wp-includes, file modified and new file

  • Resolved islp

    (@islp)


    10 months, 3 weeks ago

    Hello, this morning WF scan found two problems in my wp-includes directory:

    1. the file class-wp-hook.php had been modified;
    2. there was a second file in the directory (class-wp-hook.php__DFTwp_BACKUP__1748091878.bak);
    3. both the files had very old dates, but I backup my files and found in the latest backup files weren’t there;

    WF is always active and there was no brute force attack, apparently.
    The directory permissions are set to 755, and the files inside to 644.

    How did this happen?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    10 months, 3 weeks ago

    Hi @islp, thanks for your message.

    The only seemingly legitimate reference to a file being modified with “DFTwp_BACKUP_…” is with a plugin called Find Slow Functions & Actions & Filters & Hooks (Debug Bar). It’s mentioned on the plugin page there. The installation number is lower than 10, but do you (or have you) had that installed?

    If you don’t have that installed, it may be appropriate to delete the .bak file and see if you’re able to verify/revert the changes to class-wp-hook.php from your scan results.

    Thanks,
    Peter.

    Thread Starter islp

    (@islp)

    10 months, 3 weeks ago

    @wfpeter You saved me from going crazy: I’ve been analyzing 30 days of raw logs only to find that there were multiple bad bots around, but none apparently related to wp-includes. And, yes, I installed that plugin for 5 minutes but in the end I had to uninstall it because it made the website very slow.

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘wp-includes, file modified and new file’ is closed to new replies.

Tags