OK, so there are more than one question in here, so let me address some of them…
Why you should never modify WordPress core files?
In short words… Because it will be really hard to manage later on… If you modify the core, than you won’t be able to update it – so what, when there’s a security update? Will you be able to update your site quick enough? And are you sure that your modifications won’t break anything?
Another reason is that you don’t need to. Most of the times you just need to use some filters/actions and there is no need to make any modifications…
Here are some questions and links, that may be handy to get some deeper understanding of that subject:
What if you really need to modify core files?
OK, so you really, really need to modify some core files and you completely understand consequences of such modifications. You modified those files and now want to make sure that WP won’t overwrite these files during updates…
You can use WP_AUTO_UPDATE_CORE
constant:
define( 'WP_AUTO_UPDATE_CORE', false );
Just set it in your wp-config.php
.
You will still be able to do updates as admin, but that’s easier to manage. Although you’ll have to remember to merge your modifications with new WP version.
Another way would be to disable updates at all and manage them using GIT, etc.
I found a bug. What next?
If you think this is a bug in WP, then you should report it. Here you can find some information on how to do this:
https://make.wordpress.org/core/handbook/testing/reporting-bugs/
It’s not so hard 🙂