I too found some malicious files in the wp-admin folder that Wordfence missed, and like Lisa I became suspicious of them because of the date on the files. They are not part of the WP core files per se, but obviously in a core folder. I had hoped WF would find them with literally every option in “Scans to include” checked except for binary/image files.
I’m not a premium subscriber, but in the interest of improving WordFence, how can I “report” these files?
