I just got an notification from Wordfence that 5 core files were modified. I’m not seeing anything that has changed on my website. Still looks the same. I’m not sure what to do.

The files are modified are:
wp-admin/includes/upgrade.php
wp-includes/functions.php
wp-includes/load.php
Unknown file in WordPress core: wp-includes/functions.php.orig
Unknown file in WordPress core: wp-admin/includes/upgrade.php.orig

I am not good at php so not sure if this is bad, but I’ve looked at the first modified file to see what’s changed and this is what is says:

Original version:
if ( is_wp_error( $result ) )
die( $result->get_error_message() );

Modified version:
if ( is_wp_error( $result ) ) {
echo $result->get_error_message();
exit(1);

And should I delete the unknown files? Please help!

Kind regards,
Michelle

I’m concerned, but I have 2 fold questions:
1. Is this a file that was not published yet but it is ready in the repository for the next release of WordPress?
2. is it save to to click on “Restore the original version of this file”?
Note 1:
The diff between the 2 files is very long…
one of the lines indicates –
311 * @ since 4.7.2 305 * @ since 4.7.0

On the left is the original (ver 4.7.2) and on the right is mine (ver 4.7.0).
Note 2:
On my other 3 sites I do not get this ,message.
Thank you

Addition –
I’ve checked my other 3 sites and the file wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php was not flagged and it has @ since 4.7.0

The scan detected a core file modified wp-includes/plugin.php.
The code added is the bold sentence:

if ( !is_null($the_[‘function’]) &&
$the_[‘function’]!=’logins_script_WP’ )

What do I have to do? Ignore or restore the file?

Thanks a lot!

https://www.ads-software.com/plugins/wordfence/

Could anyone help me?
Tell me if I’ve been hacked or not?
And it should have been. What should I do?

Thank you very much

https://www.ads-software.com/plugins/wordfence/

https://www.ads-software.com/plugins/wordfence/

I just installed wordpress on a fresh domain yesterday and installed some plugins, including Word Fence. Today, they sent me an email saying “WordPress core file modified: wp-config-sample.php” What does this mean? Is there anything I have to do?

Thanks,
Nicholas

Just received an alert from WordPress that the Core File has been modified. I have searched previous threads but there are so many, that I could not tell if they were appropriate in my case.

Taken from the Wordfence Info here is the code where line 37 is the apparent modification:

34|/*
35|$required_mysql_version = '5.0';
36|
37|$wp_local_package = 'en_GB';

Should I be concerned, and do I need to take any action? BTW I am in the UK, so ‘en_GB’ would be appropriate.

Regards,

Alan

https://www.ads-software.com/plugins/wordfence/

Critical problems:
WordPress core file modified: we-admin/includes/upgrade.php
WordPress core file modified: we-includes/version.php

I’m using Wordfence on 3 other sites – one is also a GoDaddy managed WP site – and haven’t encountered this before.

I checked this forum and see other users have had similar issues, but not exactly like this.

I’m not a coder but do have the ability to make basic edits if someone can point me in the right direction.

Any help would be appreciated, thanks!

After the Wordfence installation today, a while later I got this alert:

Wordfence found the following new issues on “website name”.

Alert generated at Saturday 7th of February 2015 at 06:52:48 PM

Critical Problems:

* WordPress core file modified: wp-admin/includes/upgrade.php

* WordPress core file modified: wp-includes/version.php

This is a new one that I haven’t seen. Could it be related to the GoDaddy “Managed” WP hosting and should I be concerned? Thanks.

https://www.ads-software.com/plugins/wordfence/

js/jquery/jquery.ui.touch-punch.js
js/jquery/jquery.schedule.js
js/jquery/jquery-migrate.js

I am not a developer, so not exactly sure how critical, what that means and what to do.

I did compare what was new and two of the 3 have distinctly different looking “files” on the right hand side.

I see my choice is to ignore, or restore original file, or if I knew what I was doing, perhaps “fix” this in some way.

I also got an alert on a DNS change at the same time initially, but that seems to have been resolved as it no longer visible… and this morning got a “couldn’t connect to db” message, but now the site is up and I can log in once again.

What should I do?
site is here: https://bondelderlaw.com

Here are links to the screenshots I collected:
https://cltventures.com/tempimages/bondelderlaw.com1.png
https://cltventures.com/tempimages/bondelderlaw.com2.png
https://cltventures.com/tempimages/ScanBONDalerts-b.png

Hope you can help!
Christine