Errors on WordFence for WP install--need to fix or not?

Hi all,

I got an email message from Wordfence that said things like the following for several different files:

  • Unknown file in WordPress core: wp-includes/js/tinymce/skins/lightgray/fonts/
  • Unknown file in WordPress core: wp-includes/js/tinymce/skins/lightgray/fonts/tinymce-small.json
    –and others…

When I logged into Wordfence and went to the “issues” area it said this:

“This file is in a WordPress core location but is not distributed with this version of WordPress. This is usually due to it being left over from a previous WordPress update, but it may also have been added by another plugin or a malicious file added by an attacker.”

Then it gives me options to delete the file.

I don’t know what any of the files are. Should I delete them or move them or just leave as is or what?

Probably this depends on what the files are and whether I’m using them? But if their names aren’t meaning anything to me then how might I tell?

This is a pretty open question I’m guessing…sorry…from a newbie.


Hey Christina,

I’ve heard that from a few other folks and I’m fairly certain it’s simply due to WordPress having updated before Wordfence had a chance to update their definitions. WordPress recently release version 4.8 which naturally changes many core files (for the better!) and Wordfence is just confused by that. Nothing to worrry about at all!

Oooooh try fewster :slight_smile:

Thanks so much, Tim. Really helpful to know.

I see fewster on github but I can’t quite tell what it does from this page! GitHub - pgogy/WordPress-Fewster: WordPress anti hack tool