Tagged: Prose theme
Yesterday my WebsiteDefender came up with a sever alert regarding my Prose child theme.
Here is what it said:
Executable file found in WordPress uploads directory
Executable PHP files were found in the WordPress uploads directory. By default WordPress doesn't allow uploading of PHP files in the uploads directory. Hackers would normally upload malicious executable files to this directory because it's the only directory in a secure WordPress installation that has write permissions. The presence of this file in the uploads directory may indicate that your system was compromised.
File Name: /home/drjessec/public_html/wp-content/uploads/prose/custom.php
What does this mean? Is this something I can safely ignore?
Hi, what is the URL to your website?
Let me see if I can get someone to answer this. Be back shortly.
Thank you Anitac!
I bought this plugin and now I live quiet.
@jchaps82 - There's nothing to worry about, in all likelihood.
Prose puts a custom.php in the uploads directory, where you can create custom code that would survive a theme upgrade. It puts it in the uploads directory so that if you wipe out your child theme directory on upgrade, you don't lose this custom code.
You can examine the contents of the file, but it likely contains the default contents that came with the theme, and that is simply a comment that does nothing.
There's no sense in deleting it, because Prose will just re-create it if it doesn't exist. You'd have to modify the child theme to change that behavior.
When you run generic tools, you have to take the warnings with a grain of salt.
Hope that helps.
Thank you Roberto and Bill!
The topic ‘WebsiteDefender’ is closed to new replies.
Subscribe to get early access to new themes, discounts and brief updates about what's new with StudioPress!