30 Unknown files in WordPress core

  • Resolved Primož

    (@primozkosta)


    1 year, 3 months ago

    After recent scan Wordfence results show 30 index.php files in different folders marked as Unknown file in WordPress core – see examples below:

    • wp-includes/php-compat/index.php
    • wp-includes/pomo/index.php
    • wp-includes/random_compat/index.php
    • wp-includes/rest-api/index.php
    • wp-includes/sitemaps/index.php
    • wp-includes/sodium_compat/index.php
    • wp-includes/style-engine/index.php
    • wp-admin/images/index.php
    • wp-admin/includes/index.php
    • wp-admin/js/index.php
    • wp-admin/maint/index.php
    • and so on…

    All index.php files have the same content (see below) and were last modified (I don’t know why or by whom) on the same date 2023-02-22, at the same time 15:24:15. There are no other files in the same folders that have been modified.

    <?php
// Silence is golden

    The website is installed in subfolder, under main website.

    Is this a real thread or false positive?

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Luke Cavanagh

    (@lukefiretoss)

    1 year, 3 months ago

    These are the only index.php files which should exist in WordPress core.

    https://github.com/WordPress/WordPress/search?q=index.php

    Plugin Support wfpeter

    (@wfpeter)

    1 year, 3 months ago

    Hi @primozkosta,

    The above link also includes mentions of “index.php” files. The “silence is golden” contents are reflective of WordPress’ own index.php files that appear in locations such as /wp-content, /plugins, and /themes folders. These are to prevent the directory structure and contained files accidentally becoming readable in the browser.

    Whilst the contents of the files aren’t a concern, they shouldn’t be in the folders you’re showing by default. They may have been put there by another plugin you have installed to “hide” folder contents but this isn’t usual good practice. You can choose to ignore them if you now know how they were placed or choose to have Wordfence remove them. Before getting Wordfence to repair or remove anything, it’s good practice to take a full site backup beforehand.

    Thanks,
    Peter.

    Thread Starter Primož

    (@primozkosta)

    1 year, 3 months ago

    Hey @lukefiretoss and @wfpeter

    Thank you for reply.

    Based on your info I can confirm, that those index.php files were added by another security plugin.

    I made a full site backup and deleted those files, since directory listing/browsing is disabled by default by my web host.

    Thank you again for your help.

    Best regards,
    Primož

    Plugin Support wfpeter

    (@wfpeter)

    1 year, 3 months ago

    Hi @primozkosta, no worries and happy to help!

    I can’t confirm for sure which plugin may have added them, but as the contents weren’t malicious and the usual purpose of index files like this is known, that was a possible conclusion as to where they’ve come from.

    Thanks,
    Peter.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘30 Unknown files in WordPress core’ is closed to new replies.

Tags