Irritating emails

  • Odido

    (@odido)


    5 days, 23 hours ago

    Hi,
    on Saturday I got an email telling me, that 2709 files have been deleted from within wp-admin. 24 hours later a get an email, that 2709 files have been added to wp-admin. And it s eems as if the files are the same in both cases? Why is WP removing and adding them 24 hours later?
    Thx
    Oliver

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Pawel [SolidWP Support]

    (@solidwppawel)

    5 days, 22 hours ago

    Hi Oliver,

    That’s a good question. The pattern you’re describing — 2709 files removed and then the same 2709 files added 24 hours later — is actually unusual and worth investigating further.

    Solid Security’s File Change Detection runs a daily scan and compares the current state of your files against the previous scan. When WordPress performs a normal automatic update, it overwrites files in place, which would show as changed files — not as removed and then added separately. For the scanner to report files as “removed” in one scan and “added” in the next, those files had to be genuinely absent from your server during the first scan.

    Here are a few things to check:

    1. Check your WordPress version history. Go to Dashboard > Updates and see if a core update was applied around that time. If so, check with your hosting provider — some managed WordPress hosts use a non-standard update process that deletes and recreates core files rather than overwriting them. That would explain this pattern.
    2. Check with your hosting provider. Ask them if they performed any server maintenance, migration, or security scan around that time that might have temporarily removed or moved files.
    3. Review the scan report more closely. In your WordPress admin, go to Security > Dashboard and look at the File Change log entries for those two scans. Check whether the files listed are all standard WordPress core files (like wp-admin/includes/..., wp-admin/css/..., etc.) or if there are any unexpected files in the list.

    If the files are all standard WordPress core files and your hosting provider confirms they did maintenance or a non-standard update, then there’s nothing to worry about. But if you can’t identify a clear cause, it would be worth investigating further, as unexpected file removals and additions can sometimes indicate a security issue.

    Kind regards,
    Paweł

    Thread Starter Odido

    (@odido)

    5 days, 20 hours ago

    Hi Pawel,
    thx for your answer.
    1. 24 hours later???
    2. again: 24 hours later???
    3. the files are in wp-admin and wp-includes. And what about these unprocessed details:

    By the way: the URL for both logs (deleting and adding) says Geplante WP-Cron-Aufgabe (planned cron job)

    Thread Starter Odido

    (@odido)

    5 days, 20 hours ago

    the unprocessed details again:


    id => 87451
    module => file_change
    type => warning
    code => changes-found::0,2709,0
    timestamp => 2026-03-21 17:12:39
    init_timestamp => 2026-03-21 17:12:38
    remote_ip => 85.13.128.30
    user_id => [empty string]
    url => wp-cron
    memory_current => 102654888
    memory_peak => 149401872
    data => Array
    added => Array()
    removed => Array
    wp-admin/includes/credits.php => Array
    d => [integer] 1751022586
    h => 217cf37891c44f65d75ae9c2df2a02c6
    t => r
    s => [integer] 1
    p => WordPress-Kern v6.9.1
    wp-admin/includes/media.php => Array
    d => [integer] 1769764047
    h => 16bb1e4d14e44963135b703fd9bc9879
    t => r
    s => [integer] 1
    p => WordPress-Kern v6.9.1
    Thread Starter Odido

    (@odido)

    5 days, 20 hours ago

    there are faaaaaar more unprocessed details!

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.