Title: Threat priority
Last modified: January 25, 2024

---

# Threat priority

 *  Resolved [prokops](https://wordpress.org/support/users/prokops/)
 * (@prokops)
 * [2 years, 4 months ago](https://wordpress.org/support/topic/threat-priority/)
 * Hello!
 * I have a situation where a site is infected with malware.
 * The scanner returns two results a “high” and a “critical”
 * [https://paste.pics/Q9TQV](https://paste.pics/Q9TQV) (edited for clarity)
 * The “critical” issue is a reported vulnerability in a widely used plugin. This
   poses a risk of getting malware or hacked.
 * The “high” issue is an system file, modified with a malware script that loads
   in a third party hostile javascript.
 * Why is the risk marked “critical” while the actual infection marked “high” ?
 * This means I have to change my settings to get alerts at level “high” as this
   apparently needs acute and immediate attention, something I thought was reserved
   for critical issues.
 * In short, why are modified core files not automatically marked “critical” ?
 * Can you comment?

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Support [wfphil](https://wordpress.org/support/users/wfphil/)
 * (@wfphil)
 * [2 years, 4 months ago](https://wordpress.org/support/topic/threat-priority/#post-17372268)
 * Hi [@prokops](https://wordpress.org/support/users/prokops/)
 * This means that the modified file contains code that we don’t have a malware 
   signature for so only has a rating of ‘High’. You can send the file to **_samples[
   at] wordfence [dot] com_**.
 * Please follow our site cleaning guide below:
 * [https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/)
 *  Thread Starter [prokops](https://wordpress.org/support/users/prokops/)
 * (@prokops)
 * [2 years, 4 months ago](https://wordpress.org/support/topic/threat-priority/#post-17372315)
 * Thanks Phil
 * Is there any way I can force any core file change to get classed as “critical”
   on my site? Or is rating threats strictly off site.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Threat priority’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [prokops](https://wordpress.org/support/users/prokops/)
 * Last activity: [2 years, 4 months ago](https://wordpress.org/support/topic/threat-priority/#post-17372315)
 * Status: resolved