Because Wordfence thinks CP is an old version of WP, it sees the new security files included with CP 1.1.0 as a high severity issue. The solution (or workaround) is to tell Wordfence to ‘Ignore’ the files.
High Severity Problems:
- Unknown file in WordPress core: wp-admin/network/security.php
- Unknown file in WordPress core: wp-admin/security.php
Another solution is to use Shield instead.
It’s working well on all my sites and the dev is keeping up with CP versions.
Thanks, @ozfiddler. @raygulick Shield Security automatically supports scanning against all official ClassicPress releases, even the latest 1.1.0.
Yes, and it’s proved very useful. I was having some trouble recently with updates stalling, and Shield notified me about one file that didn’t match up. I found it hadn’t installed correctly (it was truncated). Nice to know that this is being checked automatically. Thanks Paul.
The more ClassicPress advances, the more problematic Wordfence is going to be so it’s great to see Shield supporting CP out of the box. I haven’t tried Shield yet but I soon will be.
I’m using Shield on a few sites and like it. Also like WP Bruiser pretty well. Still have some sites using Wordfence, but as you note, WF will be more and more problematic as CP evolves.
I just tried Shield Security and it works pretty fine with CP. What I also really like is the price for going Pro. The prices are pretty fair and not comparable to wordfence Pro versions. I purchased the Pro version and now I am able to get my options on other pages via network import. That’s also a nice feature.
Do Wordfence know ClassicPress exists?
Wordfence isn’t particularly CP friendly at the moment although, in general, it does work. Because it’s looking for WordPress files and not ClassicPress files, there are a couple of changes you need to make in the settings:
Deselect both of the following options:
Scan core files against repository versions for changes
Scan wp-admin and wp-includes for files not bundled with WordPress
You’ll find these in All Options -> Scan Options -> General options
PS - many of us around here are using Shield Security instead of Wordfence as mentioned above. Might be worth considering.
A post was split to a new topic: WordFence and .htaccess issue