Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Off-topic
  3. Wordfence scan showing files not included with this version of WP

Wordfence scan showing files not included with this version of WP

Scheduled Pinned Locked Moved Solved Off-topic
3 Posts 1 Posters 567 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • humptydumptyH Offline
    humptydumptyH Offline
    humptydumpty
    wrote on last edited by humptydumpty
    #1

    Wordfence scan is showing 2427 files with an issue. I don't believe I've been hacked because no new users exist and no one has logged in using my credentials. Also, I don't see anything funny in the code if I inspect one of the affected files (not that I know wtf I'm looking at, but it looks legit 😂). If you click on one of the scanned file details in wordfence (as shown below), the message is:

    Filename: /app/data/public/wp-includes/update.php
    File Type: Core
    Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker.
    

    So my question is, is WF crazy or are these files leftover from a previous WP version?

    c618c92b-29ae-47a8-b47c-dcc794ceb832-image.png

    1 Reply Last reply
    1
    • humptydumptyH Offline
      humptydumptyH Offline
      humptydumpty
      wrote on last edited by humptydumpty
      #3

      RESOLVED: I updated WP dev to 3.8.0 just now and re-triggered a WF scan. File issues are gone.

      Edit: so updating 3.8.0 had nothing to do with it. WF must have updated their list on their end as my other site is still on 3.7.2 and a new scan comes up clean too.

      image.png

      1 Reply Last reply
      1
      • humptydumptyH Offline
        humptydumptyH Offline
        humptydumpty
        wrote on last edited by humptydumpty
        #2

        My other WP site that I manually updated to 6.7 is showing the same scan issues. Looks like I'm not the only one: https://wordpress.org/support/topic/wordfence-scan-result-unexpected-core-files-after-updating-to-wordpress-6-7/
        https://wordpress.org/support/topic/unknown-file-false-positives-after-upgrade-to-wp-6-7/
        https://wordpress.org/support/topic/wordfence-market-all-wp-6-7-files-as-suspect/

        btw @staff please move this to off-topic as I thought it might be packaging related.. mb!

        1 Reply Last reply
        1
        • nebulonN nebulon moved this topic from WordPress (Developer) on
        • humptydumptyH Offline
          humptydumptyH Offline
          humptydumpty
          wrote on last edited by humptydumpty
          #3

          RESOLVED: I updated WP dev to 3.8.0 just now and re-triggered a WF scan. File issues are gone.

          Edit: so updating 3.8.0 had nothing to do with it. WF must have updated their list on their end as my other site is still on 3.7.2 and a new scan comes up clean too.

          image.png

          1 Reply Last reply
          1
          • humptydumptyH humptydumpty marked this topic as a question on
          • humptydumptyH humptydumpty has marked this topic as solved on
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes


          • Login

          • Don't have an account? Register

          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • Bookmarks
          • Search