Support » Plugin: Wordfence Security - Firewall & Malware Scan » Core File Modified: class-wp-site-health-auto-updates.php

  • Resolved mrbills

    (@mrbills)


    Hi, this morning I woke up to a notification that a core file had been modified. I logged in and checked what was up, here is the notification: WordPress core file modified: wp-admin/includes/class-wp-site-health-auto-updates.php

    I had Wordfence repair the file, and after the repair I could no longer run a Wordfence scan, so I rolled back to the modified version of the file.

    Here are the changes that were made to the core file:

    Line 30 $this->test_constants( 'AUTOMATIC_UPDATER_DISABLED', false ), was modified to #

    and line 37 $this->test_all_files_writable(), was also modified to #

    I’ve reached out to my host to see if this was possibly a change made by them, and am waiting for a response–though I think it’s unlikely. Is this something that I should be worried about?

    Thanks in advance

    • This topic was modified 1 year, 1 month ago by mrbills.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Hey @mrbills,

    I would be a little concerned too. Nothing should be modifying WordPress Core files. Are you able to share the URL here? Can you try running a High Sensitivity scan to see if anything comes up?

    I’d also be interested in hearing your host’s thoughts.

    Thanks,

    Gerroald

    I also received this alert today. It’s for a client who is on Godaddy (not my choice) and I know they do a bunch of wacky stuff when it comes to wp configurations, so I’ve requested a tech support callback…. they should call within 20 minutes so I will update this thread when they do.

    OP, did the most recent scan only turn up that file change? If so then do another scan and see if any additional errors arise, like malware being found. If no malware is found then your edit was probably done by the host to make your installation work with their internal wp update process. Be sure to check with them though to make sure.

    I’ll update this thread in 20 minutes when my host replies.

    So I did some digging, and I had originally installed WordPress for this website using the cPanel “installatron”, and yes, it’s on Godaddy. I had originally turned off automatic updates, but apparently it was somehow recently flipped back on for minor updates. I had 5.2.1 installed as of yesterday, and late last night it was auto-updated to 5.2.2. Not sure why the core file was modified, however.

    UPDATE: Just got off the phone with Godaddy support and they confirmed that they made the change on their end, in order to make the installation work with their server configuration and internal processes.

    The agent talked about how it was necessary because “php was outdated” on the hosting account… which sounds like it’s just a line they tell everyone because my php version is 7+.

    Hope this helps anyone else.

    Thanks dkdesignhawaii, I just turned off any auto updating again, logged into the site, and re-installed WordPress using the built in process in the updates dashboard, which restored the site and got rid of the changes. I was then able to do a Wordfence scan, which it could now complete and came back clean.

    Hey @dkdesignhawaii,

    Thanks for the update, and sharing this. It’s nice to know the root cause isn’t malicious, even though it is pretty odd.

    Please let us know if anything else comes up.

    Thanks,

    Gerroald

    @wfgerald no problem! And I would say that “odd” is an apt description I think a lot of us would use when describing that host…

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Core File Modified: class-wp-site-health-auto-updates.php’ is closed to new replies.