Hello,
Thank you for contacting support.
As we mentioned before, this file doesn’t contain any malware and it’s a false positive. This file is part of the update routine of the plugin and it’s required.
Our developers checked the file when it was first reported and confirmed to us that this is a false positive and that statement hasn’t changed since then.
Wordfence simply includes one URL that is inside the file in the blocklist but that doesn’t mean the file is infected with malware.
We cannot change this file because it’s required in our plugin.
Don’t hesitate to get in touch if you have any other questions.
Thank you for your message. Yes, the URL is not secured with an SSL certificate. This means that data is transmitted insecurely. This is also the reason why the provider has blocked the website. Why is this URL stored unencrypted in the first place and why is data transmitted insecurely? If you are not willing to do something as small as installing an SSL certificate, YOAST will be reinstalled on the affected customer site and I will be forced to remove Rankmath from all other customer websites because I cannot take the risk that customer websites go offline just because a plugin is transferring data over an insecure line. Of course, I will then have to make this public so that other users who do not have the luxury of Wordfence are also made aware of this security risk.
In the end, it’s your decision. I’ll wait until the next scan next week and then react accordingly.
Best regards
Hello,
We appreciate your concerns about security.
We consulted our developers about this and they stated they have removed the file causing the issue with Wordfence in version 1.0.217 and beyond, It’s important to ensure you are using the latest versions of both Rank Math and Wordfence to avoid any further alerts. Please update your plugins and let us know if the issue persists.
If it’s already in the latest version, please try deleting the Rank Math plugin and re-install a fresh copy of it. Then, clear your website cache and see if that improves the situation.
Lastly, please confirm if the alert in Wordfence is not shown in any other files.
Looking forward to helping you.
Hello,
Since we did not hear back from you for 15 days, we are assuming that you found the solution. We are closing this support ticket.
If you still need assistance or any other help, please feel free to open a new support ticket, and we will be more than happy to assist.
Thank you.
