Support » Plugin: Wordfence Security » Wordfence not finding changed core file

  • Resolved sneader


    I have a customer with a hacked WP installation. I see in their xmlrpc.php file that it is littered with:

    if (isset($_POST[‘wp-load’])) {

    I downloaded a fresh copy of WordPress 3.5.1, and the xmlrpc.php file doesn’t have these lines anywhere.

    I am running a scan, with the checkbox “Scan core files against repository versions for changes” checked.

    Yet, the scan comes up clean! I have looked under the Ignored tab, and there is nothing.

    What could possibly prevent Wordfence from noticing a hacked core file that differs considerably from the one at the repository?

    – Scott

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Wordfence


    Hi Scott,

    Perhaps the file isn’t a core file. Sorry to state the obvious, but does the file perhaps have the same name as a core file but is in a different directory? Let me know what the full path is and I’ll check.



    Hi Mark. I replied to this to close out the thread, but I see it didn’t stick. It turns out the customer had hacked files on our server, but their DNS was still pointing to another host. So, we were running the scans one host, and looking at files on another host! Egg on face.

    Wordfence is awesome and I am so glad you have put all this work into this product. I can’t thank you enough.

    I’m sorry I wasn’t able to remove the thread or otherwise stop you from wasting your time on this non-issue.

    – Scott

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Wordfence not finding changed core file’ is closed to new replies.