Wordfence High Severity Unknown file problems

Hey @jpm2f,

Who are you hosting with? We have seen some hosts where their support staff or the host control panel itself may place php.ini files in every subdirectory of WordPress’s core files. Typically, this is to change PHP settings throughout the site.

This article will help you deal with the files as long as you’re certain they aren’t malicious. If you’d like help determining if they’re malicious or not you can email examples to [email protected]. Please make sure to include your www.ads-software.com username and a link to this thread.

https://www.wordfence.com/help/scan/scan-results/#unknown-file-in-wordpress-core

Thanks,

Gerroald

Hi Gerroald
Thanks for the response.
Hosted with 1&1 Ionos.
Thank you for the article. I will read through it, however I suspect this might be above my level of expertise. I will therefore take you up on your offer of sending examples to the address above.
Speak soon.
JPM2F

Hey @jpm2f,

Thanks for the email. But I really need to see examples of the php.ini files to make sure they’re harmless. Which I strongly believe will be the case. If you’re not familiar with FTP or similar file editors you might speak with your host. They can tell you if they’re malicious or not. If they’re not malicious you can select ignore all new issues to quieten the white noise and alarm.

You might share this article with them as well.

https://www.wordfence.com/help/scan/scan-results/#unknown-file-in-wordpress-core

Please let me know what they say.

Thanks,

Gerroald

@jpm2f,@wfgerald

I have taken over an Ionos WordPress site and I have the same issue. I think all the files are identical (but I’ve not checked them all) and it does look like they are simply php.ini files that Ionos has placed there and probably nothing to worry about. This is one of the 109 php.ini files I have.

Filename: /homepages/46/d763000772/htdocs/clickandbuilds/<domain>/wp-includes/widgets/php.ini
File Size: 565 bytes
File last modified: Sunday 25th of November 2018 03:21:30 PM
safe_mode=false;
upload_max_filesize=67108864;
post_max_size=67108864;
memory_limit=268435456;
extension_dir=/usr/lib/php7.0/extensions;
zend_extension=/usr/lib/php7.0/extensions/opcache.so;
opcache.enable=1;
opcache.memory_consumption=32;
opcache.interned_strings_buffer=8;
opcache.max_accelerated_files=3000;
opcache.revalidate_freq=180;
opcache.fast_shutdown=0;
opcache.enable_cli=0;
opcache.revalidate_path=0;
opcache.validate_timestamps=2;
opcache.max_file_size=0;
opcache.file_cache=/kunden/homepages/46/d763000772/htdocs/.opcache;
opcache.file_cache_only=1;

I think it’s safe to either just leave them (and let Wordfence find them on every scan) or go through them one by one (I don’t think there’s any way to get Wordfence to ignore them all at once?) and tell Wordfence to ignore them, but maybe @wfgerald can confirm?

Many thanks.

Alan

• This reply was modified 5 years, 4 months ago by zeno001.

Hi, I have similar issues with 103 files but where can I get the full list of the files in questions?
WordFence only names 1 file…

Thank you,

Muriel

I am using Ionos 1and1 as well for hosting and these same files are included in my wp-admin folder.