Shield Security Unrecognised Files: wp-tinymce.js.gz

@Paul and fellow Shield Security users…

I’ve started getting a message about unrecognised file wp-includes/js/tinymce/wp-tinymce.js.gz in Shield.

This file doesn’t exist in WordPress but I’m just wondering why I’ve suddenly started getting warnings about it? I know I can “ignore” it, but that’s not the point really.

CP 1.1.2, Shield 8.7.0.

Yes, same for me. I deleted it but not sure why it is even there.

1 Like

I ran into the same issue yesterday on one of my sites and thought it had crept in on the server but then realized it’s included in CP.

Could it have carried over from development unintentionally?

1 Like

Seems like a possibility, but the file has been there since v1.0.0 of CP so it makes you wonder why Shield has apparently only just detected it.

That’s a good point/question.

Thanks for reporting this… you’re right, it’s weird that suddenly it should start reporting this.

I believe this has started happening after a change we made to stop including .gz .zip files in the checksums.

I’ll have a think about the best way to handle this bug, sorry about the trouble with that.


Thanks Paul.

1 Like

Thnaks @Paul

Still wondering why it is there at all. Perhaps @james could tell us if it is necessary (since I deleted it on a site!).

I see a commit here in WP:

1 Like

That’s a good find. So wp-tinymce.js.gz does exist in WP 4.9.13 and also WP 5.0 but wp-tinymce.js does not.

But the reverse is true from WP 5.1 onwards.

So Oz, looks like you need to put it back again :slight_smile:

1 Like

Hmmm. OK. Now, which site was it?.. :grimacing:

1 Like