Hellp!!! Hosting provider slotted a script without alerting me and I'm wondering

I recently installed Wordfence and after scanning, it was detected that WordPress core file modified: wp-config-sample.php as been done. Now after investigation further, it was discovered that these were added and I want know if it is malicious or safe for my multisite?

/** Sets up WordPress vars and included files. */ 79 /** Sets up WordPress vars and included files. */
80 require_once(ABSPATH . 'wp-settings.php');


/** Sets up WordPress vars and included files. */
80 require_once(ABSPATH . 'wp-settings.php'); 80 require_once(ABSPATH . 'wp-settings.php');
81 81
82 /**
83 * Include tweaks requested by hosting providers. You can safely
84 * remove either the file or comment out the lines below to get
85 * to a vanilla state.
86 */
87 if (file_exists(ABSPATH . 'hosting_provider_filters.php')) {
88 include('hosting_provider_filters.php');
89 }

Filename: wp-config-sample.php
File type: WordPress Core File

Help, how can I handle this?


  • Ash
    • WordPress Hacker

    Hello @Barni

    I hope you are well today and thanks for asking the question.

    First of all, wp-config-sample.php is never used in wordpress once you complete the installation. Did you use one-click installer to install the wordpress? I believe those code was written by your hosting provider using automatic script to track. You can simple delete wp-config-sample.php file. Also, you must check wp-config.php file and delete the lines if there is that code too. Those lines are not necessary.

    Hope it helps :slight_smile: Please feel free to ask more question if you have any.


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.