My website was flagged by my host as being infected. The file they quarantined was in my cache. I cleared the cache and ran a scan with the free version of Wordfence, and it came up clean. I then scanned with Quttera, and it flagged in the Cornerstone plugin the “wp-content/plugins/cornerstone/includes//…/sample-nav.php” file as malicious. How likely is it that it is a false positive?
Here are some details:
Threat: <?php // =======
Details: Detected malicious PHP script
Hi Juliana,
Thanks for reaching out!
We are following WordPress standard coding in Cornerstone and we are not quite sure why it was flagged by your hosting as malicious file. I suspect that you have an od version of X, If that’s the case, please make sure to update your Cornerstone to the latest version to avoid any security issues.
Hope that helps and let us know how it goes.
Thanks for your reply!
My X theme and Cornerstone are up to date - just confirmed that.
Something I read said that sometimes themes or plugins get falsely flagged because they are obfuscating proprietary information - might this be the case? I am using Quttera to scan, and I wonder if it unnecessarily flags Cornerstone.
Hi Juliana,
We are not aware of the issue you are describing here. It might be some vulnerable plugins or code which is creating the issue. I would suggest you delete the Cornerstone from the plugin and re-install it from the link in the dashboard to automatically install the Cornerstone.
Please note that a few hours ago we have released another version of the theme with some fixes, I would recommend you to update your theme to the latest one.
It will install a fresh copy of Cornerstone which may help you get rid of this issue temporarily, but I would suggest you scan and check which plugin is the reason behind your issue. It might affect you again in the future.
Thanks
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
