Malware scan reports different WP versions

Hm, that’s odd. Try downloading WordPress again and delete then replace your copies of everything except the wp-config.php file and the /wp-content/ directory with fresh copies from the download. This will effectively replace all of your core files without damaging your content and settings. Some uploaders tend to be unreliable when overwriting files, so don’t forget to delete the original files before replacing them.

Kathy, did you give this a go? What were your results if you don’t mind me asking. I seem to have the same problem.

James… how will this effect the plugins?

What plugins?

Also, two other questions:

1. Did you try the advice above?

2. Where/how are you doing your scan?

I finally worked on this today. Instead of uploading all the 4.1 files I simply replaced the …/wp-includes/js/wp-ajax-response.js file. The BackupBuddy malware scan still reports it as WordPress Version 3.8. However, I’m no longer concerned since I know it was extracted from the 4.1 download.

Excellent, it sounds like they have a problem with their scanner. Thanks for confirming! ??

Hmm… I just noticed this today too. I double-checked my files & reuploaded wp-ajax-response.js, but still show version 3.8. I tagged this post with “sucuri” so maybe those folks there are watching this forum will see it.

Thanks, Bet! ??

I just noticed this myself as well.

Note also that ‘wp-ajax-response.js’ has not changed between WordPress releases 3.8 and 4.1 — remaining at SVN revision 26159.

Ah, I bet they haven’t updated the checksum since the file hasn’t changed.