WP Engine Products

WordPress Hosting

Boost performance while managing less

WooCommerce Hosting

Build faster and sell more with WooCommerce

Headless WordPress

Build, deploy, and manage headless sites

View More Products

Solutions

Small Businesses

Enterprises

Agencies

eCommerce

View More Solutions

Website Tools

Smart Plugin Manager

Website Tester

Website Monitoring

WordPress Themes and Tools

Local WordPress Development

Featured Plugins

Advanced Custom Fields

Build rich, custom content editing experiences

WP Migrate

Migrate WordPress sites with confidence

WP Offload Media

Offload media assets & serve them lightning fast

WP Offload SES

Improve email send reliability with Amazon SES

View More Recommended Plugins

WordPress Resources

WP Engine Resources

Articles and videos for help with WordPress

WP Engine Help Docs

Guides for site setup & troubleshooting

Free Website Migration

Automated migration plugin & support

Find a WordPress Agency

Need help? Search our agency directory

Stay Connected

WP Engine Blog

Builder Community

Headless Developer Community

Torque Magazine

Velocitize Magazine

Thought Leadership

Velocitize Talks

Erik Posthuma of Aleph-labs on Web3, Cryptocurrency, & More

Podcast

Press This, the WordPress Community Podcast

Study

The World’s First Study of the WordPress Economy

Why WP Engine?

Our Platform Technology

Managed WordPress Hosting

Fast WordPress

Secure WordPress

24/7 WordPress Support

About Us

WP Engine Reviews

How You Win with WP Engine

Build faster, protect your brand, and grow your business with the #1 WordPress platform to power remarkable online experiences.

Learn More

Customer Spotlight

Peak Performance With Headless WordPress

Android Authority increases speed 6x by adopting a headless architecture with a WordPress back-end.

All Case Studies

Contact sales

Call Us

+1-512-273-3906 to talk to a sales expert

Request a Quote

Submit a request for a personalized plan recommendation

Let’s Chat

Customer Support

Support Articles

Billing Help

Password Help

Log In for Support
Easiest Migration Ever!

Need Help Choosing a Plan?

We offer solutions for businesses of all sizes. For questions about our plans and products, contact our team of experts. Get in touch

Support Center
Setup A Site
Account & Features
Platform Information
WordPress Help
Troubleshoot
Browse All

Modified WordPress Core Files

Last updated on March 5th, 2024

troubleshootingWordPressWPCore

There are few things WordPress can’t do. Leveraging themes, plugins, and the WordPress’ native action and filter hooks, you can extend and supercharge your WordPress website. However, there is one thing you shouldn’t do: Never Modify WordPress Core files.

Contents hide
1 Why WordPress Core Should Never Be Modified
2 Modified WordPress Core Files are Not Supported
3 Fixing Modified Core Files
3.1 Update WordPress Core
3.2 Reinstall WordPress Core
3.3 Verify and Reinstall WordPress Core via WP CLI

Why WordPress Core Should Never Be Modified

WordPress Core files are the PHP and related source files that contain the main functionality of WordPress. Core files are not intended to be modified in ANY way. Modifying core files can introduce security vulnerabilities, incompatibilities, and other issues with the normal operation of WordPress.

Modifying WordPress Core is outside of the scope of WP Engine support. As a result, we do not support WP Engine platform functionality for WordPress websites with modified core files.

Additionally, because WP Engine automatically updates WordPress on your websites, our system will automatically revert modified WordPress Core files in the update process. Learn more about automatic core updates.

Modified WordPress Core Files are Not Supported

When our system detects that you are trying to deploy or copy an environment which contains modified WordPress Core files, our platform will prevent the action. Instead, you may see one of the following errors:

We have detected that your WordPress Core files have been modified. We do not allow modified core to be copied between installs.

The error may also indicate which WordPress Core file(s) appear to be modified, to help you identify and fix the issue. For example:

wp core verify-checksums Warning: File doesn't verify against checksum: wp-config-sample.php: WordPress install doesn't verify against checksums.

Fixing Modified Core Files

There are a few different ways to resolve modified core files. Before we begin, however, you should ensure you have taken a backup of your site. While our platform automatically takes nightly backups, we recommend taking a backup before attempting to solve a modified core issue, just in case you need to rollback your changes.

(Option 1) Reinstall WordPress Core via the WP-Admin
(Option 2) Verify and reinstall WordPress Core via WP CLI

Update WordPress Core

The easiest option for any experience level to update WordPress is to visit the WP Engine User Portal. This process will automatically create backup checkpoints before and after the update process. Learn more about WP Engine’s WP core update process here.

  1. From the Sites page, click on the environment name
  2. On the Overview page, locate WordPress section
  3. Click the current WordPress core version number
  4. In the pop-up, select the new version number, then click Update

Reinstall WordPress Core

If WordPress core files have been modified or are otherwise causing issues, WP core can be easily reinstalled.

  1. Open the wp-admin dashboard of the website
  2. Expand Dashboard
  3. Click Updates
    • Or simply append the following to the website’s URL: /wp-admin/update-core.php
  4. Click Re-install version [number]

Verify and Reinstall WordPress Core via WP CLI

While this option is a little more complex, if you’re attempting to determine exactly what was modified this will give you more information. Before proceeding you will need SSH Gateway access. Learn more about SSH Gateway here.

Verify checksums will compare your WordPress files against WordPress.org’s checksums. A checksum is a digital fingerprint of a set of files. If any file in your WordPress core has been modified, the digital fingerprint of your core files will not match the WordPress.org’s checksum.

  1. Connect to your environment using SSH Gateway
  2. Change directory into the appropriate root directory:
    • Replace environment with your unique environment name
    • cd sites/environment
  3. Verify the environment’s WordPress Core files against checksums:
    • wp core verify-checksums
      • If you receive the following success message, your Core files are not modified:
        • Success: WordPress install verifies against checksums.
      • Below is an example failure message with information about what files have been modified and are causing a failure:
        • Warning: File doesn't verify against checksum: wp-config-sample.php Error: WordPress install doesn't verify against checksums.
        • Regardless of what file is returned, this still constitutes modified Core files and poses a security risk to your site. It will need to be corrected.
  4. Reinstall WordPress Core
    • Reinstall the current version of WordPress Core:
      • wp core download --force
    • Or, install the latest version of WordPress Core files:
      • wp core update

While debugging modified core files is outside of the scope of WP Engine support, our support team is happy to help you reinstall WordPress core if you are having trouble.

If you believe your site was hacked and your core files modified, reach out to WP Engine Support for assistance.

NEXT STEP: Learn about the WP Engine WordPress core update process

Still need help? Contact support!

We offer support 24 hours a day, 7 days a week, 365 days a year. Log in to your account to get expert one-on-one help.

Log in for one-on-one help

The best in WordPress hosting.

See why more customers prefer WP Engine over the competition.

See Our Products

See Our Plans