False Positive Unknown file in WordPress core
-
Hey there,
On WordPress installs where there WP_CONTENT_DIR is set to the document root, Wordfence scans return thousands of “Unknown file in WordPress core” errors for genuine WordPress core files e.g.:
Unknown file in WordPress core: wp-content/wp/wp-includes/widgets/class-wp-widget-recent-posts.php
I’m happy to send a full diagnostics report if that would be helpful, but the pertinent parts are below:
## WordPress Settings: WordPress version and internal settings/constants. ##
------------------------------------------------------------------------------------------------------------------------------------------------------------
| Setting Name | Description | Value |
------------------------------------------------------------------------------------------------------------------------------------------------------------
| WordPress Version | | 6.7.1 |
| Multisite | Return value of is_multisite() | No |
| ABSPATH | WordPress base path | /app/public/wp/ |
| WP_DEBUG | WordPress debug mode | On |
| WP_DEBUG_LOG | WordPress error logging override | Enabled |
| WP_DEBUG_DISPLAY | WordPress error display override | Disabled |
| SCRIPT_DEBUG | WordPress script debug mode | Off |
| SAVEQUERIES | WordPress query debug mode | Off |
| DB_CHARSET | Database character set | utf8mb4 |
| DB_COLLATE | Database collation | utf8mb4_unicode_ci |
| WP_SITEURL | Explicitly set site URL | https://example.wsz0bjvp7aph6.eu-west-2.cs.amazon |
| | | lightsail.com/wp |
| WP_HOME | Explicitly set blog URL | https://example-site.wsz0bjvp7aph6.eu-west-2.cs.amazon |
| | | lightsail.com |
| WP_CONTENT_DIR | "wp-content" folder is in default location | No: /app/public |
| WP_CONTENT_URL | URL to the "wp-content" folder | https://example-site.wsz0bjvp7aph6.eu-west-2.cs.amazon |
| | | lightsail.com |
| WP_PLUGIN_DIR | "plugins" folder is in default location | No: /app/public/plugins |
| WP_LANG_DIR | "languages" folder is in default location | Yes |
| WPLANG | Language choice | (not set) |
| UPLOADS | Custom upload folder location | (not set) |
| TEMPLATEPATH | Theme template folder override | (not set) |
| STYLESHEETPATH | Theme stylesheet folder override | (not set) |
| AUTOSAVE_INTERVAL | Post editing automatic saving interval | 60 |
| WP_POST_REVISIONS | Post revisions saved by WordPress | 3 |
| COOKIE_DOMAIN | WordPress cookie domain | |
| COOKIEPATH | WordPress cookie path | / |
| SITECOOKIEPATH | WordPress site cookie path | /wp/ |
| ADMIN_COOKIE_PATH | WordPress admin cookie path | /wp/wp-admin |
| PLUGINS_COOKIE_PATH | WordPress plugins cookie path | /plugins |
| NOBLOGREDIRECT | URL redirected to if the visitor tries to access a | (not set) |
| | nonexistent blog | |
| CONCATENATE_SCRIPTS | Concatenate JavaScript files | No |
| WP_MEMORY_LIMIT | WordPress memory limit | 40M |
| WP_MAX_MEMORY_LIMIT | Administrative memory limit | 256M |
| WP_CACHE | Built-in caching | Enabled |
| CUSTOM_USER_TABLE | Custom "users" table | (not set) |
| CUSTOM_USER_META_TABLE | Custom "usermeta" table | (not set) |
| FS_CHMOD_DIR | Overridden permissions for a new folder | 755 |
| FS_CHMOD_FILE | Overridden permissions for a new file | 644 |
| ALTERNATE_WP_CRON | Alternate WP cron | Disabled |
| DISABLE_WP_CRON | WP cron status | Cron is enabled |
| WP_CRON_LOCK_TIMEOUT | Cron running frequency lock | 60 |
| EMPTY_TRASH_DAYS | Interval the trash is automatically emptied at in days | 30 |
| WP_ALLOW_REPAIR | Automatic database repair | Disabled |
| DO_NOT_UPGRADE_GLOBAL_TABLES | Do not upgrade global tables | No |
| DISALLOW_FILE_EDIT | Disallow plugin/theme editing | Yes |
| DISALLOW_FILE_MODS | Disallow plugin/theme update and installation | Yes |
| IMAGE_EDIT_OVERWRITE | Overwrite image edits when restoring the original | Yes |
| FORCE_SSL_ADMIN | Force SSL for administrative logins | Yes |
| WP_HTTP_BLOCK_EXTERNAL | Block external URL requests | No |
| WP_ACCESSIBLE_HOSTS | Allowlisted hosts | (not set) |
| WP_AUTO_UPDATE_CORE | Automatic WP Core updates | Default |
| WP_PROXY_HOST | Hostname for a proxy server | (not set) |
| WP_PROXY_PORT | Port for a proxy server | (not set) |
| MULTISITE | Multisite enabled | No |
| WP_ALLOW_MULTISITE | Multisite/network ability enabled | No |
| SUNRISE | Multisite enabled, WordPress will load the | (not set) |
| | /wp-content/sunrise.php file | |
| SUBDOMAIN_INSTALL | Multisite enabled, subdomain installation constant | (not set) |
| VHOST | Multisite enabled, Older subdomain installation constant | (not set) |
| DOMAIN_CURRENT_SITE | Defines the multisite domain for the current site | (not set) |
| PATH_CURRENT_SITE | Defines the multisite path for the current site | (not set) |
| BLOG_ID_CURRENT_SITE | Defines the multisite database ID for the current site | (not set) |
| WP_DISABLE_FATAL_ERROR_HANDLER | Disable the fatal error handler | No |
| AUTOMATIC_UPDATER_DISABLED | Disables automatic updates | Automatic updates disabled |
------------------------------------------------------------------------------------------------------------------------------------------------------------
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
The topic ‘False Positive Unknown file in WordPress core’ is closed to new replies.
