Make WordPress Core

Opened 21 months ago

Closed 21 months ago

Last modified 21 months ago

#56449 closed enhancement (wontfix)

Site health enhancement

Reported by: systasiscomputersystems's profile systasiscomputersystems Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Site Health Keywords:
Focuses: Cc:

Description

Question about site health. I just found a repetition of a virus I'm calling "surfer dude" when I migrated a WordPress DB from one dev machine to another. The infection showed as a media library with about 150 empty images. Can site health be modified to detect the case of database entries with no corresponding image file in uploads?
https://wordpress.slack.com/team/U33EQ851Q . I'm aslwo thinking of a high water mark for file creation activity. It's not clear these files were created using any WordPress API, so it's strictly a post-hoc analysis.

Change History (4)

#1 @Clorith
21 months ago

Hi there, and welcome to the WordPress trac!

I understand that having an infected system is troublesome, but I'm not sure if this is a viable thing for WordPress core to handle. Some security plugins may be up for doing something along this line, but in a site with potential thousands of media items, this would become a performance drain to go over every attachment entry to validate corresponding file existences.

It may also provide a non-negligible set of false positive results, in cases where third party services are used to offload media (such as Digital Ocean Spaces, or Amazon S3, to name some), the DB entries would then exist, without any physical files in place.

#2 @systasiscomputersystems
21 months ago

Thanks for your reply.

#3 @systasiscomputersystems
21 months ago

  • Resolution set to wontfix
  • Status changed from new to closed

#4 @desrosj
21 months ago

  • Keywords media removed
  • Milestone Awaiting Review deleted
  • Version trunk deleted
Note: See TracTickets for help on using tickets.