Scan finds core WP "critical issue"

  • Hello WordFence Support et al,

    Just finished running the first scan on my new WP install, with only one other new plugin (GoodBye Captcha) added so far.
    So the scan finishes and pops up 1 issue that it deems to be of Critical severity.
    And so of course, the eyes open wide and the brows furrow and the Scooby “Arrroooo!?” echoes through the room.

    So here is the result. One core WP file (wp-admin/includes/upgrade.php) with one wee little change on one line of code on line 376 with what looks like the addition of a pair of forward slashes at the beginning of the line.
    Although I’m not a coder of programmer under any definition anywhere, I think that this is meant to “comment out” that particular line of code. Make it ineffective, inactive.
    Does anyone know what this “upgrade.php” file is for and what this particular line of code does?
    Is it ok to have WordFence “restore” it to the original? Is it indeed Critical and therefore needs fixing? Or is it ok to ignore it?

    And it looks like the line (376) deals with perhaps an email message or notice about this being a New WordPress site. Is there a problem here? How would this code have been changed? etc.

    The Original Version of the file

    https://www.ads-software.com/?
"), $blog_url, $name, $password, $login_url );?
@wp_mail($email, __('New WordPress Site'), $message);?
}?
endif;

    The Modified Version on your WordPress system

    https://www.ads-software.com/?
"), $blog_url, $name, $password, $login_url );?
<strong>//</strong>@wp_mail($email, __('New WordPress Site'), $message);
}?
endif;

    https://www.ads-software.com/plugins/wordfence/

Viewing 5 replies - 1 through 5 (of 5 total)

  • Did you install WordPress with a downloaded copy or did you use a one click install from your web host?

    tim

    Thread Starter Vunderbar

    (@vunderbar)

    Hi,

    I used the one-click WP install from the Host, and installed both WF and GBC through the WordPress system. No themes installed yet either.

    Thread Starter Vunderbar

    (@vunderbar)

    Hi Tim,

    Sooo … I’m assuming I shouldn’t install any other plugins or do anything else on the site until this is resolved right?? Yes, no??

    Can you provide any insight or information on what this issue might be and what that line of code refers to?

    //@wp_mail($email, __(‘New WordPress Site’), $message);
    }
    endif;

    With the scan results showing a big bright Red X along with the words “Critical” and “Core file” for a WordPress issue, this does not sound good.

    Should I uninstall and then reinstall WordFence again? Adjust settings and then run the scan again? I doubt WordFence made any changes to that file, so I’m guessing the problem would still be there, right?

    Could the GoodBye Captcha plugin (v1.1.16) have made the change? It was installed just prior to WordFence.

    The WF scan mentioned the problem was found at the point where it was “Comparing core WordPress files against originals in repository”. Other than that, everything else was clean.

    This is the message I get after running my first scan. What do I do about this? Site is not on-line yet.
    * WordPress core file modified: wp-config-sample.php

    Thanks .. Margaret Wendell

    Hello Margaret,
    you can examine what changes the modification refers to via a link right there in the report. I’m suspecting it could just be translation changes or something along those lines? If not, let me know.

    Also I would like to ask you to next time you have a new question to create a new support request instead of answering on an old one. Thanks in advance!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Scan finds core WP "critical issue"’ is closed to new replies.