Erroneous “Unknown file in WordPress core” messages

  • Resolved indie1982

    (@indie1982)


    2 years, 10 months ago

    For the last few days I’ve been getting what look like erroneous Wordfence Alert emails letting me know about “Unknown file in WordPress core”.

    The files that it lists are essentially every file that would normally be in wp-admin, but in /wp-content/uploads/, they simply do not exist on the file system where the alert email or scan log says they are.

    For example, I get this in my Wordfence Alert email:

    * Unknown file in WordPress core: wp-content/uploads/about.php
    * Unknown file in WordPress core: wp-content/uploads/admin-ajax.php
    * Unknown file in WordPress core: wp-content/uploads/admin-footer.php
    * Unknown file in WordPress core: wp-content/uploads/admin-functions.php
    * Unknown file in WordPress core: wp-content/uploads/admin-header.php
    * Unknown file in WordPress core: wp-content/uploads/admin-post.php
    * Unknown file in WordPress core: wp-content/uploads/admin.php

    When I go into the Wordfence scan log I see alerts to say it’s found over 500 files that aren’t in WP core, but they don’t exist on the filesystem where Wordfence is telling me.

    This is shown if go to one of the log entries for an unknow file:

    Unknown file in WordPress core: wp-content/uploads/about.php
    Type: File
    Filename: wp-content/uploads/about.php
    File Type: Core

    If I click on the View File button, it actually shows me the details for the following file, in the location it correctly should be:

    Filename: /var/www/vhosts/domain/httpdocs/wp-admin/about.php

    No configuration changes on the server, the reported files definitely do not exist on the file system and cannot be accessed via the url: https://www.domain.com/wp-content/uploads/about.php

    Site is functioning absolutely fine, no issues, no problems, nothing odd in the logs. Any ideas?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @indie1982, thanks for reporting this issue to us.

    Last week, our development team checked this out for another customer and is working on a solution. It does look like it’s caused by the path in WordPress’ UPLOADS constant not being a real directory, such as a symlink, and being handled internally by WordPress in certain kinds of installations.

    It looks like we’re on our way to a solution though, based on the information from diagnostics reports and query results from other customers experiencing the same issue. I expect we’ll have a fix in our next small release, but don’t have an exact date for that yet.

    You can temporarily turn off the scan option “Scan wp-admin and wp-includes for files not bundled with WordPress” in the mean time at Wordfence > All Options > Scan Options > General Options, so these results aren’t in the way.

    Thanks,

    Peter.

    Thread Starter indie1982

    (@indie1982)

    Thanks for the reply @wfpeter, I’ll look out for a plugin update.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Erroneous “Unknown file in WordPress core” messages’ is closed to new replies.