Issue
WordFence for WordPress scan reports the following "high" level security warnings:
Unknown file in WordPress core: wp-admin/css/colors/light/php.ini (+ 94 more).
This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. 94 more similar files were found.
Resolution
All the unknown files were php.ini. They were added by the previous hosting provider 1&1 - IONOS. Not sure why IONOS added all those files (normally you only need one php.ini for each site). The fix was simply deleting all of them (using WinSCP in this case).
January 2024
WordPress
WordFence
IONOS 1&1
