Support » Plugin: Wordfence Security - Firewall & Malware Scan » All index.php files marked as unknown by WF

  • Resolved gorom



    i’m encountering an issue with the scanner about false positives (i think)

    It marks all index.php files as unknown like this :

    Filename: wp-includes/widgets/index.php
    File Type: Core
    Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This is usually due to it being left over from a previous WordPress update, but it may also have been added by another plugin or a malicious file added by an attacker.

    I know that these files might hide some malicious code but i’ve found nothing. Just the usual

    // Silence is golden

    They’ve got all the same size (26 bytes) so from my point of view, i don’t see any problem with these files (66 files)

    WF version : 7.3.5
    WP version : 5.2.2

    Could you provide me some help about this issue please ?

    Thanks a lot.
    Best regards.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Hi @gorom,

    As far as I know, there is no index.php in the default installation of WordPress for /wp-includes/*.

    I believe you might have another plugin that is adding this file for added security.

    Generally access to wp-includes/ is completely restricted, so that’s why index.php isn’t there in a base installation of WordPress.


    Thread Starter gorom


    Hello @wfdave ,

    thank you for your message, i will look into that.

    Thread Starter gorom


    In the end, i decided to delete the extra index.php files.

    Thank you for your help

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘All index.php files marked as unknown by WF’ is closed to new replies.