WordPress core file modified notification

Can anyone please answer this question?

I’m sorry I know you’re busy, but please answer this question. This situation still exists and I don’t know what course of action to take. Please help!

Hi @birdiedesign,

The code change you sent in a sample of causes database errors to be printed out to the browser instead of logged and handled within the WordPress environment.

My first suspicion would be that this was done by someone who was trying to fix something on the site, like a developer you have hired, someone you’re managing the site with or your web host. It is also possible that it was done by a malicious actor but it doesn’t strike me as typical malware.

The unknown files could be your original files without the modifications which whomever made the change created as a backup in case they broke the site.

I’d advise you to check last modified timestamp on the files so you can pin point an exact time when it happened and then review who has access to your site and could have made these modifications.

Hi wfasa,

Thank you so much for your reply! No one has access to the site, but me. I would think if it is malware it would change something on the site, but it still works and looks the same as before. It could be the web host though. Is it safe click on “repair” or should I just ignore it?

Another example of a modified file: wp-includes/load.php

Original:

if ( is_wp_error( $prefix ) ) {
wp_load_translations_early();

wp_die( 
/* translators: 1: $table_prefix 2: wp-config.php */ 
sprintf( __( '<strong>ERROR</strong>: %1$s in %2$s can only contain numbers, letters, and underscores.' ),

Modified:

if ( is_wp_error( $prefix ) ) {
wp_load_translations_early();

// add by APS - display error on
if(defined('APSCONFIGURE')){
   throw new Exception(
       /* translators: 1: $table_prefix 2: wp-config.php */
       sprintf( __( '<strong>ERROR</strong>: %1$s in %2$s can only contain numbers, letters, and underscores.' ), 
               '<code>$table_prefix</code>',
               '<code>wp-config.php</code>' 
        )
   );
}

wp_die( 
/* translators: 1: $table_prefix 2: wp-config.php */ 
sprintf( __( '<strong>ERROR</strong>: %1$s in %2$s can only contain numbers, letters, and underscores.' ),

Hope you can help me further. Thanks again for your time!

Kind regards,
Michelle

Hi again,
Yeah, your host has access to your site. This looks like something they may have implemented. I strongly suggest you reach out to them and inquire about what “APSCONFIGURE” is and why it’s modifying your core files.

I would recommend you do that before you repair, else the modifications may just keep happening over and over again.

If you want to, you could ignore it I suppose but if I were you I’d be curious why they are modifying core files since that’s not recommended.

Hi,

Thanks again. I’m glad it isn’t anything malicious. I will contact my hosting about this.