Non-core file added after WP update

That’s odd, the file included with the update is simply readme.html

I recommend asking Sucuri for their opinion on this.

I forgot to mention that this other file “wp-content/index.php” is automatically removed from some of my sites (?)

That shouldn’t be happening, do you know what’s doing it?

On second thought, you probably don’t. ??

Just to be safe, carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

Thanks James for your prompt response and the guide. I will follow your recommendation. Do you think I should get rid of the readme. files as I’ve been doing (?) what about the “wp-content/index.php” , how do I add it back (?) I’ve always heard : “Don’t edit the core”. Thanks James!

I’m on the fence about whether or not to remove readme.html files. On one hand, they do expose your version number, but if you’re on the latest version of WordPress with the latest security fixes, you obviously have nothing to fear from that. Updates also re-add the file each time, so it’s a bit of an inconvenience to keep having to remove it.

As for the missing index.php files back, the only way is to manually re-upload them from freshly downloaded copies: https://www.ads-software.com/download/

I’m not tech savvy… are these “wp-content/index.php” files really important (?) I wouldn’t want to mess up things! The weird thing is that RIGHT AFTER doing the WP update those changes have shown up on my SUCURI dashboard.

They aren’t super-important, they just prevent nosey people from seeing the directory listing.

Ok James, thanks for your help ! I will keep deleting these readme. files. I manually do the WP updates and “immediately” go and check SUCURI… Can a hacker/ bot be doing this?

I don’t think so, but since it sounds like you’re a Sucuri customer, I definitely recommend checking with them.

Ok, Thank you:)

You’re welcome!