually existed.
If you are not technically inclined like me, I welcome your eyes to glaze over now as I regurgitate some gobbledygook for you. 🙂
I have plenty of experience with that GLAZED-OVER LOOK, lol.
And this is more so directed to those that are using WordPress within what Internet Profits provides to us as the Affiliate System.
The path that I use to get to what I am talking about is:
Sites – WordPress – Advanced Settings – FTP Access
I proceeded to create an FTP user and once I pressed the button to accept my username and password combination, a section titled, “FTP Access” appeared.
And that section tells me, “Access your WordPress site securely through an FTP Client. FTP allows you to seamlessly upload, download and edit your website files and content.“.
And the rest of the section showed me the Host IP address, Port and my newly created Username.
I opened my trusty FTP95 client. It is old, old, old. But it still works mighty fine.
And I was able to locate the offending files. They had timestamps from year 2023 and a newly created file existed in the directory as well.
Should I Delete or Leave Them?
So there they were – the offending files – causing problems found on WordPress.
At this point I was unsure as to whether I should delete those files or leave them alone.
Luckily we have instant chat support in the Affiliate System.
And BTW for those who don’t know, The Affiliate System is almost brand new at Internet Profits and it is described as an AI powered system that can create multiple streams of income for ANY niche.
If you are a seasoned beginner affiliate marketer with a bit of experience but not getting the results you want OR if you are just plain a beginner with affiliate marketing, I invite you to access this free video I have for you in exchange for your email address to get on my list. No need to do so if you already receive emails from me at info@soapboxbob.com.
Then I will notify you from my list as to when new Afiliate Systems are made public. Plus I provide almost daily emails weekdays with valuable information for affiliate marketers.
Affiliate System Chat Support
It really is a blessing to have that instant chat support.
I described my issue and the AI came back saying that it couldn’t find anything relevant and it gave me a choice to chat with a live agent.
After describing my issue to the support agent, she asked that I wait about 4 minutes while she researched the issue.
She came back with the question, “How is your WordPress site working?.
I checked and I reported back that all seemed fine.
In which case she advised me to leave the offending files in place.
Further Research
I did decide to do some further research as I really must not be the only one that is seeing these problems found on WordPress.
I eventually did find the exact same problem that someone reported to WordPress.org.
And they basically flagged the question as being a duplicate as it has appeared many times before.
They stated, “This is the same issue as reported 3 years ago in #53702, #51509 and #53718.\”.
Conclusion
After plugging in that first issue # I was provided with a link to:
https://core.trac.wordpress.org/ticket/53702
If you go to that link, simply scroll all the way to the bottom of the support ticket.
And the analyst basically replied that those files should not cause (he missed the word not, but I knew what he meant) any issue if you delete them. And he went on to say they also won’t cause any issues if you leave them there.
It was the analyst’s further assumption that the next WordPress version/update will fix the issue. And I erred on the side of caution and made that my assumption as well.
But if you do decide you want to go down that rabbit hole, make sure you make a backup of your WordPress site before you delete those files.
Let me know in the comments if you have encountered a similar low severity problem after a WordPress version/update and the action you took.
Hi Robert,
I encountered the same issue in my WordPress and wasn’t sure if I should delete those files. After some research, I learned that it’s crucial to back up your site before deleting anything, just in case. Unfortunately, I’ve never done a backup before. Could you kindly guide me through the process on backing up my site, and advise if I should delete these files? I’m not very tech savvy, so any help would be greatly appreciated.
Thank you for your great post!
Meredith
Meredith Moore recently posted…The Power Of A Strong “Why” In Affiliate Marketing
Hi Meredith, it’s always a good idea to have a regular backup done of your blog. I had installed a plugin called, UpdraftPlus. And if you have access to our Daily Ask Us Anything Coaching and you need help with the installing and setup – just let them know and they may be able to help.
My further research basically shows that you really don’t need to do a thing. And the next version update of WordPress should automagically remove them. Regardless, I’m told that those files being there will not hurt anything. And the ultimate test is to verify that your blog is still up and running with no issues. The issue is identified as low severity.
Robert Klein recently posted…Affiliate Marketing Luck
Robert, Thank you so much! I appreciate the help. I will check out that plugin too. 😊
Meredith
I wish I was more technical like you. I will be honest and admit I ignore those emails and hope for the best. This is not a responsible approach for a business owner I like how you utilized the affiliate system help center I will take this advice and start reading them and escalate as needed. It is comforting to know that there is help just a click away!!!!
