Replies: 0
I use Wordfence plugin alongside with iThemes Security and Sucuri. My host is MojoHost.
I got this critical warning today. Is this a false positive or legit warning?
File appears to be malicious or unsafe: php.ini
Type: File
Issue Found April 18th, 2022 12:10 am
Critical
Filename: wp-content/php.ini
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file contains an insecure configuration that may have been legitimately added by a developer for testing purposes or maliciously added by an attacker. Since it may make your site vulnerable we strongly recommend replacing it with a safer configuration as soon as possible. The matched text in this file is: safe_mode = Off\x0d\x0adisable_functions = NONE\x0d\x0asafe_mode_gid = OFF\x0d\x0aopen_basedir = OFF\x0d\x0aexec = ON \x0d\x0ashell_exec = ON
The issue type is: IOC:TXT/ini.unsafe.9269
Description: Insecure settings in a PHP.ini file. Often seen in conjunction with malware