Title: WordPress core file modified nav-menu.php
Last modified: August 31, 2016

---

# WordPress core file modified nav-menu.php

 *  Resolved [jim1001](https://wordpress.org/support/users/jim1001/)
 * (@jim1001)
 * [10 years, 2 months ago](https://wordpress.org/support/topic/wordpress-core-file-modified-nav-menuphp/)
 * Using Wordfence Security v6.0.24
 * Hello there,
 * Yesterday I got a “Critical Problem” message from Wordfence:
    “WordPress core
   file modified: wp-includes/nav-menu.php.”
 * I can’t see any evidence of modification and my FTP client shows the file was
   last modified at the same time as a lot of other files in that folder, 09/12/
   2015. No-one other than myself had logged in yesterday and the /wp-admin URL 
   is firewall protected.
 * I wonder how these messages are generated. Do they sometimes give misleading 
   information?
 * Thanks,
    Jim
 * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * (@wfmattr)
 * [10 years, 2 months ago](https://wordpress.org/support/topic/wordpress-core-file-modified-nav-menuphp/#post-7153864)
 * Hi,
 * We usually don’t see false positives on core files, and there have been infections
   lately that target nav-menu.php specifically. I believe the code is usually placed
   far in the middle of the file. Attackers can reset the dates on files, so they
   appear not to be modified, so Wordfence checks whether the file contents have
   changed.
 * On the Wordfence scan results, you can click the link “See how the file has changed”
   for that file, to see what differences are reported.
 * Clicking “Restore the original version of this file” should fix the issue.
 * We also have a guide here, to help clean hacked sites. Some of the more aggressive
   scan options may find additional files, and there are recommendations on updates,
   passwords, etc., which may help prevent reinfection:
    [How to clean a hacked website](https://www.wordfence.com/learn/how-to-clean-a-hacked-website/)
 * -Matt R
 *  Thread Starter [jim1001](https://wordpress.org/support/users/jim1001/)
 * (@jim1001)
 * [10 years, 2 months ago](https://wordpress.org/support/topic/wordpress-core-file-modified-nav-menuphp/#post-7153902)
 * Matt,
 * Many thanks for your very helpful reply. Will try your suggestions.
 * Best wishes,
    Jim

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘WordPress core file modified nav-menu.php’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [critical problem](https://wordpress.org/support/topic-tag/critical-problem/)

 * 2 replies
 * 2 participants
 * Last reply from: [jim1001](https://wordpress.org/support/users/jim1001/)
 * Last activity: [10 years, 2 months ago](https://wordpress.org/support/topic/wordpress-core-file-modified-nav-menuphp/#post-7153902)
 * Status: resolved