Title: WordPress core file modified notification
Last modified: November 2, 2018
---
# WordPress core file modified notification
* Resolved [birdiedesign](https://wordpress.org/support/users/birdiedesign/)
* (@birdiedesign)
* [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-file-modified-notification/)
* Hi,
* I just got an notification from Wordfence that 5 core files were modified. I’m
not seeing anything that has changed on my website. Still looks the same. I’m
not sure what to do.
* The files are modified are:
wp-admin/includes/upgrade.php wp-includes/functions.
php wp-includes/load.php Unknown file in WordPress core: wp-includes/functions.
php.orig Unknown file in WordPress core: wp-admin/includes/upgrade.php.orig
* I am not good at php so not sure if this is bad, but I’ve looked at the first
modified file to see what’s changed and this is what is says:
* Original version:
if ( is_wp_error( $result ) ) die( $result->get_error_message());
* Modified version:
if ( is_wp_error( $result ) ) { echo $result->get_error_message();
exit(1);
* And should I delete the unknown files? Please help!
* Kind regards,
Michelle
Viewing 6 replies - 1 through 6 (of 6 total)
* Thread Starter [birdiedesign](https://wordpress.org/support/users/birdiedesign/)
* (@birdiedesign)
* [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-file-modified-notification/#post-10848205)
* Can anyone please answer this question?
* Thread Starter [birdiedesign](https://wordpress.org/support/users/birdiedesign/)
* (@birdiedesign)
* [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-file-modified-notification/#post-10851977)
* I’m sorry I know you’re busy, but please answer this question. This situation
still exists and I don’t know what course of action to take. Please help!
* [wfasa](https://wordpress.org/support/users/wfasa/)
* (@wfasa)
* [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-file-modified-notification/#post-10853261)
* Hi [@birdiedesign](https://wordpress.org/support/users/birdiedesign/),
* The code change you sent in a sample of causes database errors to be printed
out to the browser instead of logged and handled within the WordPress environment.
* My first suspicion would be that this was done by someone who was trying to fix
something on the site, like a developer you have hired, someone you’re managing
the site with or your web host. It is also possible that it was done by a malicious
actor but it doesn’t strike me as typical malware.
* The unknown files could be your original files without the modifications which
whomever made the change created as a backup in case they broke the site.
* I’d advise you to check last modified timestamp on the files so you can pin point
an exact time when it happened and then review who has access to your site and
could have made these modifications.
* Thread Starter [birdiedesign](https://wordpress.org/support/users/birdiedesign/)
* (@birdiedesign)
* [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-file-modified-notification/#post-10853310)
* Hi wfasa,
* Thank you so much for your reply! No one has access to the site, but me. I would
think if it is malware it would change something on the site, but it still works
and looks the same as before. It could be the web host though. Is it safe click
on “repair” or should I just ignore it?
* Another example of a modified file: wp-includes/load.php
* Original:
* ```
if ( is_wp_error( $prefix ) ) {
wp_load_translations_early();
wp_die(
/* translators: 1: $table_prefix 2: wp-config.php */
sprintf( __( 'ERROR: %1$s in %2$s can only contain numbers, letters, and underscores.' ),
```
* Modified:
* ```
if ( is_wp_error( $prefix ) ) {
wp_load_translations_early();
// add by APS - display error on
if(defined('APSCONFIGURE')){
throw new Exception(
/* translators: 1: $table_prefix 2: wp-config.php */
sprintf( __( 'ERROR: %1$s in %2$s can only contain numbers, letters, and underscores.' ),
'$table_prefix',
'wp-config.php'
)
);
}
wp_die(
/* translators: 1: $table_prefix 2: wp-config.php */
sprintf( __( 'ERROR: %1$s in %2$s can only contain numbers, letters, and underscores.' ),
```
* Hope you can help me further. Thanks again for your time!
* Kind regards,
Michelle
* [wfasa](https://wordpress.org/support/users/wfasa/)
* (@wfasa)
* [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-file-modified-notification/#post-10853651)
* Hi again,
Yeah, your host has access to your site. This looks like something
they may have implemented. I strongly suggest you reach out to them and inquire
about what “APSCONFIGURE” is and why it’s modifying your core files.
* I would recommend you do that before you repair, else the modifications may just
keep happening over and over again.
* If you want to, you could ignore it I suppose but if I were you I’d be curious
why they are modifying core files since that’s not recommended.
* Thread Starter [birdiedesign](https://wordpress.org/support/users/birdiedesign/)
* (@birdiedesign)
* [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-file-modified-notification/#post-10855869)
* Hi,
* Thanks again. I’m glad it isn’t anything malicious. I will contact my hosting
about this.
Viewing 6 replies - 1 through 6 (of 6 total)
The topic ‘WordPress core file modified notification’ is closed to new replies.
* 
* [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
* [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
* [Support Threads](https://wordpress.org/support/plugin/wordfence/)
* [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
* [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
* [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)
## Tags
* [core file modified](https://wordpress.org/support/topic-tag/core-file-modified/)
* 6 replies
* 2 participants
* Last reply from: [birdiedesign](https://wordpress.org/support/users/birdiedesign/)
* Last activity: [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-file-modified-notification/#post-10855869)
* Status: resolved