security - Who updates the wp-admincore file?

I can see it's a CDN file and I can't access it. My security plugin alerted me that there had been a modification to the wp-admin/core file, but I didn't change anything. I haven't updated to 5.0 yet. So who changed it?

I apologize if this is a duplicate. I can only find "how to" posts about core updates, not anything specifying who actually updated it.

I'm just not sure if this is a security concern or a normal process with Wordpress.

Edit: this is the file in question

I can see it's a CDN file and I can't access it. My security plugin alerted me that there had been a modification to the wp-admin/core file, but I didn't change anything. I haven't updated to 5.0 yet. So who changed it?

I apologize if this is a duplicate. I can only find "how to" posts about core updates, not anything specifying who actually updated it.

I'm just not sure if this is a security concern or a normal process with Wordpress.

Edit: this is the file in question

• security
• core
• core-modifications

Share Improve this question edited Dec 12, 2018 at 17:30 jarrodwhitley asked Dec 12, 2018 at 16:47 jarrodwhitleyjarrodwhitley 12311 silver badge1010 bronze badges 9

• In my fresh WP install there is no file /wp-admin/core_(there is _/wp-admin/update-core.php though). Nevertheless: usually no one changes the plugin, might have been an eager host, might have been a hacker. Can't say unless we know how it changed – kero Commented Dec 12, 2018 at 16:49
• That's the problem. I can't actually access the file. Plus, I wouldn't know what to look for. All my security scans come back clean, but I don't like files changing without me knowing who did it. – jarrodwhitley Commented Dec 12, 2018 at 16:51
• Have you tried contacting the security plugin's authors? Maybe its a false positive that they know about. – kero Commented Dec 12, 2018 at 16:56
• Is the file actually named wp-admin/core, or is it something else? That doesn't sound to me like an actual WordPress file. – Pat J Commented Dec 12, 2018 at 17:09
• 1 It's possible that it's a core dump file (see Naming for why I think this might be the case), which isn't part of WordPress and definitely shouldn't be left there. – Pat J Commented Dec 12, 2018 at 19:06

 |  Show 4 more comments

1 Answer 1

Sorted by: Reset to default 1

There is no 'core' file in WP core files.

So if there is such file, you don’t have access to it and it gets modified, then you should be really concerned.

My guess would be that it’s some malware/backdoor script. And since it’s created by server script, then there is a chance you can’t access it with FTP client.

The easiest approach would be to try to delete it using some script, or maybe with web FTP (if your hosting provides one).

PS. Security scans will always be clean in such case. Most of the time these scanners are scanning only the front of your site. They don’t have access to all files placed on your server. On the other hand - if you used a scanner that really has access to your server, then it will have the same access as you (so that scanner won’t be able to scan that file, if you can’t access it).