Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Is this a hacking attempt or normal core file update

I was scanning my WordPress site with the plugin called WordFence and it said a core file was changed...

The file in question is...

WordPress core file modified: wp-admin/includes/upgrade.php
Type: Fileand the changes are as follows...
@WP_mail( $email, __( 'New WordPress Site' ), $message );
to this...
//@wp_mail( $email, __( 'New WordPress Site' ), $message );
the difference being the // added in...
should I fix this? and how does that happen?

Re: Is this a hacking attempt or normal core file update

Hi @LeonardRobert ,


Did you ever find out if this was was a hacking attempt or a normal core file update?


Wordfence has discovered the same issue on my client's site. I wondered if it was a changed made by GoDaddy.

Community Manager
Community Manager

Re: Is this a hacking attempt or normal core file update

I would agree with @danbooth, for a few reasons. 


  1. The addition of "//" is used to comment out a line in PHP, so it's removing functionality, not adding anything. 
  2. I found a reference to this line in this WordPress doc. It seems that this line is related to sending a new WordPress blog owner their login details. So if anything, it's safer to not send that information. 

I'm guessing you're hosting your site on a Managed WordPress plan. If so, then anything in the /wp-admin directory would be protected to the point that even you wouldn't be able to change it. If you're not on Managed WordPress and this changed, then you might want to take a closer look at your other plugins and make sure there are no compromises. 


Hope that helps. 


JesseW - GoDaddy | Community Manager | 24/7 support available at | Remember to choose a solution and give kudos.