Who updates the wp-admin/core file?

I can see it's a CDN file and I can't access it. My security plugin alerted me that there had been a modification to the wp-admin/core file, but I didn't change anything. I haven't updated to 5.0 yet. So who changed it?

I apologize if this is a duplicate. I can only find "how to" posts about core updates, not anything specifying who actually updated it.

I'm just not sure if this is a security concern or a normal process with Wordpress.

Edit: this is the file in question

Topic core-modifications core security Wordpress

Category Web

1
answered at

There is no 'core' file in WP core files.

So if there is such file, you don’t have access to it and it gets modified, then you should be really concerned.

My guess would be that it’s some malware/backdoor script. And since it’s created by server script, then there is a chance you can’t access it with FTP client.

The easiest approach would be to try to delete it using some script, or maybe with web FTP (if your hosting provides one).

PS. Security scans will always be clean in such case. Most of the time these scanners are scanning only the front of your site. They don’t have access to all files placed on your server. On the other hand - if you used a scanner that really has access to your server, then it will have the same access as you (so that scanner won’t be able to scan that file, if you can’t access it).

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.