Hi okjaime,

This depends on any additional scripts, such plugins, themes, etc, that you have installed on your WordPress site. Some of them in order to run may interfere or make some changes in WordPress files.

You can use the "View changes" feature of the updated WebsiteDefender dashboard, to identify what changes have been done in your affected files and if those changes (code) might be harmful.

Please let us know if you need any further information.

Thank You

Stay tuned with the latest news and updates by subscribing to our WebsiteDefender Facebook account http://www.facebook.com/WebsiteDefender or follow us on Twitter http://twitter.com/websitedefender .

Remember, stay secure!

Thank you - are these changes in the files due to updating the websites? Or should these files not change at all so that any change infers a hack?

Hi okjaime,

There is a known issue with the 'view changes' link and that is why you get the 'Invalid Diff file ID or Diff expired.' message.

I suggest to make a backup of your current 'wp-settings.php' file, install a fresh WordPress site, and do a comparison between the two files. From there you can notice any differences and what changes have occurred.

Thank You.

Hi there - I run 6 different sites all with wordpress. We had a hack about 2 months ago and it kept occuring daily. We installed websitedefender and tried to keep up with everything, but it was a daily ordeal. We decided to delete everything, reinstall a fresh version of wordpress, add some security measures and build our sites little by little to see if we could pin point a hack, should it happen again. We did fine for a couple days but I now have a websitedefender alert that my wp-settings.php has changed over the weekend. When I click the link to view the changes I just get this error message: Invalid Diff file ID or Diff expired. What can I do to prevent this consistent change in my wp-settings.php? Do changes I make as I rebuild the site cause changes in this file or does it only indicate a hack?