It’s impossible for me to tell you why those files are modified. I don’t have access to your website, so I cannot inspect the files to tell you what are the modifications about, you have to do it by yourself.
I can only tell you that the plugin was able to detect the differences because the checksum of each file differs from the checksum of the original WordPress files. Maybe you have an installation in a different language, this usually triggers the generation of additional language files that are outside the official WordPress package, and so they are considered orphan files, and the plugin flags them.
I usually recommend people to enable the “WordPress Integrity Diff Utility” from the plugin’ settings page, so they can see what are the differences in these files. But in your case I cannot recommend you that because in your other ticket [1] you mentioned that you are seeing an error that indicates that your hosting provider blocked the tool that is required in order to execute the diff utility. You will have to check the content of those files by hand.
Marking as resolved, feel free to re-open if you need more information.
[1] https://wordpress.org/support/topic/wordpress-integrity-diff-utility/
so i must contact hosting provider to enable something called “shell function”, right?
i already try to reinstall again wordpress and than install sucuri plugin but the error message still appears “Core wordpress files were modified” the flag file path tell “wp-admin/error_log”. i also try to reinstall in my localhost but all is well. do you know about this?
if u cant help without access to my website, how i sent you information about my administrator page for help purpose only? this is what you need?
You can contact your hosting provider to ask them to whitelist the exec PHP function, but I don’t think they will accept your request unless you can justify the purpose of that action.
These “shell functions” can open a security hole in a web server if you don’t know how to use them. That’s why many hosting providers keep them disabled. And that’s why this “diff utility” is also disabled by default, only advanced users are supposed to know what it is and will know the risks of having that function enabled.
Now that you have provided more details, like the name of the file that is being flagged, I can tell you with certainty that there is a piece of code running in your website that is generating either one or more warnings/errors, PHP automatically stores these things in files called error_log; they are not part of a normal WordPress installation, that’s why the Sucuri plugin is flagging them.
A temporary solution would be to select these files and delete them, from the same WordPress Integrity interface, however, the plugin or theme that is generating the warnings/errors will keep generating them until you fix the code or until you ask their original author to fix them, and while this happens, PHP will keep storing those warnings/errors into that error_log file and the Sucuri plugin will keep flagging them.
If you open that file — the “error_log” file — in a code editor, you will see a reference to the files that are generating the warnings/errors and then take a decision of who to contact to fix them. It could be a plugin or theme, only you can determine that as you are the administrator of the website.
You cannot (or should not) create an administrator account for me, that implies that I will work in your website as if you were a paying customer, but because you are not this creates liability. If I break something, there is nothing that can protect you because there is not an official contract between you and me, if you were a paying customer the company — Sucuri Inc. in this case — would cover the damage in case it happens.
oh i see, i already open error_log and find error “WordPress database error Unknown column ‘wp_’ in ‘field list’ for query SELECT wp_” do you know about this? i try to install in localhost and work well.
