Unknown file in WordPress core: wp-admin/.php

  • Resolved MarkMadeDesign

    (@markmadedesign)


    5 years, 8 months ago

    Hello everyone. Just got a high-alert notification that I’ve never seen before. More detail from the scan below but it appears to be an empty file.

    Unknown file in WordPress core: wp-admin/.php

    Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This is usually due to it being left over from a previous WordPress update, but it may also have been added by another plugin or a malicious file added by an attacker.

    Any ideas or how to proceed? Thanks!

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Anonymous User 9948090

    (@anonymized-9948090)

    I also got this notification from Wordfence a few days back. Guess what? The file was created by WP Super Cache plugin. It’s not a fault of Wordfence plugin.

    I’m sure you are also using WP Super Cache plugin. The issue was fixed in latest version of the plugin. Are you still using old version of WP Super Cache plugin? If yes, upgrade to the latest version.

    You can safely delete the empty .php file.

    Hey @markmadedesign,

    Can you please confirm if you’re using the WP Super Cache plugin or not?

    Can you share the contents of the file in a pastebein.com?

    @yet-another-wp-user – Thanks for sharing this information.

    Thanks,

    Gerroald

    Thread Starter MarkMadeDesign

    (@markmadedesign)

    Thank you @wfgerald and @yet-another-wp-user!

    It does appear to be that plugin because I just updated that plugin only and ran another Wordfence scan, only to see that empty file not being flagged this time. I assume it was removed w/ the plugin update. Thanks again!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Unknown file in WordPress core: wp-admin/.php’ is closed to new replies.