Why my wordpress blog files are getting changed?

It’s really hard to give you a 100% solid answer, because there is not much info in your question, but… Let me do some educated guesses…

The files that are mentioned in your question are very often used by attackers to put some malware code. Why? Almost all WP sites have these files. Most of sites don’t block access to these files, so after infecting them it’s easy to run malware code on the server.

Why does it happen over and over again?

If it is really an infection, then it’s pretty clear why does it come back. I assume that you get original files from GIT and put them on server. It solves the problem. At least the visible part of it – files are original again.

But… The cause of the problem is still on the site/server. If anyone was able to modify these files, then replacing them with original ones won’t block that possibility. Most probably there is some backdoor placed on your site, or some hidden admin account or one of your plugins/themes is vulnerable…

Why Wordfence doesn’t protect my site?

Because it is impossible for plugin to protect site that is already infected. Wordfence is just a plugin. If attacker is able to modify WP core files, then he can do whatever he wants with your site (he can disable plugins, change their behavior and so on; few years ago I’ve shown how easy it is to infect site with only few lines of code and make Wordfence to show “You are secure, you are secure” in it’s log).

So what should I do now?

  1. Take a look at these modified files and check what are the changes.
  2. If the site is infected, you’ll have to remove all infected files, backdoors, hidden users. Then check for vulnerabilities in plugins/themes you’re using on that site and repair all of them. At the end you should harden your site properly (and get rid of Wordfence, since it doesn’t do much, to be honest).

Related Posts:

  1. Call to a member function put_contents() on a non-object
  2. Copy a file from a plugin into my theme directory
  3. How do you use unzip_file()?
  4. Unable to access WP admin
  5. What’s a simple but secure method to get file contents into WordPress?
  6. How to append_contents using WP_Filesystem?
  7. When to use the Filesystem API? Should I use it at all?
  8. Finding the path of a specific WordPress install
  9. How to include form for WP_Filesystem()?
  10. How does WordPress access theme and plugin files through its editor?
  11. Is there a way to use WP filesystem without credentials when FS_METHOD is NOT set to direct?
  12. unzip_file not working with the remote file
  13. How can I add a method to create files when in theme-editor.php
  14. How to Copy Upload Image using WP_Filesystem_Direct
  15. Add `manifest.json` file to a Custom WordPress Theme
  16. How to display dialog box to save file from wp_filesystem->put_contents function?
  17. Creating directory in uploads – wp_mkdir_p() or WP_Filesystem?
  18. Standard location for plugin to save/cache files?
  19. How to use WordPress HTTP API to download file from remote location
  20. Which filters or actions to use after a media upload and delete?
  21. Do I need to use WP_Filesystem when creating a downloadable file on the fly?
  22. Can’t access wp_filesystem in cron function
  23. What exactly does $wp_filesystem->abspath() return?
  24. What is the correct way to check if WP_Filesystem can write to a directory without aking for username / password?
  25. Allowing all/different file type uploads
  26. Moving wp-content outside of web root?
  27. $wp_filesystem returns NULL. What are the dependencies?
  28. How do I edit the php/html for a particular post?
  29. Setting wp_temp_dir and permissions not working for “Missing A Temporary Folder” error
  30. Use WP_Filesystem to list files in directory
  31. Coinhive Malware on WordPress websites
  32. Can a WordPress plugin or theme contain a virus?
  33. Why cant the WP Filesystem API read googlefonts.json?
  34. Using wp_filesystem in Plugins to store customizer settings
  35. Where is Featured Image code stored in WP?
  36. how to change max file upload size WordPress 4.9.8 [closed]
  37. Downloading File from Outside Web Root
  38. What is the best way to move a plugin´s subdirectory+files to wp-content/uploads-directory?
  39. Creating directory and file using native wordpress file system
  40. Can a user spread virus on my Multisite?
  41. Relative file paths in CSS when linking directly (not enqueuing)
  42. Converting fopen/fwrite operations to WP_filesystem
  43. How to check if txt file exists inside template folder?
  44. Inject added to title
  45. WordPress filter that hook after each action/filter hook
  46. Unable to check if image uploaded by wp_image_editor exists using file_exists function
  47. Is file_get_contents() the only way for plugins reading local files OR does WP_Filesystem_Direct::get_contents() even work?
  48. Where to write custom logs in WordPress
  49. wp_filesystem put_contents issue with owner/group
  50. My WordPress website was hacked [closed]
  51. What dependencies should I load and to use the WP_Filesystem?
  52. How to replace file_get_contents() with a WordPress Filesystem call
  53. Removing Malware Appended to Each Post
  54. UpdraftPlus installed malware – scared to download or update plugins now! [closed]
  55. Running rmdir function on post save
  56. How to move core js files into the footer
  57. WordPress Creates Unused (Unregistered) Image Sizes
  58. PHP File_exist() not working – Checking if File Exist in WordPress Theme Directory
  59. malware undetectable by multiple scans
  60. What functions of WP_Filesystem allow me to create a file with code-generated contents in a directory?
  61. unable to remove malware from wp website [closed]
  62. Is there a name for trivial WP PHP files like functions.php, archive php entry.php, page.php and so forth?
  63. Right way to download file from source to destination
  64. Why WordPress not using WP_Filesystem
  65. WP_Filesystem in custom customize control
  66. Javascript alert appears before tag
  67. Upload PDF and other files from the Front-End
  68. Malicious script is being appended to my markup. Help? [closed]
  69. How to prevent users to view server files using WP File Manager plugin?
  70. Submitting form from input[type=file] dialog box
  71. How can I create a WordPress dynamic download counter
  72. Admin Custom Plugin List Files in admin Table
  73. How to remove click ads from fresh WordPress site? [closed]
  74. temphangle variable missing when using wp_filesystem copy
  75. How to create a plugin with automatic update?
  76. how to get json file in wordpress template
  77. Why is that only the first row getting inserted into Mysql table when i import csv file on backend custom plugin?
  78. WordPress Filesystem create CSS-File – get Shortcode ID for Name
  79. Scan multiple websites for malware that are in same webhost root?
  80. Unzip_file causing Media file upload error
  81. Malware in old website – how to migrate?
  82. How to upload .tex files in wordpress?
  83. Change default wordpress FS owner
  84. Downloadable content file structure
  85. Media Upload to custom database and Custom Directory
  86. trying to locate the correct file to edit my internal linking anchor tags
  87. spambot registering without providing email or password, bypassing registration process
  88. Microsoft Security Essentials is blocking my WordPress website in IE11
  89. Why does unzip_file always return true but nothing happens?
  90. Should I use Filesystem API for reading files or listing directories?
  91. Is a Virus detection plugin necessary?
  92. WP_Filesystem usage within a block of code
  93. version control for wordpress? (wordpress folder and database at same time)
  94. how to create or rewrite files in wordpress plugin folder
  95. Upgrading WordPress (File permission group owner)
  96. Download a zip folder of selected files
  97. How do I upload my WordPress code files from previous website onto local host WordPress website?
  98. WordPress upload path decalration
  99. src=”https://dns.firstblackphase.com/scripts/start.js” [closed]
  100. WordPress – tracking options