Core file changes

Hi @cacocorse2,

Thanks for reaching out. I don’t see the attachment, but it does sound like you may need to clean the site or at least follow the checklist here: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

Make sure to get all your plugins and themes updated, and update WordPress core too. If you are on an older branch (WordPress 4.x, etc) because you wanted to wait before installing the latest version, because of Gutenberg or a custom theme compatibility, you still need the latest update in that version. Those can be found here: https://wordpress.org/download/releases/

WordPress sometimes patches their older releases if they find a vulnerability so make sure to update your version if needed. We, of course, recommend that you update to the latest version.

As a rule, any time I think someone’s site has been compromised, I also tell them to update their passwords for their hosting control panel, FTP,  WordPress admin users, and database. Make sure to do this.

Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful.  

If you are unable to clean this on your own, there are paid services that will do it for you.  Wordfence offers one, and there are others.  Regardless of whether you choose to clean it yourself or let someone else do so, we recommend that you make a full backup of the site beforehand. 

Thanks,
Margaret

Hi @cacocorse2,

Typically, Wordfence will flag the changes as malicious if they are infected, but I recommend manually checking what the differences are. There may be minor changes in spacing, for example, if you manually restored the core files. You can check the differences by selecting Details and then View Differences.

If you’d like me to take a look, please feel free to send a screenshot of the differences here or to our email wftest @ wordfence . com. If you send an email, please include your forum name in the subject, and let me know here that you’ve sent one.

Thanks,
Margaret