Hello, I've got Wordfence installed on my Wordpress site, and this morning I received a notification letting me know that a core file had been modified. Here is the notification:
WordPress core file modified: wp-admin/includes/class-wp-site-health-auto-updates.php
I had Wordfence restore the file, and afterwards I could no longer run a scan of the website, so I reverted back to the modified version of the file. Is this something GoDaddy would have modified? It seems like a strange change for a hack. Here are the changes made to the file:
Solved! Go to Solution.
So I've done some digging and received some help over at the Wordfence forums: https://wordpress.org/support/topic/core-file-modified-class-wp-site-health-auto-updates-php/#post-1...
In case anyone else has this issue and finds this helpful: this was a change GoDaddy made while doing an auto-update through Installatron to somehow help with a PHP issue on the GoDaddy servers??? I don't know. I had originally turned off any auto-updates, but apparently at some point it got turned back on for minor updates, and last night my site was updated from 5.2.1 to 5.2.2, which is when the core file was modified. I had tried having Wordfence repair the file, but it caused an error and Wordfence could no longer complete a scan, so I reverted back to the modified file. So I then simply logged in the to Wordpress site and did a re-install from the updates dashboard which removed any changes with the core files. Back up and running and the Wordfence scan came back clean.
Thanks @mrbills for coming back and sharing what you learned!! I'm sure other GoDaddy community members will appreciate seeing the info you posted in the future. Take care!