It might have just been uploaded, but it is obviously a VERY non-standard, existing WordPress copy you uploaded, that has been significantly modified (or maybe even is infected).
a) notice the ‘.orig’ files, indicating that there has been manual editing of various files going on.
b) There is no “wp-admin/uploader” directory in a “brand spanking new” WordPress. Same for most of the other stuff. Don’t belong.
If I were you, I would listen to WordFence and be quite nervous about the fact that most of the added stuff has to do with “uploading”. That is typically where all the infection paths into WordPress exist.
WordFence is just telling you that all that stuff, which you might already know about, is non-standard and should be checked out, since it cannot match it to standard WordPress core files.
Might want to go take a look at these files and see where they came from.
Thread Starter
LisaMB
(@lisamb)
Thank you very much Caleb. This is getting beyond my technical expertise but I think we’ll change hosts to one I trust.
How did you do this install?
As a standard WordPress install (downloading from WordPress.org and uploading), using the hosting company’s WordPress Install procedures, or was it an existing WordPress installation that was uploaded?
The files you list do not belong in a standard WordPress install, but if you used the hosting company’s software installer, they could of course have modified WordPress somewhat.. I have never seen this much though. Typically hosting companies install very standard stuff, and they should never install a bunch of extra stuff that does not belong.
I would not be too quick to blame the hosting company, though, without knowing what all this extra stuff actually is. Especially all the “uploading” type of junk. Anything with the word “upload” in it always makes me nervous. 🙂
Various uploaders with security flaws in their coding is frequently how hackers find holes to crawl through. 🙂
Thread Starter
LisaMB
(@lisamb)
It’s a long and convoluted story and while I’ve uploaded dozens of sites, this one has given me more headaches than you can imagine. The host installed WP for me because I simply couldn’t do it via their CPanel. And from there it got more ridiculous. Should have trusted my instincts but given the client had paid for the hosting already before I came on board…
After some research it seems that at least a good part of these files (like the wp-admin/uploader stuff) are part of the WordPress APS package used when you install WordPress via a management system like Plesk on a server rather than by installing manually.
The files are part of the Plesk theme/plugin uploader system so are in fact likely safe & can be ignored.
Might want to risk white-listing them then.
Thread Starter
LisaMB
(@lisamb)
Actually ahem, I just did a google search and it does seem that it is what you’ve mentioned. I’ve flagged it with the host. Thanks again for your time.
Hi Lisa,
You may want to take a look at this reply discussing several reasons for having such files and possible ways to overcome this issue.
Thanks.
