Anonymous User 17880307
(@anonymized-17880307)
That means there was a file found in the WP Core folders, which does not belong there.
Can you show the content of the file? I can then clearly say if it is of malicious or harmless nature. The mentioned file definitely does not exist there normally (only without -ajax): https://github.com/WordPress/WordPress/tree/master/wp-includes/blocks
Hi @lucyequ,
@danielrufde is absolutely correct that Wordfence will flag files that should not be present in the WordPress core installation folders. Sometimes, plugins will erroneously add harmless files here but it isn’t good practice and will often be a good hint that a malicious file has been placed on your site.
Unless you added the file yourself or are aware of its contents, the best action is to remove it after a scan if you are presented with that option.
Let me know if you have any issues doing that!
Thanks,
Peter.
Thank you very much for your help, I have now removed these files
Anonymous User 17880307
(@anonymized-17880307)
@lucyequ best would be to also analyze how it got there and when. Otherwise you can not ensure, that your system has no backoors or hidden webshells.
For this you can check the timestamps of the file and your accesslog files.
