Unknown files after update to WordPress 6.7

  • Resolved andrewledford1

    (@andrewledford1)


    1 week, 2 days ago

    All of my sites that have updated automatically to WordPress 6.7 now have Unknown files in WordPress core: I am also getting a Vulnerability warning. Sites that I need to manually update seem to be fine.

Viewing 12 replies - 1 through 12 (of 12 total)

  • Happened to us as well – even in manual updates.

    Thread Starter andrewledford1

    (@andrewledford1)

    I should have said sites I have not updated yet are okay.

    Same issue.

    Same.

    Same problem on my sites, I specify that I update WordPress manually.

    lauramcmillancreative

    (@lauramcmillancreative)

    Same issue here. 2504 errors.

    High Severity Problems:

    • Unknown file in WordPress core: wp-admin/about.php
    • Unknown file in WordPress core: wp-admin/admin-footer.php
    • Unknown file in WordPress core: wp-admin/admin-header.php

    etc.

    Running WordPress 6.7, which updated last night around 23:00 GMT. WordFence ran the scan and reported problems at 04:53 GMT.

    Cloned the site to test deletion and used the ‘Delete all deletable files’ function and it completely broke the site.

    I tested another one of my sites by updating to 6.7 and had all the same issues appear.

    same here…

    Jason Ryan

    (@viablethought)

    Hello all –

    Ok, so I have found that if you are using the Free version of Wordfence, the “Rules” are only updated every 30 days – which means that this is completely out of sync with the release of WP 6.7.

    If you go to Wordfence -> All Options -> Advanced Firewall Options -> Manually Refresh Rules and then run a new Scan, this resolves the issue (tested one site thus far and seemed to do the trick).

    Wordfence changed this a bit ago where the rules are only updated once every 30 days – not sure this was a great idea on Wordfence’s part.

    Plugin Support wfpeter

    (@wfpeter)

    Thanks @andrewledford1 for reaching out and thank-you for your patience.

    This issue was ultimately unrelated to the firewall rules being updated and it was remediated as we made changes on our side. The issue was due to one of our integrations that was incorrectly reporting the files as unknown. This was fixed earlier today and subsequent automatic or manual scans should no longer show the files as unknown. We have some documentation on these scan results here in general for reference, and restoring deleted or repaired files from a backup if the site has issues is the best option: https://www.wordfence.com/help/scan/scan-results/#unknown-file-in-wordpress-core

    Peter.

    Thread Starter andrewledford1

    (@andrewledford1)

    @viablethought thank you for your help.

    Thread Starter andrewledford1

    (@andrewledford1)

    @wfpeter thanks for the update. I am sure a lot of people are affected by this.

    Plugin Author Wordfence Security

    (@mmaunder)

    Additional details on the underlying issue along with further clarification that this is unrelated to firewall rules:

    https://www.ads-software.com/support/topic/ouch-unknown-file-in-wordpress-core-wp-v6-7/#post-18133181

    Mark Maunder – CTO @ Wordfence.

Viewing 12 replies - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.