Some of our graphic designer's and also our clients that are not developers for designers are having a hard time understanding when action should be taken when we get warnings from defender like this from defender plugin:
May I ask another defender question in the string or should I open a new one?
My question is for non-developers or non-engineers, how are people supposed to react responsibly two reports we get from defender like this without doing more damage than just leaving them. Basically a non-technical person would not have any clue on what these files do or do not do or if they're appropriate to have:
WP Defender here, reporting back from the front.
I've finished scanning http:// for vulnerabilities and I found 10 issues that you should take a closer look at!
/wp-admin/uploader/upload.php Unknown file in WordPress core
/wp-includes/functions.php This WordPress core file appears modified
/wp-includes/functions.php.orig Unknown file in WordPress core
/wp-includes/load.php This WordPress core file appears modified
/wp-admin/uploader/pclzip.lib.php Unknown file in WordPress core
/wp-admin/theme-uploader.php Unknown file in WordPress core
/wp-admin/includes/upgrade.php This WordPress core file appears modified
/wp-admin/includes/upgrade.php.orig Unknown file in WordPress core
/wp-admin/plugin-uploader.php Unknown file in WordPress core
/wordfence-waf.php Unknown file in WordPress core
We don't necessarily want to take action because we don't know what the negative repercussions would be. How do we educate ourselves and our clients to be more aware of what is dangerous and should be eliminated and what is a false positive in your scan?