What would cause core WordPress files to change?
Well this is weird. I've had a WordPress site running without problems for two years now, and now something strange is going on. I see some files in core WordPress that have changed, they have some different code in them. Here are the files that have changed:
I have downloaded a fresh version of WordPress and have copied back the original versions of these files, but each time I have done this the files get changed back again (at about 3:00-4:00 AM) - I've done this 3 nights so far, second 2 nights after having changed all my account passwords.
Has anyone else seen this? Has my site been hacked? Could it be some anti-spam software doing this? The site looks fine, no defacement, I don't see anything obvious in the access logs that might suggest that someone is running some backdoor. It's just very suspicious to me that these files are changing like this.