Hi @hendrawpdevelop, thank-you for making us aware.
It’d be easier to have a copy of the file than visually check code, so I would recommend providing the file(s) found to samples @ wordfence . com. If the source that caused it is packaged in a way Wordfence isn’t currently picking up, our researchers can look into it and get back to you with a course of action.
Make sure any database credentials or keys/salts are redacted before sending anything to us.
When something has created an unwanted or malicious file, you may find our site cleaning instructions and free Learning Center can help you find the cause:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
https://wordfence.com/learn/
If a site may have been compromized, we’ll always recommend that the passwords for your hosting control panel, FTP, other WordPress admin users, and database have all been changed.
Thanks,
Peter.