Robert,
I do receive emails from WordPress. I have to admit that I just glance at them and not read all of them. I guess I had better change that. I do always back up my blog though.
Sherri
Hey Robert! Thanks for bringing this up. I’m curious: How often should I back up my blog? I did install the plugin a while back, but I don’t proactively use it. At one point, I had to install it before doing an update. Should I be backing it up each week, or does it do it automatically? Thanks for your insight!
Nakina,
I currently have an automated backup running once weekly for both the files and database.
And sometimes I will run a backup manually before updating plugins or if I have to run a WordPress version update.
I have two WordPress Blogs with one that I have set to run automatically once per week; and the other one I just run a backup manually from time to time.
Robert Klein recently posted…Community To Be Proud Of
I do look at the emails from WordFence and unless I recognise the plugin they are referring to then I ignore them. I have found when I go into my WordPress there are sometimes alerts from WordFence that highlight any issues with plugins along with the advice to re-install the latest updates of them.
Wow, Robert. Thank you for the great post. I do not look at those emails either, as they make no sense, and as long as my blog is up and running, I try not to worry too much about it. I installed the backup plugin you mentioned in your comment and love how simple it is to do. The only thing I didn’t understand was the option of storing the backup in an outside source. I’m not sure what type of storage I would need to store the data. Is it okay if the backup stays within the plugin and deletes each as the backups occur each week? Am I making any sense? LOL!
Hi Vanessa,
Youare making sense. I tried to find an answer in the documentation without success. I’ve chosen to store my backups on my Google Drive. For you however, I believe your WordPress site is in the Affiliate System and as such daily backups are already done for you.
I would suggest just to uninstall that backup plugin.
Robert Klein recently posted…Community To Be Proud Of
Hi Robert,
Received the same email for my WordPress blog site and because of the daily backup done on it, I decided to delete these files.
So far, the end of the world hasn’t happened! LOL! But as you mentioned, I don’t think I would have deleted them if a backup didn’t exist.
Thank you for the education part though; I hadn’t really gone that far down the rabbit hole as you mentioned but I’m happy to have been educated on it!
All the best!
Robert, I have the upgraded version of WordFence so it also gives you the option to delete the files from within the scan results. It is true that you don’t need the files, the one thing that I thought was strange was that I have 3 Word Press sites and when each one was updated to the new version, I only had one site that got the error. As for backing up your word press site in AS they get backed up daily automatically. You can view them under Sites/word press/backups, but I also use Duplicator Pro for offsite backups as well.
Ken, thanks for bringing that to my attention about Affiliate System already doing backups. I have two WordPress blogs and one of them reported the extra files. The other one took a couple of days and eventually reported them there.
Robert Klein recently posted…New Community
You really do have a knack for helping those of us that are not as technical or inclined to do the research that we should to resolve a problem or at least answer a question. I’ve seen these emails and have not known what to do and sometimes it’s easier to ignore but now I’ll pay closer attention just in case there’s an issue. I appreciate your advice and guidance through this blog post. Have a great week!
Hey Robert, thanks for raising the flag up. I don’t have this issue but if this had happened to me, I would have done the same as you, that is, opt for playing safe and leave those files there because your website actually works well. on the Wordfence side of my system, only some minor issues with plugins not updated. Nothing to scare.
Martin
Hey Robert,
i am always having issues with wordpress, but am never sure how to investigate them. thanks for a primer on what to do.
Scott recently posted…Money for Nuttin
Hi Robert,
Thank you for this post, appreciate your due diligence in tracking down WP issues. I am not sure if I’ve opened emails from WP. I can only recall plugin info to upgrade etc.
I will however check from now on.
I do have an issue when my site is automatically security checked and have been warned about a plugin CommentLuv which I like but have not deleted as suggested.
Because of your post I have visited the plugin site and saw a message that says:
“This plugin has been closed as of 7 March 2024 and is not available for download. Reason: Security Issue.”
I like the COMMENTLUV plugin as it visits the site of the comment author while typing their comment and it will retrieve their last blog posts which is included at the bottom of their comment when they click submit, so I think it could increase engagement
Do you have any experience with that or other plugins deemed to have security issues?
My best piece of advice is that if an issue is flagged about a plugin – wait for an update. Currently the CommentLuv site tells us that the free version has been updated to bring it in line with the latest PHP versions and WordPress versions. And they are working on doing the same for the premium plugin.
Robert Klein recently posted…Community To Be Proud Of