Resolve, ignore, or delete Defender issues

HEY, HEROES!

I have a DEFENDER issue (again). on my one site I have 389 files needing urgent attention. The issue for each is "Unknown file in WordPress core."

I have three options:

1) Resolve it. Each one reads, "We found this file floating around in your WordPress file list but it's not required by your current WP Version. As far as we can tell it's harmless (probably from an older WP install) so you can either delete it or ignore it, up to you! (please be sure to make a backup before you do start deleting files."

2) Ignore it.

3) Delete it.

Here are two screenshots with some issues:

What should I do?

Thanks in advance!

NEAL

  • Rupok

    Hi NEAL, hope you had a wonderful day.

    I'm afraid, there is no way out of the box to delete them as a group and you have to delete them one by one.

    But this sounds to be a good idea. So I'm moving your thread to our Features and Feedback section. More people liking the idea, more chances our developers will work on this and will include this feature in our future releases.

    Have a nice day. Cheers!
    Rupok

  • neal_umphred

    RUPOK

    I am back! I contacted support at HostMonster and asked if there was anything that they could do with the "wp-admin.bak" file. The rep made a back-up then deleted the original file.

    That took my site off the Internet!

    He then restored "wp-admin.bak" and that restored my site to the Internet.

    He then renamed the file, hoping this would remove the 423 suspicious files from Defender.

    Alas, now I have 866 suspicious files, almost all of which are of the UNKNOWN FILE IN WORDPRESS CORE (We found this file floating around in your WordPress file list but it's not required by your current WP Version. As far as we can tell it's harmless probably from an older WP install so you can either delete it or ignore it, up to you).

    What do I do now?

    Best,

    NEAL

  • Rupok

    Hi NEAL, hope you had a wonderful day.

    Well, let me describe the situation. In normal situation, plugins or themes DO NOT add files in core location like "wp-admin" folder, "wp-includes" folder. WordPress has an "uploads" directory in "wp-content" folder and that's the optimum place for uploaded files. If a plugin needs any custom file, it holds them inside it's own folder. For example, if a plugin creates a folder named "test-plugin" inside "wp-content/plugins" folder, then all it's files will be stored inside that "test-plugin" folder. If it requires any native assets like jQuery or anything, developer should know the core file location and simply should be calling those files inside plugin files.

    Now if you find 866 suspicious file in your core location, I'm really afraid, your site is probably compromised. To make sure, you can turn on debug mode, and remove any of those suspicious file. The debug log should say exactly which file requires that removed file. If you find that file was being used by any plugin you trust, then one scenario. But if you find that removed file is being called from another suspicions file, then another scenario which is not good.

    Can you turn on debug mode in WordPress? To enable it, open your wp-config.php file and look for define(‘WP_DEBUG’, false);. Change it to:

    define('WP_DEBUG', true);

    In order to enable the error logging to a file on the server you need to add yet one more similar line:

    define( 'WP_DEBUG_LOG', true );

    In this case the errors will be saved to a debug.log log file inside the /wp-content/directory.

    Depending on whether you want your errors to be only logged or also displayed on the screen you should also have this line there, immediately after the line mentioned above:

    define( 'WP_DEBUG_DISPLAY', false );

    The wp-config.php is located in your WordPress root directory. It’s the same file where the database configuration settings are. You will have to access it by FTP or SFTP in order to edit it.

    Then rename any of those suspicious files, let your site break for a sec, refresh the page, and then rename it back? That single refresh will log the error why the site was broken and that will give us valuable insight regarding your issue.

    Past errors here. If file is very long, paste them to a text file and attach with your reply. I'm looking forward to hear from you and resolve this issue as soon as possible.

    Have a nice day. Cheers!
    Rupok

  • Rupok

    Hi NEAL, hope you had a wonderful day.

    I'm sorry for not being detailed. Let me describe:

    I have never used FTP or SFTP and don't know where they are (online? with my host? download them?) or how to work them

    Can you please ask your host for FTP Login Credentials for your server? When they provide, you can use any FTP Application like FileZilla and login to your server. Then go to the root folder of your domain, there you will find the "wp-config.php" file.

    I don't understand your instructions

    Can you please specify which instruction you could not understand? Regarding those suspicious file and location or FTP instructions or nothing? In that case, can you please talk to your host or forward my reply to your host? They will be able to understand and help you.

    I haven't a clue as to how to do any the above

    As I suggested, your hosting people can help you. Or you can hire a developer from our Jobs Section for doing all these for you. Please keep in mind, developers found in our Jobs Section are not associated with us. So communicate with them well before you send any payments to them.

    Please let us know if you still have any confusion. We will be glad to help.

    Have a nice day. Cheers!
    Rupok

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.