[Defender] Defender recognizes core files as "potentially harmful" files

Hello,

Defender is keeping me busy. As you can see here: https://prnt.sc/j1ol7j
Some Core files are being flagged as "potentially harmful".

Why is that?

Greets,
Thomas

  • Fabio Fava
    • WordPress DevOps

    Hey Thomas

    The first file seems to be a readme.html file in your language, and the second is only needed before WordPress is installed. If your WordPress is already working and even have Defender installed, you can safely delete both files (click on the Tool Icon then select Delete).

    P.S. -> The ReadMe File is always re-installed on every WordPress Update/Upgrade. Anyway you can always delete them with no fear.

    Hope it helps, cheers!

  • Thomas
    • Flash Drive

    Hello Fabio,

    thank you for your fast response! :slight_smile: However, my question was why. Doesn't Defender know that this file is part of the core? And why do I have to delete that file - never read about that.

    Thank you in advance for clarification!

    Greets,
    Thomas

  • Fabio Fava
    • WordPress DevOps

    Hey Thomas

    They are actually NOT part of the WordPress Core, but auxiliary files that should be deleted just after install by the Server/WordPress Admin. By legal matters, the ReadMe File is installed again after every WordPress update/upgrade. The wp-config-sample.php is a dummy file for people who downloads WordPress from WordPress.org and didn't prepare a proper wp-config.php file for the WordPress First Run.

    Hope it clears your question, have a good day!

  • Adam Czajczyk
    • Support Gorilla

    Hi Thomas

    Only the first file (the readme.html, translated) is reported as "non-core" file. That's because Defender doesn't recognize that file yet (and in fact there's not many files in a "default WP package" that are actually using translated file names in language versions other than English).

    We will, however, be adding ability to recognize them to Defender. The plan is that it should be included in 1.8 release so if nothing changes, the plugin will be able to recognize such files then.

    The "wp-config-sample.php" file - that's a proper file and even though it should actually be deleted after WP install (or renamed to wp-config.php) it's not recognized as a "non-core" file. Instead it's reported as "possibly might have been modified" which basically means: "we have found that the file content is different than standard one so you might want to double-check that file to make sure that everything's fine".

    In this particular case, I'm pretty sure that this is caused by the same. If I'm not mistaken, the content of the file (all the comments) are also translated and not in English so the aforementioned update should solve the issue.

    As of now, you can safely ignore these reports or, as suggested by Fabio Fava above, just delete them.

    Best regards,
    Adam

  • Predrag Dubajic
    • Support

    Hi Thomas,

    All of the files and folders listed there are not part of the WP core and that's why they are reported.

    Do you know how these were added, by you, or by your theme or plugins?
    If you know which plugins/theme added those, and they are from a trusted source you can ignore these reports.
    If not, you should check why those are added, see if they are misplaced perhaps and move them to a proper destination.

    Best regards,
    Predrag

  • Thomas
    • Flash Drive

    Hello Predrag,

    thank you for your reply. What I wanted to say is that these files have been added by me several months ago but never got a report for these files. Now I got a report that Defender recognized these files - before that report these files were never be mentioned. So I wonder why now and not before.

    Greets,
    Thomas

  • Adam Czajczyk
    • Support Gorilla

    Hi Thomas

    Now I got a report that Defender recognized these files - before that report these files were never be mentioned.

    That's a fair question but the issue behind it might be a bit difficult to diagnose now, after you actually got them reported. Let me ask some questions then. That's in an e-mail report but apart from e-mails:

    - where you checking "manually" the "Defender Pro -> File Scanning -> Issues" page in your site's back-end?
    - do you have (and did you have before) "File Scanning" schedule enabled in Defender's File Scanning settings?
    - where you receiving mails before and those files were not there or you weren't receiving such reports from Defender at all?

    Let me know, please.

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.