You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With manual scan restores in 1.4.1 (broken in 1.4.0) and all theme files of the current and parent theme(s) being evaluated, quite a lot of false positives can occur when using themes (or theme builders to be more precise) like Divi.
Especially builders that do act like parent theme themselves will likely raise warnings, because they do e.g. file handling by design. That is not part of the actual theme processing, but in the end is's PHP files and they are scanned.
Open for discussion:
We might consider adding pre-defined filter patterns to exclude such files for popular themes.
And last but not least we can extend the quite simple RegEx patterns with certain conditions.
Combination with pre-shared checksums (#82) sound like a reasonable solution, i.e. if official checksums match, the files can be considered unmodified. Won't help in case of Divi for themes that are not listed in the official repo.
The text was updated successfully, but these errors were encountered:
Part of the discussion in WP support forums (again): https://wordpress.org/support/topic/virus-alert-since-1-4-0/#post-13851120
With manual scan restores in 1.4.1 (broken in 1.4.0) and all theme files of the current and parent theme(s) being evaluated, quite a lot of false positives can occur when using themes (or theme builders to be more precise) like Divi.
Especially builders that do act like parent theme themselves will likely raise warnings, because they do e.g. file handling by design. That is not part of the actual theme processing, but in the end is's PHP files and they are scanned.
Open for discussion:
We might consider adding pre-defined filter patterns to exclude such files for popular themes.
One possibility could be extending theme_scandir_exclusions (since WP 4.7.4) which defaults to
Another possibility is a custom filter hook.
And last but not least we can extend the quite simple RegEx patterns with certain conditions.
Combination with pre-shared checksums (#82) sound like a reasonable solution, i.e. if official checksums match, the files can be considered unmodified. Won't help in case of Divi for themes that are not listed in the official repo.
The text was updated successfully, but these errors were encountered: