Unknown Files in WP Core – are they malicious?

  • Hi All,

    A recent Wordfence scan threw up lots of high severity ‘unknown files in WordPress core’ messages, see below some examples.

    I’ve read the Wordfence guidance that there may be benign hosting related issues as to why these files have been flagged, but this seems to relate to “php.ini” files.

    However, in this case the files all seem to be html. Does anyone have any insight as to whether these are malicious or a cause for concern? My host provider isn’t very responsive so far! ??

    Hoping for some guidance before I go into panic mode!

    Thanks!

    Matt

    Unknown file in WordPress core: wp-admin/css/colors/blue/index.html
    * Unknown file in WordPress core: wp-admin/css/colors/coffee/index.html
    * Unknown file in WordPress core: wp-admin/css/colors/ectoplasm/index.html
    * Unknown file in WordPress core: wp-admin/css/colors/index.html
    * Unknown file in WordPress core: wp-admin/css/colors/light/index.html
    * Unknown file in WordPress core: wp-admin/css/colors/midnight/index.html
    * Unknown file in WordPress core: wp-admin/css/colors/ocean/index.html
    * Unknown file in WordPress core: wp-admin/css/colors/sunrise/index.html
    * Unknown file in WordPress core: wp-admin/css/index.html
    * Unknown file in WordPress core: wp-admin/images/index.html
    * Unknown file in WordPress core: wp-admin/includes/index.html
    * Unknown file in WordPress core: wp-admin/index.html
    * Unknown file in WordPress core: wp-admin/js/index.html
    * Unknown file in WordPress core: wp-admin/js/widgets/index.html
    * Unknown file in WordPress core: wp-admin/maint/index.html

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

  • Do you use a security plugin?
    They sometimes add index files (although those are usually index.php).
    Index files are normally used to prevent someone from browsing your theme and plugin code.
    CSS CAN make external calls, but it seems unlikely that those would be malicious.
    It is a lot easier to hide malicious code in JavaScript.

    Have you checked the content of these files?
    If they just have something to the effect of “silence is golden” you SHOULD be okay.

    Either way, it is a good idea to have an experienced developer take a look.

    Thread Starter mattpoulter

    (@mattpoulter)

    Hi Carike,

    Thank you for quick reply. I have Akismet, All in One WP Security and Wordfence all installed as security plug-ins.

    The files seem empty. I guess that’s…good?

    I haven’t seen any other examples of html files as unknown files in the previous forum posts, as you said, similar cases all seem to be php related.

    I guess recruiting a more experienced pair of hands than me to take a proper look would be good idea! Thank you.

    If the files are really empty, then yes, their function is to block people from browsing your code – and that is a good thing.
    Just to make sure, you should log into your hosting panel and make sure that they are empty by checking via File Manager (or your host’s equivalent).

    Hallo :wave:
    Would you mind please marking your topic as resolved?
    It really helps other users with similar issues to find an answer.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Unknown Files in WP Core – are they malicious?’ is closed to new replies.