WordPress File Monitor alerts that new files have been added

Question:
I manage a website that uses the form and I also have WordPress File Monitor installed on the site. This morning it notified me that new files had been added:

(the .php files have 16 random character file names, the file path could be one or the other of the following)
wp-content/plugins/si-contact-form/captcha-secureimage/captcha-temp/vCBRRrPccNbOH2oy.php
wp-content/plugins/si-contact-form/captcha/temp/vCBRRrPccNbOH2oy.php

This file only contains one line of code:
Having run into some hackers recently, I just want to check to see if this was a security breach or if this is expected.

Explanation:
WordPress File Monitor has a false alarm, there is nothing bad about those files. They are temporary cache files for the CAPTCHA feature. Those files contain the captcha code that is stored temporarily to validate when the user types the captcha code and presses submit. There normally may be many random letter files there, they automatically delete when validated or after being 30 minutes old when the form page is served.

Solution:
You can add the captcha temp folder to the “exclude paths” ignore list on the “WordPress File Monitor” settings page:

If you use my Fast Secure Contact Form plugin, add these folders to the “exclude paths” ignore list:
wp-content/plugins/si-contact-form/captcha-secureimage/captcha-temp
wp-content/plugins/si-contact-form/captcha/temp

Also if you use my SI CAPTCHA Anti-Spam plugin, add these folders to the “exclude paths” ignore list :
wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/captcha-temp
wp-content/plugins/si-captcha-for-wordpress/captcha/temp

The reason for the 2 different folder names is because I renamed (shortened) the captcha folder names in FSCF version 3.0.3
It is harmless to add them all if you want.

Do you need help?

Send us a Donation:

Donate to Mike Challis

Comments are closed.