Title: WordPress core files modified
Last modified: October 25, 2018

---

# WordPress core files modified

 *  Resolved [MarkMadeDesign](https://wordpress.org/support/users/markmadedesign/)
 * (@markmadedesign)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-files-modified-3/)
 * Getting some strange errors over some core WP files being modified. Network Solutions
   support said I should change them back to what they were but I’m a little hesitant
   to do so. Any ideas on these below and should I hit “Repair” in Wordfence? Or
   is it malware?
 * WordPress core file modified: wp-admin/includes/update.php
    WordPress core file
   modified: wp-includes/http.php WordPress core file modified: wp-includes/update.
   php
 * In this “update.php” example here are the differences noted by Wordfence.
 * `$url = $http_url = 'http://api.wordpress.org/core/checksums/1.0/?' . http_build_query(
   compact( 'version', 'locale' ), null, '&' );`
 * …was modified to…
 * `$url = $http_url = 'http://atl4.violin.web.com/services/wpplat/getchecksum?'.
   http_build_query( compact( 'version', 'locale' ), null, '&' );`
 * Also, not sure its related, but I took a month off from this WordPress project
   and when I returned to it I noticed some of the page content was hidden from 
   the front-end, but still intact in the WP back end, when it was appearing just
   fine when I was last working on this project. This prompted me to install / scan
   with Wordfence and find these errors. In case these core file changes are affecting
   this page content (<?php the_content(); ?> in my theme code). Example link below.
 * [http://spaindifference.com/our-people/](http://spaindifference.com/our-people/)–
   content under title not showing
 * This site is hosted via Network Solutions “WordPress hosting”, in case that matters.
   Thanks in advance to any help or insight that can be provided.

Viewing 7 replies - 1 through 7 (of 7 total)

 *  [wfasa](https://wordpress.org/support/users/wfasa/)
 * (@wfasa)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-files-modified-3/#post-10818906)
 * Hi [@markmadedesign](https://wordpress.org/support/users/markmadedesign/)!
    That
   change struck me as odd initially but when doing a lookup on your domain spaindifference.
   com the owner of the network shows up as Web.com, Inc. Your WordPress API URL
   was changed to violin.web.com so therefore I suspect this change may have been
   made by your host? It seems strange that they wouldn’t be aware of it though.
 * I would recommend you download the affected files so you have a record of what
   changed in them, then I’d recommend you reach out to your host and ask what atl4.
   violin.web.com/services/wpplat/getchecksum is and if they’ve recently implemented
   some customization of the WordPress update functions on your site.
 *  Thread Starter [MarkMadeDesign](https://wordpress.org/support/users/markmadedesign/)
 * (@markmadedesign)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-files-modified-3/#post-10820093)
 * Thank you so much! I too thought it might have something to do with the hosting
   based on some research I did find. I will download those files as a record and
   reach out to my hosting based on your feedback.
 *  Thread Starter [MarkMadeDesign](https://wordpress.org/support/users/markmadedesign/)
 * (@markmadedesign)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-files-modified-3/#post-10820371)
 * Hi wfasa,
 * It sounds like that web.com link that was inserted in the core files does not
   ring a bell to hosting support and they said their system does not automatically
   change file names like that. So there’s a chance it could be malware but they
   said to try and correct those files to what they were. Or to remove those files
   and “re-install” (WordPress I assume they meant, which I’ve never re-installed
   before). I would also change my passwords too. Here’s a screenshot below to the
   Wordfence alert.
 * [https://cl.ly/0dd2dba5e3a7](https://cl.ly/0dd2dba5e3a7)
 * Would you recommend the same? Something else?
    -  This reply was modified 7 years, 7 months ago by [MarkMadeDesign](https://wordpress.org/support/users/markmadedesign/).
 *  [wfasa](https://wordpress.org/support/users/wfasa/)
 * (@wfasa)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-files-modified-3/#post-10826396)
 * Hi [@markmadedesign](https://wordpress.org/support/users/markmadedesign/),
    I
   would recommend you demand that your webhost explains what [http://atl4.violin.web.com/services/wpplat/getchecksum](http://atl4.violin.web.com/services/wpplat/getchecksum)
   is. It’s their domain. They are literally hosting that. They need to go look 
   and find out what it is. (Network solutions is owned by web.com).
 *  [wfdave](https://wordpress.org/support/users/wfdave/)
 * (@wfdave)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-files-modified-3/#post-10878187)
 * Hi [@markmadedesign](https://wordpress.org/support/users/markmadedesign/),
 * It sounds like the issue is caused by your hosting provider. I would recommend
   asking them for an explanation.
 * I’ve gone ahead and marked this thread as resolved. Feel free to open another
   thread if you’re still having issues with Wordfence.
 * Thanks!
 *  [zulumoongondolas](https://wordpress.org/support/users/zulumoongondolas/)
 * (@zulumoongondolas)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-files-modified-3/#post-10880403)
 * //@wp_mail($email, __(‘New WordPress Site’), $message);
 * These two // forward slashes were added to my upgrade.php file.
 * What should I do?
 *  [wfasa](https://wordpress.org/support/users/wfasa/)
 * (@wfasa)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-files-modified-3/#post-10884837)
 * [@zulumoongondolas](https://wordpress.org/support/users/zulumoongondolas/),
    
   Have you checked with your hosting provider if they made that change?

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘WordPress core files modified’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [core files](https://wordpress.org/support/topic-tag/core-files/)

 * 7 replies
 * 4 participants
 * Last reply from: [wfasa](https://wordpress.org/support/users/wfasa/)
 * Last activity: [7 years, 7 months ago](https://wordpress.org/support/topic/wordpress-core-files-modified-3/#post-10884837)
 * Status: resolved