Fuxia is right, you need to fix the underlying problem; however I can’t resist answering with a quick and dirty solution; and its also useful when customizing plugins.
(you may also be able to protect the file by changing its owner and permissions – but I don’t know all the implications)
-
immediately after the starting comments in your http.php add this line:
$GLOBALS['IS_MY_HTTP_SCRIPT'] = TRUE;
-
make a back-up of your modified script and place in a directory that is update safe
-
create and activate the following plugin, or add its code to some existing script.
<?php /* Plugin Name: replace update with my backup */ if (empty($GLOBALS['IS_MY_HTTP_SCRIPT']) && ! get_transient('myRollbackFailure') ) { if (copy( '/some_update_safe_dir/myhttp.bkup', '/path_to/wp-includes/http.php') ) { $msg = 'Updated script replaced by my copy - I may need to modify my version'; } else { $msg = 'script updated - unable to replace with my version'; // prevent repeated failed attempts for 1 hour set_transient( 'myRollbackFailure', 'fail', 60 * 60 ); } // maybe some code to email msg to admin }
Your version of the script will replace the updated version on first subsequent site navigation or visit.
I’ve tested it and it works on Apache; I don’t know whether on Windows its different file locking during “execution” will prevent the reversion.