/wp-admin/index.php file reported as modified

  • Resolved kubawp

    (@kubawp)


    1 year, 4 months ago

    Hello,
    Yesterday, after discovering that my friend’s website was infected, I installed Wordfence and configured it, then scanned the website.

    After the scan I removed / repaired recommended files. Updated / removed outdated plugins.

    Now there is one alert displayed after the scan – “/wp-admin/index.php” was modified.
    I replaced the file with a fresh one from wp repository, but Wordfence still reports it as modified anyway.

    A comparison using Totalcommander shows that both files are identical – the one on the server and the file in the fresh install package.

    What could this be about?
    Fixing by Wordfence removes dozens of lines of code in the file and causes WP Admin Panel to show a blank white tab.

    Thanks in advance,
    Kuba

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support wfscott

    (@wfscott)

    Hello, @kubawp

    Thanks for your patience.

    When you run the scan and Wordfence mentions the file is modified, try expanding the alert and using the View Differences option. Are you seeing anything highlighted within that view? If so, please send an image of what you see to wftest @ wordfence dot com and put your forum username in the subject line of that email. Also, can you confirm that multiple scans in a row continue to see those differences after replacing the file with a fresh copy?

    I see you mention you are checking with a different tool and I want to confirm Wordfence is not showing any changes as well.

    Thanks,
    Scott

    Thread Starter kubawp

    (@kubawp)

    Hello Scott,

    Thanks for your reply.

    It seems like Wordfence is confusing “/index.php” with “/wp-admin/index.php” for some reason.
    And I can confirm that multiple scans in a row continue to see those differences after replacing the file with a fresh copy.

    I sent you the picture showing differences you asked for.

    Best Regards,
    Kuba

    Plugin Support wfscott

    (@wfscott)

    Thanks for that, @kubawp

    This could be something related to the installation path or something specific to the host.

    Can you please send over diagnostics from Wordfence > Tools > Diagnostics > Send Report by Email to wftest @ wordfence dot com and please put your forum username in the second field there. When those are sent, please confirm here.

    Thanks,
    Scott

    Thread Starter kubawp

    (@kubawp)

    Hello Scott,

    Diagnostics sent.

    Best Regards,
    Kuba

    Plugin Support wfscott

    (@wfscott)

    Hello, @kubawp

    This is likely due to the ABSPATH being set to // which could place?wp-content,?wp-admin, and others in the root directory.

    We will take a look into this setup in the future, however, this seems to be a rare issue and is likely due to the configuration with the host you’re on. I would recommend using the option to ignore the file until it changes, and just remember to check it out if it appears in the scan results after a WordPress core update.

    Thanks,
    Scott

    Thread Starter kubawp

    (@kubawp)

    Hello Scott,

    Yes, I’m using “Ignore” since i found out that the scanner was comparing the files incorrectly.

    Thanks for your commitment,
    Kuba

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘/wp-admin/index.php file reported as modified’ is closed to new replies.