Sorry there is another one also
https://snipboard.io/rdNJQy.jpg
Hi there @kristinubute.
The files in /wp-content/languages/
are translation files that get automatically downloaded by WordPress when your site is set to something else than en_US
(WP’s default language). That’s true for WP itself, plugins that support multiple languages (like Akismert), etc.
Based on the file name in your screenshots (both images showed the same file, btw), is your site set to be in Australian English (en_AU
)? Those translations usually deal with English differences between countries, like using ou
instead of o
in words like colour, etc.
If the latter is the case, I do not believe that the file is a threat. What I cannot gauge of with just screenshots is if said file was somehow “hacked” in some way, which would be doubtful.
Hope this helps.
Yes I agree I doubt it especially as I have just updated the plugin anyway.
It’s probably a false positive.
Just thought I would ask as we had malware issues on the client site 2 days ago so I’m just covering ALL basis as I don’t want that to happen again.
Spent many long hours cleaning up the site from malware that’s all and double checking things.
Thanks
Sure thing. It was definitely a question worth asking. Thank you for having taken the time to do that. 🙂
Maybe also I should be asking what the contents of those files look like please?
As malware can inject whatever into files, and as this malware software picked it up, I would rather be careful.
Can’t afford to have issues with malware again on client site, way too stressful.
Please advise what the contents of those files should look like and I will double check them.
I would rather be safe and regret not checking properly.
Thanks
Hi,
The en_AU
translation files for the Akismet plugin can be downloaded here: https://downloads.wordpress.org/translation/plugin/akismet/5.3/en_AU.zip
The translation files include a .po
file and a .mo
file. The file that was identified as a threat in your screenshot is akismet-en_AU.mo
. Note that .mo
files are binary files, and you’ll probably want to use something like diff
to compare the downloaded file to the site’s file.
I’m not sure if your client’s site could be using an older version of the .mo
file. The service that identified the threat should be able to help determine if this is a legitimate threat. If they’re not able to help, you might want to consider trying a plugin like Jetpack Scan or another scan plugin.
HI, another alternative, if I delete your plugin entirely and then reinstall it will that remove all files then?
Then I start from scratch with your plugin?
Or will the remnants still be in the Uploads folder ?
If I do this strategy and uninstall your plugin … what other directories do I remove in Uploads as well so I can remove whatever.
Then do a fresh clean install of your plugin, maybe that is the way to go ?
Please advise.
Thanks
If you use the plugin deletion process via the wp-admin/plugins.php
page, the Akismet language pack files in wp-contet/languages/plugins
should be deleted. You will want to verify that the akismet-en_AU.mo
file was deleted.
If you manually delete the Akismet plugin files in wp-content/plugins/akismet
, note that the language pack files are stored in a separate location and will need to be deleted separately. As show in your screenshot, they’re in wp-content/languages/plugins
.
I’m not aware of any remnants that would normally be left in the Uploads folder after the deletion process.