Unknown file in WordPress core

Hi

Previous thread about this issue was marked resolved, so I am posting my list of “unknown” files here:

These are the files that Wordfence is returning as “unknown”.

wp-admin/.bt
wp-admin/data.txt
wp-admin/edit-form-tags.php
wp-admin/includes/class-wp-admin-list-table.php
wp-admin/includes/class-wp-filesystem-admin.php
wp-admin/includes/jquery.php
wp-admin/link-parse-editor.php
wp-admin/link-parse-form.php
wp-admin/link-parse-gate.php
wp-admin/media-parse-new.php
wp-admin/options-admins.php
wp-admin/plugin-change.php
wp-admin/scripts/script1.php
wp-admin/scripts/script211.php
wp-admin/scripts/script3.php
wp-admin/scripts.zip
wp-includes/.DS_Store
wp-includes/SimplePie/Net/IPv4.php

Thanks,
David

Yes not solved for me too need to know if is an attack or Wordfence issue

@alek75
Im experiencing the exact same thing as you are. Hope WF will reply to this

Good to know then maybe is just Wordfence .

Let’s wait their answer

Same boat. Two of my sites were flagged. From my research I believe these files are added not by WordPress but rather by the install application within my control panel. I use Plesk. All my sites use this install method so I can keep up with managing plugins from one control panel. My desktop localhost WordPress installs running wamp for doing development before hosting do not contain these files which leads me t believe they are hooks that Plesk uses for WordPress management but I am still concerned that over 15 sites only 2 were flagged.

Read more about it here. https://talk.plesk.com/threads/where-does-plesk-download-wordpress-from.338548/

Loved to hear some feedback from other Plesk/WordPress Users. Thanks!

Same issue here, though only one file. This started with the 6.1.11 update and still persists after the 6.1.12 update.

Unknown file in WordPress core: wp-includes/theme-compat/comments-popup.php

Filename: wp-includes/theme-compat/comments-popup.php
File type: Core
Issue first detected: 18 mins ago.
Severity: Warning
Status New

I attempted to delete the file from Wordfence as well as manually and receive the following error message;

An error occurred
Could not delete file wp-includes/theme-compat/comments-popup.php. The error was: unlink(/home/content/p3pnexwpnas01_data02/82/2972482/html/wp-includes/theme-compat/comments-popup.php): Permission denied

My site is hosted w/ GoDaddy using their “managed” WordPress hosting.

I have Plesk too and I noticed a recent update.
I think that’s the answer, at least for my files.

Yeah it’s the “security” in Plesk. Why they can’t coordinate with wordfence must be because of some religious principle because it doesn’t make any logical sense.

Well is kinda strange that Plesk added this files now. I didn’t make a new installation. I installed this website more than 1 year ago.

Got a similar message myself (only one file though). Not using Plesk so guessing its more of a Wordfence issue?

Wordfence are usually quick to address stuff like this so looking forward to a response from them

Same here, in many sites i host (with plesk) i get similar messages since 6.1.11, 6.1.12

* Unknown file in WordPress core: wp-admin/includes/upgrade.php.orig
* Unknown file in WordPress core: wp-admin/plugin-uploader.php
* Unknown file in WordPress core: wp-admin/theme-uploader.php
* Unknown file in WordPress core: wp-admin/uploader/pclzip.lib.php
* Unknown file in WordPress core: wp-admin/uploader/upload.php
* Unknown file in WordPress core: wp-includes/functions.php.orig
* Unknown file in WordPress core: wp-admin/includes/upgrade.php.orig
* Unknown file in WordPress core: wp-admin/images/post-formats-2x.png
* Unknown file in WordPress core: wp-admin/includes/post-formats.php
* Unknown file in WordPress core: wp-admin/js/edit-post.min.js
* Unknown file in WordPress core: wp-admin/js/post-formats.js
* Unknown file in WordPress core: wp-admin/js/post-formats.min.js
* Unknown file in WordPress core: wp-includes/ID3/class-getid3.php
* Unknown file in WordPress core: wp-includes/js/mediaelement/mediaelement-and-player.js
* Unknown file in WordPress core: wp-includes/js/mediaelement/mediaelementplayer.css
* Unknown file in WordPress core: wp-includes/js/revisions.min.js
* Unknown file in WordPress core: wp-includes/js/template.js
* Unknown file in WordPress core: wp-includes/js/template.min.js

Can anyone verify (from Wordfence support) that this is a Wordfence issue or not PLS ?

Yep this seems to be a Wordfence issue as these files exist in my test site basic install so they are not unknown.

If they confirm this, no problem we simply ignore those alerts.

Venutius, I also tried a fresh Plesk install of WordPress and the files are included, it remains to know why they’re there when they’re actually missing in the official WP install, that’s to say what’s their role. This should be addressed by Plesk developers, actually, not Wordfence.

Just came across this thread! Ensuring that there is indeed a Unknown file in WordPress core issue as i received the following wordfence alert for the below files. My concern is pretty high right now; do I just wait for a Wordfence Security update??

I have Version 6.1.12

Warnings:
* Unknown file in WordPress core: wp-admin/css/colors/_mixins_bck_old.php
* Unknown file in WordPress core: wp-admin/css/colors/light/colors-rtl.min_backup.php
* Unknown file in WordPress core: wp-admin/css/colors/midnight/colors-rtl_old.php
* Unknown file in WordPress core: wp-admin/css/colors/ocean/colors_bck_old.php
* Unknown file in WordPress core: wp-admin/css/farbtastic-rtl_infoold.php
* Unknown file in WordPress core: wp-admin/includes/dashboard_ver1.php
* Unknown file in WordPress core: wp-admin/js/editor.min_ver1.php
* Unknown file in WordPress core: wp-admin/maint/repair_new.php
* Unknown file in WordPress core: wp-admin/ms-options_ver1.php
* Unknown file in WordPress core: wp-admin/user/freedoms_new.php
* Unknown file in WordPress core: wp-includes/SimplePie/Parse/Date_bck_old.php
* Unknown file in WordPress core: wp-includes/Text/Diff/Engine/native_ver1.php
* Unknown file in WordPress core: wp-includes/Text/Diff/Renderer/inline_ver1.php
* Unknown file in WordPress core: wp-includes/images/down_arrow_indesit.php
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/7e1f37f0_indesit.php
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/tabfocus/plugin_new.php
* Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpview/plugin_indesit.php
* Unknown file in WordPress core: wp-includes/js/tinymce/skins/wordpress/images/gallery-2x_infoold.php
* Unknown file in WordPress core: wp-includes/js/tinymce/themes/modern/theme_prevv1.php
* Unknown file in WordPress core: wp-includes/theme-compat/footer_ver1.php