WordFence for WordPress scan reports the following "high" level security warnings:

Unknown file in WordPress

Unknown file in WordPress core: wp-admin/css/colors/light/php.ini (+ 94 more).
This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. 94 more similar files were found.


All the unknown files were php.ini. They were added by the previous hosting provider 1&1 - IONOS. Not sure why IONOS added all those files (normally you only need one php.ini for each site). The fix was simply deleting all of them (using WinSCP in this case).

January 2024

No comments

Leave your comment

In reply to Some User
Captcha Image