Unknown file in WordPress core – error message

  • Resolved outwork

    (@outwork)


    5 years, 7 months ago

    Hi guys! Keep getting the following error message on a few of my websites: “Unknown file in WordPress core: wp-admin/error_log-20200926.gz” When I open the file to see the content using wordfence the content look like this: https://i.ibb.co/7rJqhgy/Capture-word.png

    My website get infected? This looks really strange.

    Thanks,

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support WFAdam

    (@wfadam)

    5 years, 7 months ago

    Hello @outwork and thanks for reaching out to us!

    If you already know about the listed file, you can click the link to ignore the file until it changes. If you don’t know what the file is, it may require some investigation to find out if your host has placed it there, or if it may have been created by your FTP application or OS, or if it is malicious.

    Some “Managed WordPress” hosting plans do not allow you to change core files, and on some hosts, if a new version of WordPress no longer includes a particular file, it may be left in your site’s files after they update WordPress. In this case, it is generally safe to ignore the file, or you can contact the host if you believe it should be removed.

    In a few cases, we have seen that a host’s support staff or a host’s control panel may place “php.ini” files in every subdirectory of WordPress’s core files. Typically, this is to change PHP settings throughout the site. Since this can generate a lot of scan results, we combine results for php.ini files into a single result with a note like “(22 more similar files were found.)”

    Check with your host if this is a file that they may have placed there, but it may be something malicious.

    Let me know what you find. If it’s found to be malicious, we will talk about how to resolve this.

    Thanks!

    Thread Starter outwork

    (@outwork)

    5 years, 7 months ago

    Thank you for your answer Adam!

    Made some more investigation: downloaded the file. Extracted the gz file and here is the content of it: 

    [24-Sep-2020 13:42:19 UTC] PHP Warning:  require(/home/host/website.com/public_html/wp-includes/sodium_compat/autoload.php): failed to open stream: No such file or directory in /home/host/website.com/public_html/wp-includes/compat.php on line 333
[24-Sep-2020 13:42:19 UTC] PHP Fatal error:  require(): Failed opening required '/home/host/website.com/public_html/wp-includes/sodium_compat/autoload.php' (include_path='.:/opt/alt/php72/usr/share/pear') in /home/host/website.com/public_html/wp-includes/compat.php on line 333
[24-Sep-2020 13:44:25 UTC] WordPress database error Unknown column 'wp_' in 'field list' for query SELECT wp_
[24-Sep-2020 14:20:19 UTC] PHP Warning:  fopen(/home/host/website.com/public_html/wp-content/plugins/all-in-one-wp-migration/all-in-one-wp-migration.php): failed to open stream: No such file or directory in /home/host/website.com/public_html/wp-includes/functions.php on line 6023
[24-Sep-2020 14:20:19 UTC] PHP Warning:  fread() expects parameter 1 to be resource, boolean given in /home/host/website.com/public_html/wp-includes/functions.php on line 6026
[24-Sep-2020 14:20:19 UTC] PHP Warning:  fclose() expects parameter 1 to be resource, boolean given in /home/host/website.com/public_html/wp-includes/functions.php on line 6029
[24-Sep-2020 14:20:19 UTC] PHP Warning:  fopen(/home/host/website.com/public_html/wp-content/plugins/all-in-one-wp-migration-file-extension/all-in-one-wp-migration-file-extension.php): failed to open stream: No such file or directory in /home/host/website.com/public_html/wp-includes/functions.php on line 6023
[24-Sep-2020 14:20:19 UTC] PHP Warning:  fread() expects parameter 1 to be resource, boolean given in /home/host/website.com/public_html/wp-includes/functions.php on line 6026
[24-Sep-2020 14:20:19 UTC] PHP Warning:  fclose() expects parameter 1 to be resource, boolean given in /home/host/website.com/public_html/wp-includes/functions.php on line 6029

    For me this looks like a php error not an infection. Is this enough information to confirm that this is not an infection? Thank you!

    • This reply was modified 5 years, 7 months ago by outwork.
    Plugin Support WFAdam

    (@wfadam)

    5 years, 7 months ago

    Just looking at these filenames, they look like core files that have been changed, not maliciously, but possibly updated and cached.

    I would say they look like false positives. Looks like its just an error log to me.

    Let me know what you find!

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Unknown file in WordPress core – error message’ is closed to new replies.