• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved where does Plesk download wordpress from?

R

Richard Follett

Basic Pleskian
When I install WP via featured applications it installs ok

then when I check files with a scanner it picks up non wordpress files - hence my question?
 
Hi Richard,

Plesk uses WordPress APS package to install WordPress. This package contains vanilla WordPress with translations to multiple languages supported by Plesk and some meta-information (WordPress system requirements, etc). It also contains Akismet and Hello Dolly plugins (both default).
 
ok thanks for your help. The only reason I ask is that went I do an install it seems to add these files which are not WP standard in 4.5.3 ?

added - wp-admin/includes/upgrade.php.orig

added - wp-admin/plugin-uploader.php

added - wp-admin/theme-uploader.php

added - wp-admin/uploader/pclzip.lib.php

added - wp-admin/uploader/upload.php

changed - wp-includes/functions.php.orig
 
I think this is a major issue - wordpress application installs from plesk dashboard are installing infected versions of Wordpress??
 
Richard Follett said:
I think this is a major issue - wordpress application installs from plesk dashboard are installing infected versions of Wordpress??
Click to expand...
Guessing is wonderfull, but does not help to investigate issues/problems/failures.

What makes you think, that a file is "infected"? Post the file in question as TXT here at the forum, please, so that people willing to help you can investigate the issue.
If you have files, which contain endings like ".orig" or ".bak", then this means, that the ORIGINAL file has been replaced with another one. Consider to post both of the files as TXT then, pls.
 
Hi Richard Follett,

in addition, while I investigate the files, pls provide MORE informations about your server, like server provider, how did you install your server, which operating system, used Plesk version ( incl. MU ), how did you install wordpress... and all other informations, that my help to investigate the root cause.
 
Hi Richard Follett,

all files are not infected in any way. Download the zip - file "https://apscatalog.com/1.2/wordpres...Plesk&os=undefined&platform=undefined" and compare it with the original wordpress zip at "https://wordpress.org/latest.zip".

Investigations:

1549 files exists at the zip - file from the aps.catalog
1347 files exists at the zip - file from wordpress

192 files which are not existent in the zip - file from wordpress ( all are language files )
8 files do not exist:

htdocs\blogs\media\.hidden ( CONTENT = NONE = unexpected file, which may be existent to solve issues with empty folders in wordpress )
htdocs\tmp\.hidden ( CONTENT = NONE = unexpected file, which may be existent to solve issues with empty folders in wordpress

wp-includes\functions.php.orig
wp-admin\includes\upgrade.php.orig

wp-admin\plugin-uploader.php
wp-admin\theme-uploader.php
wp-admin\uploader\upload.php
wp-admin\pclzip.lib.php
and 2 files differ:

wp-admin\includes\upgrade.php
wp--includes\functions.php
Investigations results: The Plesk wordpress version includes another possibility to upload themes and plugins ( see the differences, pls. ). No files are "infected" or what ever you may declare them!
 
Last edited by a moderator:
thanks for your help in looking at this matter..

It still seems very weird to me that there are additional files in the Plesk version...

Since my server was hacked and I have lost my business and loads of money I trust nothing now.... sad
 
Hi Richard Follett,

I'm sorry to read that, but you can be sure that the root cause of your "hacked server" is definetly not the wordpress - app from the aps - catalogue.
 
Sidenote: we're reviewing the contents of WordPress APS package and we'd like to remove all unnecessary files from it, making it as close as possible to vanilla WordPress distribution. You can expect the changes to be available in one of the upcoming WordPress APS package releases.
 
custer said:
Sidenote: we're reviewing the contents of WordPress APS package and we'd like to remove all unnecessary files from it, making it as close as possible to vanilla WordPress distribution. You can expect the changes to be available in one of the upcoming WordPress APS package releases.
Click to expand...

Thank you for the update
 
You must log in or register to reply here.

Similar threads

Giu
Question reattach a manual made WP installation
Replies
1
Views
327
Kaspar
K
G
Issue Database Malware or False Positive?
Replies
2
Views
375
Gene Steinberg
G
N
Multisite redirection issue
Replies
8
Views
876
Next level web
N
B
Question Debian 12 - Obsedian -- File not found, Returning to https://domain/smb/web/
Replies
0
Views
315
Bitflight
B
K
Issue Wordpress Toolkit: Critical error while checking for updates
Replies
1
Views
282
Martin Dias
Martin Dias
Back
Top