Title: Core file changes
Last modified: October 15, 2025

---

# Core file changes

 *  Resolved [cacocorse2](https://wordpress.org/support/users/cacocorse2/)
 * (@cacocorse2)
 * [7 months, 1 week ago](https://wordpress.org/support/topic/core-file-changes-2/)
 * Hi, a few days ago I had to clean up this website, reloaded the WordPress core,
   and changed the passwords. However, this morning I ran a scan, and Wordfence 
   warned me that some files had been changed. Does this mean it’s still infected?
   the files are: js/customizr-nav-menus.js , nav-menu.js , customize-nav-menus.
   min.js , class-wp-rest-users-controller.php , class-wp-rest-terms-controller.
   php , class-rest-posts-controller.php. Attached is an example of the changes 
   on a file
   Thanks!
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fcore-file-changes-2%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Support [wfmargaret](https://wordpress.org/support/users/wfmargaret/)
 * (@wfmargaret)
 * [7 months, 1 week ago](https://wordpress.org/support/topic/core-file-changes-2/#post-18682770)
 * Hi [@cacocorse2](https://wordpress.org/support/users/cacocorse2/),
 * Thanks for reaching out. I don’t see the attachment, but it does sound like you
   may need to clean the site or at least follow the checklist here: [https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/)
 * Make sure to get all your plugins and themes updated, and update WordPress core
   too. If you are on an older branch (WordPress 4.x, etc) because you wanted to
   wait before installing the latest version, because of Gutenberg or a custom theme
   compatibility, you still need the latest update in that version. Those can be
   found here: [https://wordpress.org/download/releases/](https://wordpress.org/download/releases/)
 * WordPress sometimes patches their older releases if they find a vulnerability
   so make sure to update your version if needed. We, of course, recommend that 
   you update to the latest version.
 * **As a rule, any time I think someone’s site has been compromised, I also tell
   them to update their passwords for their hosting control panel, FTP,  WordPress
   admin users, and database. Make sure to do this.**
 * Additionally you might find the WordPress Malware Removal section in [our free Learning Center](https://wordfence.com/learn/)
   helpful.  
 * If you are unable to clean this on your own, there are paid services that will
   do it for you.  Wordfence offers one, and there are others.  Regardless of whether
   you choose to clean it yourself or let someone else do so, we recommend that 
   you make a full backup of the site beforehand. 
 * Thanks,
   Margaret
 *  Thread Starter [cacocorse2](https://wordpress.org/support/users/cacocorse2/)
 * (@cacocorse2)
 * [7 months, 1 week ago](https://wordpress.org/support/topic/core-file-changes-2/#post-18684895)
 * Thanks. So if Wordfance reports that these files have been modified, does that
   mean it’s still infected? You can see the attachment now. Thanks.
 * ![](https://i0.wp.com/www.labauta.com/wp-content/uploads/2025/10/wrd.jpg?ssl=
   1)
 *  Plugin Support [wfmargaret](https://wordpress.org/support/users/wfmargaret/)
 * (@wfmargaret)
 * [7 months, 1 week ago](https://wordpress.org/support/topic/core-file-changes-2/#post-18685765)
 * Hi [@cacocorse2](https://wordpress.org/support/users/cacocorse2/),
 * Typically, Wordfence will flag the changes as malicious if they are infected,
   but I recommend manually checking what the differences are. There may be minor
   changes in spacing, for example, if you manually restored the core files. You
   can check the differences by selecting **Details** and then **View Differences**.
 * If you’d like me to take a look, please feel free to send a screenshot of the
   differences here or to our email **wftest @ wordfence . com**. If you send an
   email, please include your forum name in the subject, and let me know here that
   you’ve sent one.
 * Thanks,
   Margaret

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Core file changes’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [wfmargaret](https://wordpress.org/support/users/wfmargaret/)
 * Last activity: [7 months, 1 week ago](https://wordpress.org/support/topic/core-file-changes-2/#post-18685765)
 * Status: resolved