Wordfence Issues (wp-Feed.php & wp-tmp.php)

Those are definitely NOT valid WordPress files – so it is very possible your site was compromised in some way… possibly even at the server level, which Wordfence would not be able to deal with (since it’s out of their scope)…

However, WF would flag those files as non-core WordPress files and throw up a warning for you during its scan.

I would suggest you check their site cleaning guide >> https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

For grins, I’d also look at the contents of the files… as well as experimenting with adding those file names to the “Immediatly Block URLs” list. Oh, and I’d google those file names and see what comes up. MTN

• This reply was modified 6 years, 9 months ago by mountainguy2. Reason: backpack

This is a hack, and a common one, and one I am working on as we speak. I didn’t read your whole post. Lots of stuff on the internet about it however.

There is also malicious code in your functions.php files in probably all your themes, and if you have more than 1 website in same environment those are probably infected also. Also look out for wp-vcd.php in wp-includes as well as the other 2 you mentioned, and wp-includes/post.php will have a line at the top that needs to be removed also. Don’t just use my advice though, google it.

Thank you everyone for you advice.

Unfortunately, this is beyond my scope of expertise so I’ve decided to pay to have it cleaned.

Cheers