Support » Plugin: Wordfence Security - Firewall & Malware Scan » alert files wp-admin/css/colors/blue/php.ini

  • Resolved stostling8


    Hi I have had a high alert from worfence with 144 files this is one wp-admin/css/colors/blue/php.ini. Details say: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. 144 more similar files were found.

    Any ideas as to where this comes from ?, I have seen in another topic that it may be due to ionos ( 1&1), but I have spoken to them and they claim it has nothing to do with them.
    Thanks so much

    The page I need help with: [log in to see the link]

Viewing 11 replies - 1 through 11 (of 11 total)
  • Hey @stostling8,

    When I’ve seen this in the past it was due to a hosting configuration. However, if you’d like to share some of the files in a we can review them to see if they’re malicious.

    Please let me know if you’d like to share samples on the contents of the files.



    Hi @stostling8,

    If you believe these files are potentially malicious, please send them over to and we’d be happy to review them.


    Hi @wfdave,

    I received the same alert from wordfence. Thus, would be great if you can please share the outcome of your review.


    @stostling8 @wfdave
    I would also love to know the outcome. My site is hosted on IONOS as well.

    In the past (and I it’s still the same now), IONOS/1and1 did not have a way in the control panel to modify the php.ini file like some other hosting services.

    If you want to increase something like “max_input_vars” in order for a theme to run properly, IONOS suggests adding a php.ini file to the wp-admin folder. I suspect this is why we are getting the warning.

    I have this same problem, and have contacted IONOS who say they did not put the files there.

    I unable to see the other 148 files listed.

    Has anyone found an answer to this?

    Many thanks.

    Also seeing this message on an IONOS hosted WP site.

    Are there any updates?

    • This reply was modified 2 years, 1 month ago by msmithng.

    IONOS didn’t think it was anything they have placed on the sites.
    I’m trying to find out if it is a plugin I have used.



    I have this message as well on an Ionos hosted site.

    I did a fresh click and build installation through IONOS and all of those files are present immediately after installation.



    I have an alert for these files through WordPress Central on 6 sites hosted with 1and1.
    No alerts on sites that are not hosted with them which makes me think it is absolutley down to them.

    I did a fresh click and build installation through IONOS and all of those files are present immediately after installation.

    This seems to clarify they are nothing to be concerned about.
    I did look through the files and have not found anything malicious in there..

    • This reply was modified 2 years ago by Stu.

    I just took over a client website also hosted with Ionos, and my first WordFence scan came up with similar results (86 unknown files in the WordPress core).

    A little more searching found this question/answer which I think might be the reason:

    Perhaps Ionos is not properly removing these configuration files.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘alert files wp-admin/css/colors/blue/php.ini’ is closed to new replies.