Support » Plugin: Sucuri Security - Auditing, Malware Scanner and Security Hardening » Core WordPress Files Were Modified

  • Hello,
    I clicked on reinstall wordpress, but the plugin always tells me Core WordPress Files Were Modified, how come?
    My site was attacked yesterday by malware but I then did the restore

    thanks for the help

    • This topic was modified 1 year, 4 months ago by mapo85.

    The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 16 total)
  • @mapo85 Can you take a screenshot of what it says was modified? I believe technically they were modified if you restored the files, so as long as they don’t contain any malware then it should be fine to clear the warning.

    Thread Starter mapo85

    (@mapo85)

    Hi, thanks for the help, where exactly should I take the screenshot?

    sucuri esempio

    • This reply was modified 1 year, 4 months ago by mapo85.
    • This reply was modified 1 year, 4 months ago by mapo85.
    Thread Starter mapo85

    (@mapo85)

    can you help me?
    thank you

    @mapo85 Sorry for the delay.

    Can you show the actual core file names that are reported as modified and the contents if possible?

    Also, what signs did you see that told you the website was hacked? There could be a backdoor within the database that is being used and so restoring just the files wouldn’t remove it and the attacker could again modify the core files.

    Thread Starter mapo85

    (@mapo85)

    I send you the screenshot
    it had been hacked because the site took me to other spam sites and I noticed anomalies.

    screenshot

    @mapo85 Thanks!

    For index.php and wp-settings.php, you can just copy the correct code from WordPress: https://core.svn.wordpress.org/tags/5.4.2/

    The ver.php and wordfence-waf.php were not found in standard locations and may be infected as well.

    If you do not use user.ini files for PHP settings – then you should be able to safely delete those two user.ini files (I suggest backing up everything before making any of these changes)

    Thread Starter mapo85

    (@mapo85)

    thanks for the help, I edited the index.php and wp-setting.php files now the flag is purple, right?
    what should i do with the file ver.php?

    thank you

    @mapo85 ver.php shouldn’t exist by default for the WordPress installation, so I would back it up and remove it.

    Yes, for index.php and wp-setting.php you just need to click the checkbox and then select “Mark as Fixed” from the menu at the bottom, click the confirmation checkbox, then click the green “Submit” button.

    Thread Starter mapo85

    (@mapo85)

    Thanks a lot on that site I solved, I have these problems on another site, can you help me solve? thank you

    error 2

    @mapo85 The php_errorlogs are safe to delete, but I do not know the contents of licenza.html so you would need to inspect it and determine if it is safe or needed by your website.

    Thread Starter mapo85

    (@mapo85)

    the license concerns GENERAL PUBLIC LICENSE (GPL) OF THE GNU PROJECT, I send you a screenshot

    thanks

    gpl

    @mapo85 That one is safe to delete too 🙂

    Thread Starter mapo85

    (@mapo85)

    ok but now the flag is red

    thanks

    red

    @mapo85 That’s okay, just “Mark as Fixed” from the dropdown for licenza.html.

    Thread Starter mapo85

    (@mapo85)

    Thanks so much! great plugin! now the sites are perfect!

Viewing 15 replies - 1 through 15 (of 16 total)
  • The topic ‘Core WordPress Files Were Modified’ is closed to new replies.