Unknown files flagged after botched upgrade to WP 5.1

  • Resolved John Longtrail

    (@eldaveer)


    5 years, 9 months ago

    I attempted to update WordPress to 5.1 yesterday and I had some problems with it.

    The site now says that WordPress is up-to-date at 5.1. But it also says:
    An automated WordPress update has failed to complete – please attempt the update again now.

    I tried, but it does not work. That message remains. I tried to do a reinstall, but the above message is still there.

    I am using a plugin called Wordfence that provides security for my site. I just got an automated email from the plugin telling me the following:

    High Severity Problems:
    * Unknown file in WordPress core: wp-includes/js/codemirror/jshint.js
    * Unknown file in WordPress core: wp-includes/js/tinymce/wp-tinymce.js.gz
    * Unknown file in WordPress core: wp-includes/random_compat/random_bytes_openssl.php

    Are these files leftover from the problematic update of yesterday? What do I need to fix this?

    Thanks for any help anyone can provide!

Viewing 15 replies - 1 through 15 (of 21 total)
  • Moderator James Huff

    (@macmanx)

    Those files are definitely not part of WordPress 5.1: https://core.trac.www.ads-software.com/browser/tags/5.1/src/wp-includes

    Try downloading WordPress again, access your server via SFTP or FTP, or a file manager in your hosting account’s control panel (consult your hosting provider’s documentation for specifics on these), and delete then replace your copies of everything on the server except the wp-config.php file and the /wp-content/ directory with fresh copies from the download. This will effectively replace all of your core files without damaging your content and settings.

    Some uploaders tend to be unreliable when overwriting files, so don’t forget to delete the original files before replacing them.

    Thread Starter John Longtrail

    (@eldaveer)

    Thanks!

    I got the same Wordfence notification after updating to WOrdPress 5.1

    High Severity Problems:

    * Unknown file in WordPress core: wp-includes/js/codemirror/jshint.js

    * Unknown file in WordPress core: wp-includes/js/tinymce/wp-tinymce.js.gz

    * Unknown file in WordPress core: wp-includes/random_compat/random_bytes_openssl.php

    Moderator James Huff

    (@macmanx)

    Try the same recommendation above.

    Thread Starter John Longtrail

    (@eldaveer)

    @nikolicdragan – Thanks for posting that. It confirms what I already highly suspected–that this isn’t some sort of hack. It’s just something that went haywire with the upgrade.

    @macmanx – If I follow the procedure you posted, will I have to reinstall my plugins and my theme? Just wondering how much time I’m looking at to do this. Thanks for you help–I much appreciate it.

    @eldaveer Just go to your WordPress dashboard > Updates > Re-instal Now.

    That’ll fix the issue and the website will remain intact.

    Thread Starter John Longtrail

    (@eldaveer)

    @nikolicdragan – Thanks, but that doesn’t work for me. Doesn’t complete.

    Moderator James Huff

    (@macmanx)

    If you follow the steps I posted earlier, you’ll only be replacing the core WordPress files, not your plugins, themes, content, etc.

    I got same Wordfence warning

    Another post on this
    https://www.ads-software.com/support/topic/wordpress-5-1-unknown-core-files/

    jackrus60 says:
    “I also checked the official list of WordPress 5.1 files and these 3 files are on the list!”

    James, sure we need to reinstall?

    Moderator James Huff

    (@macmanx)

    Hm, I wonder what files they checked, because they aren’t here https://core.trac.www.ads-software.com/browser/tags/5.1/src/wp-includes and they aren’t in a fresh download either: https://www.ads-software.com/download/

    Same problem here…

    In the Dashboard/Updates, clicking on the “re-install Now” button solved the problem.

    I’m really curious to know where those files are coming from!
    As wordfence scans the web site once a day, and WordPress has been ugraded a few day ago to 5.1, it seems like the files was put there after the previous scan.

    • This reply was modified 5 years, 9 months ago by Vertiges.
    Moderator James Huff

    (@macmanx)

    Were you folks perhaps all upgraded by your hosting provider’s third-party WordPress installer, like Softaculous?

    To recap, the files mentioned originally are absolutely _not_ part of WordPress 5.1. I also checked all of my sites that I updated via Dashboard > Updates, and they also do _not_ have the files mentioned.

    Thanks James.

    Yes, they are not in the 5.1 download.

    Maybe they existed in older version, but botched update failed to delete them?

    Moderator James Huff

    (@macmanx)

    _Maybe_, but with only a small handful of folks reporting the exact same thing, I’m wondering if perhaps the botched update is due to a third-party WordPress installer, like Softaculous.

    We definitely can’t deny that everyone in this thread has encountered the exact same problem.

    But, we can’t deny that’s only 4 people out of currently 3,728,738 installations: https://www.ads-software.com/download/counter/ and that I do not see the issue on any of my sites.

    So, something is definitely going on, but definitely on a very small scale, which is why I’m curious about any similarities and currently suspect a third-party installer.

    I’ve updated manually (= from the dashboard) more than 30 web sites to WP 5.1 without any problem.

    I’ve just noticed that the only one which had the files mentionned above had the option “Upgrade to any latest version available (Major as well as Minor)” ticked in the “Edit Installation Details” of the Softacoulous page and, in addition to that, had “define( ‘WP_AUTO_UPDATE_CORE’, ‘minor’ );” added in the wp-config.php…

    But you’re right James, what ever is going on is on a very small scale!

    • This reply was modified 5 years, 9 months ago by Vertiges.
Viewing 15 replies - 1 through 15 (of 21 total)
  • The topic ‘Unknown files flagged after botched upgrade to WP 5.1’ is closed to new replies.