Title: Wordfence Issues (wp-Feed.php & wp-tmp.php) Last modified: February 26, 2018 --- # Wordfence Issues (wp-Feed.php & wp-tmp.php) * Resolved [malycom](https://wordpress.org/support/users/malycom/) * (@malycom) * [8 years, 3 months ago](https://wordpress.org/support/topic/wordfence-issues-wp-feed-php-wp-tmp-php/) * Hi * Wordfence has detected two new unknown files. wp-includes/wp-feed.php and wp- includes/wp-tmp.php * Any idea if Wordfence has a fix for this? Failing that, what do I need to do? * Not even sure if these files are dodgy or not. * Thanks in advance Viewing 5 replies - 1 through 5 (of 5 total) * [bluebearmedia](https://wordpress.org/support/users/bluebearmedia/) * (@bluebearmedia) * [8 years, 3 months ago](https://wordpress.org/support/topic/wordfence-issues-wp-feed-php-wp-tmp-php/#post-10015680) * Those are definitely NOT valid WordPress files – so it is very possible your site was compromised in some way… possibly even at the server level, which Wordfence would not be able to deal with (since it’s out of their scope)… * However, WF would flag those files as non-core WordPress files and throw up a warning for you during its scan. * I would suggest you check their site cleaning guide >> [https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/) * [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [8 years, 3 months ago](https://wordpress.org/support/topic/wordfence-issues-wp-feed-php-wp-tmp-php/#post-10015736) * For grins, I’d also look at the contents of the files… as well as experimenting with adding those file names to the “Immediatly Block URLs” list. Oh, and I’d google those file names and see what comes up. MTN - This reply was modified 8 years, 3 months ago by [mountainguy2](https://wordpress.org/support/users/mountainguy2/). Reason: backpack * [Joel Masci](https://wordpress.org/support/users/joelmasci/) * (@joelmasci) * [8 years, 3 months ago](https://wordpress.org/support/topic/wordfence-issues-wp-feed-php-wp-tmp-php/#post-10016418) * This is a hack, and a common one, and one I am working on as we speak. I didn’t read your whole post. Lots of stuff on the internet about it however. * [Joel Masci](https://wordpress.org/support/users/joelmasci/) * (@joelmasci) * [8 years, 3 months ago](https://wordpress.org/support/topic/wordfence-issues-wp-feed-php-wp-tmp-php/#post-10016502) * There is also malicious code in your functions.php files in probably all your themes, and if you have more than 1 website in same environment those are probably infected also. Also look out for wp-vcd.php in wp-includes as well as the other 2 you mentioned, and wp-includes/post.php will have a line at the top that needs to be removed also. Don’t just use my advice though, google it. * Thread Starter [malycom](https://wordpress.org/support/users/malycom/) * (@malycom) * [8 years, 3 months ago](https://wordpress.org/support/topic/wordfence-issues-wp-feed-php-wp-tmp-php/#post-10019247) * Thank you everyone for you advice. * Unfortunately, this is beyond my scope of expertise so I’ve decided to pay to have it cleaned. * Cheers Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Wordfence Issues (wp-Feed.php & wp-tmp.php)’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 5 replies * 4 participants * Last reply from: [malycom](https://wordpress.org/support/users/malycom/) * Last activity: [8 years, 3 months ago](https://wordpress.org/support/topic/wordfence-issues-wp-feed-php-wp-tmp-php/#post-10019247) * Status: resolved