* Unknown file in WordPress core: wp-includes/post.php.orig
* Unknown file in WordPress core: wp-includes/taxonomy.php.orig
These files were not created by me and I am unable to delete these files from my end, can anyone from wordpress end help?
]]>I have 3 questions
- My understanding is that I can choose to ignore these as they are not malware (e.g. I don’t have to delete or approve them, as they will automatically disappear from the malware results page after 10 days). Is this correct?
- However, some of them I’m not sure about and want to check.
It says in the help text that I can send these for analysis however, theres’ no option to do this on the unknown files. How can i send ‘unknown files’ for analysis? - Is there any way of viewing the list of unknown files that are older than 10 days? Reason being I didn’t check my list for a chunk of time and aware there may be a bunch of unknown files that I do want to delete (but as they are older than 10 days I can no longer find them to check through.
browser used: chrome
operating system: mac
Thank you so much
]]>This is the message I got:
——
High Severity Problems:
* Unknown file in WordPress core: wp-includes/SimplePie/Cache/403e03585e2e1e1ff28da4871867a2db.spc
* Unknown file in WordPress core: wp-includes/SimplePie/Cache/adf416701234bb74c7b67e4f1dc6eede.spc
* Unknown file in WordPress core: wp-includes/SimplePie/Cache/ce35f0e1d09e3ed451a8b531d0483cc6.spc—-
Any insights?
Parm
]]>These are files like:
wp-admin/authorize-application.php
wp-admin/images/about-header-about.svg
wp-admin/images/about-header-credits.svg
wp-admin/images/about-header-freedoms.svg
wp-admin/images/about-header-privacy.svg
wp-admin/images/freedom-1.svg
wp-admin/images/freedom-2.svg
wp-admin/images/freedom-3.svg
wp-admin/images/freedom-4.svg
wp-admin/images/privacy.svg
wp-admin/includes/class-wp-application-passwords-list-table.php
wp-admin/js/application-passwords.js
wp-admin/js/application-passwords.min.js
wp-admin/js/auth-app.js
wp-admin/js/auth-app.min.js
wp-admin/widgets-form-blocks.php
wp-admin/widgets-form.php
wp-includes/block-editor.php
wp-includes/block-patterns/query-grid-posts.php
wp-includes/block-patterns/query-large-title-posts.php
wp-includes/block-patterns/query-medium-posts.php
wp-includes/block-patterns/query-offset-posts.php
wp-includes/block-patterns/query-small-posts.php
wp-includes/block-patterns/query-standard-posts.php
wp-includes/block-patterns/social-links-shared-background-color.php
wp-includes/block-supports/align.php
wp-includes/block-supports/border.php
wp-includes/block-supports/colors.php
wp-includes/block-supports/custom-classname.php
wp-includes/block-supports/duotone.php
wp-includes/block-supports/elements.php
wp-includes/block-supports/generated-classname.php
wp-includes/block-supports/layout.php
wp-includes/block-supports/spacing.php
wp-includes/block-supports/typography.php
The majority of them are in the wp-includes diretory. I looked at the dates on a few of them in file manager and they are not new. I’m seeing dates for July 2021, for example.
During the problem solving work by the host, they downgraded the WP version to 5.5.6 from 5.8.1. I have not yet restored the latest version.
Are these part of an attack? Are they due to the downgrade – perhaps files from the previously installed 5.8.1 that WordFence does not recognize as being correct for 5.5.6? Should I upgrade WP and see if the issue goes away?
]]>I use the Security by CleanTalk malware scanner to scan the sites at my main domain and a subdomain at regular intervals (daily). The scanner works very well, but…
Every time there are plugin updates unrelated to CleanTalk, the scanner identifies all the updated files as suspicious — I get the “it could be anything” message. After the most recent group of updates, I’ve received automated emails telling me that I have 1036 unknown files.
At most, I can select only one page at a time of the FIFTY-TWO pages of unknown files in order to batch for approval, analysis or removal.
