Each time you upgrade your site to the latest WordPress version and your have Shield's Hack Guard scanner turned on, scanner could report a certain number of files as "unrecognised" but they could be part of the WordPress core installation files. In this article, we will explain why this happens and how you can deal with it.
Example (after WordPress 4.9 version upgrade)
Scanner has detected non-standard files stored inside the WordPress core installation and identified them as "unrecognised". For example:
...and so on...
What has happened with these files? Why are they "unrecognised"?
These files were there for previous installations and when WordPress upgraded to 4.9, they got left there. Now, the scanner is detecting them as not part of the current WordPress installation files. They are "unrecognised" and you are prompted to either remove or exclude them from the future scans.
NOTE: Shield always uses the currently installed version of WordPress for the scan. It doesn’t take into account what the “latest” version is. For example, if your site reported 4.9 and these files weren’t part of the installation, it would act on that depending upon your preferences. It would never delete files from an installation based on official distribution for a different/later/earlier version.
How to test if the reported files are part of the WordPress core installation files
If you want to test this, you can compare your list of the "unrecognised" files with the WordPress core installation files by following these steps:
- Download your particular WordPress version from here: https://wordpress.org/download/release-archive/
- Unzip wordpress.zip file and open it
- Test the files from your list (one by one); search for the files within the appropriate folder. (Don't forget to follow the path - i.e. file "/wp-admin/js/press-this.js" should be searched within the folder "wp-admin" => "js").
Should I remove or exclude these files from the future scans?
Before you make that decision, we recommend you to talk to your web host first. If they confirm that the detected files are not important for your site(s), you can remove them. If they inform you that some of the files are important, add files into the file exclusion list, and this is how to do that:
Why did this happen in the first place?
So why didn't WordPress remove all the files with the upgrade? There are a couple of possibilities:
- Leaving them there does no real harm, and perhaps some sites were directly accessing those assets and to remove them would break existing installations
- Perhaps the WordPress upgrade is more concerned with installing and upgrading files, and not removing old files.
Either way, and for whatever underlying reason, it happened. It's not a bug with Shield, and probably not a bug with WordPress. Perhaps contact the folks at WordPress.org/Automattic and discuss this with them.
We also recommend you to read here on how the Shield's Hack Guard module works.