Hello @becpeel and thanks for reaching out to us!
If you already know about the listed file, you can click the link to ignore the file until it changes. If you don’t know what the file is, it may require some investigation to find out if your host has placed it there, or if it may have been created by your FTP application or OS, or if it is malicious.
Some “Managed WordPress” hosting plans do not allow you to change core files, and on some hosts, if a new version of WordPress no longer includes a particular file, it may be left in your site’s files after they update WordPress. In this case, it is generally safe to ignore the file, or you can contact the host if you believe it should be removed.
In a few cases, we have seen that a host’s support staff or a host’s control panel may place “php.ini” files in every subdirectory of WordPress’s core files. Typically, this is to change PHP settings throughout the site. Since this can generate a lot of scan results, we combine results for php.ini files into a single result with a note like “(22 more similar files were found.)”
If that occurs, we recommend checking the contents of some of these files to make sure they are safe. If you’re not sure if the files are safe, please reach out to our support staff, either in the free forums or the ticketing system for Premium users.
Assuming that they are safe, your host may have a better way to set the same PHP settings without adding additional files – depending on the server configuration, it is usually done through the PHPRC environment variable or by using .user.ini.
Alternatively, if you are sure they are safe, you can use the “ignore” option, to hide the result unless there are future changes.
Let me know if this helps!
Thanks!