Surely there’s some means of selecting ALL the unknown files at once, instead of just a page at a time. I don’t have the hours to spend handling all the unknown files on a page-by-page basis, especially as this batch is from just one day’s worth of plugin updates.
Is there a simple solution that I’ve missed? Do I need to send all 1036 files for analysis, and does CleanTalk really want users to do that every time there’s another bunch of unknown files from plugin updates?
Thanks in advance for any insights into this. It’s making me crazy (okay, crazier)…
]]>“High Severity Problems:
* Unknown file in WordPress core: wp-includes/SimplePie/Cache/403e03585e2e1e1ff28da4871867a2db.spc
* Unknown file in WordPress core: wp-includes/SimplePie/Cache/adf416701234bb74c7b67e4f1dc6eede.spc
* Unknown file in WordPress core: wp-includes/SimplePie/Cache/ce35f0e1d09e3ed451a8b531d0483cc6.spc ”
I can see a few people asking about simplepie.php files but these look different and I’m not really sure what to do about it them or if they are malicious. Can anyone shed any light on for me?
Thanks in advance!
Thank you for the plugin. Each time the plugin is used to install the SSL certificate, it inserts files into WordPress core:
Unknown file in WordPress core:
wp-admin/public.pem
wp-admin/public.txt
As you must be aware, changes and additions to core files are treated with suspicion and security software will report their presence.
I should like to ask why it is necessary to put them into the core and whether deleting them will affect the operation of the plugin.
]]>A recent Wordfence scan threw up lots of high severity ‘unknown files in WordPress core’ messages, see below some examples.
I’ve read the Wordfence guidance that there may be benign hosting related issues as to why these files have been flagged, but this seems to relate to “php.ini” files.
However, in this case the files all seem to be html. Does anyone have any insight as to whether these are malicious or a cause for concern? My host provider isn’t very responsive so far! 
Hoping for some guidance before I go into panic mode!
Thanks!
Matt
Unknown file in WordPress core: wp-admin/css/colors/blue/index.html
* Unknown file in WordPress core: wp-admin/css/colors/coffee/index.html
* Unknown file in WordPress core: wp-admin/css/colors/ectoplasm/index.html
* Unknown file in WordPress core: wp-admin/css/colors/index.html
* Unknown file in WordPress core: wp-admin/css/colors/light/index.html
* Unknown file in WordPress core: wp-admin/css/colors/midnight/index.html
* Unknown file in WordPress core: wp-admin/css/colors/ocean/index.html
* Unknown file in WordPress core: wp-admin/css/colors/sunrise/index.html
* Unknown file in WordPress core: wp-admin/css/index.html
* Unknown file in WordPress core: wp-admin/images/index.html
* Unknown file in WordPress core: wp-admin/includes/index.html
* Unknown file in WordPress core: wp-admin/index.html
* Unknown file in WordPress core: wp-admin/js/index.html
* Unknown file in WordPress core: wp-admin/js/widgets/index.html
* Unknown file in WordPress core: wp-admin/maint/index.html
Great plugin! Thanks for all you do.
Looking at the network tab in browser tools, the items taking (by far) the longest time to load are ‘/?swift-performance-tracking=’ files. Not only that, but it appears to return a 301 status initially before finally loading, making matters worse!
Can you tell me what these are, and if they’re necessary please?
I’d appreciate it,
Lyden
]]>Today, I received an alert from WordPress letting me know of new files in the wp-includes directory. There are many more, but here are the first few:
wp-includes/js/plupload/plupload.flash.swf
wp-includes/js/plupload/plupload.full.min.js
wp-includes/js/plupload/plupload.silverlight.xap
wp-includes/js/swfupload/plugins/swfupload.cookies.js
wp-includes/js/swfupload/plugins/swfupload.queue.js
wp-includes/js/swfupload/plugins/swfupload.speed.js
wp-includes/js/swfupload/plugins/swfupload.swfobject.js
wp-includes/js/swfupload/swfupload.swf
wp-includes/js/mediaelement/background.png
wp-includes/js/mediaelement/bigplay.png
Can anyone verify these are anything to worry about?
]]>