johnniezombie

In my experience, non-WP core files that are in the folders are only reported as not part of the core or something to that end.

I had several hacked files in a site like this and didn’t realize it until I noticed WordFence’s scan report pointing them out.

I was looking for this! Thanks Josh