making sue these are not legit wordpress files

Hi,
Are any of these files legit wordpress files?
wordfence-waf.php
ssv3_directory.php
500.php

These were found by defender recently.

  • Adam Czajczyk

    Hello Corn,

    I hope you're having a nice day!

    The "wordfence-waf.php" is a legitmate file. It's a file added by WordFence plugin and is used for Web Application Firewall, see here please:

    https://docs.wordfence.com/en/WAF

    The "500.php" file, judging by the name, would be a file used by the server in case of HTTP 500 error. That's rarely encountered in WordPress installs but if it really is what I expect it to be, it would also be save.

    Just in case, you might want to post the content of this file here so I could take a look in order to be able to confirm that.

    The "ssv3_directory.php" file is a different issue. I never came across it before but according to this site, it's often added by BlueHost:

    https://techblog.willshouse.com/2013/06/29/ssv3_probe-php/

    Just like the author of that post, I'm not sure what is the real reason for adding it and why they do this. It's not a part of WordPress and the content of that file, if it's what is posted in that article, could pose a significant security threat. I would remove that file and also get in touch with hosting company to ask them if they did put it there and what for.

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.