Sudden unexplained deletion of classic-editor.php?

  • Aharon

    (@spaceling)


    3 months ago

    Just wanted to share my experience in case anyone else experienced the sudden loss of the classic editor today — something I discovered only when going to add a new post on our site this afternoon and found the block editor active instead.

    I looked at our WP Security audit log and didn’t see any plugin changes to do with classic-editor. I checked the file manager in our cPanel and looked for recent plugin updates and did find that the classic-editor directory had recently been touched early this morning. A look inside and I found the classic-editor.php file missing. At first I thought, maybe it was impacted by a recent plugin update — but nothing else appeared to have changed; no other plugin updates around the time the directory was touched earlier this morning. I copied back the classic-editor.php from a recent backup (0644) and everything is working as normal again. For safety, I also copied over a backup of block-editor-plugin.js (also 0644).

    If everyone else’s Classic Editor is working fine, then all I can do is shrug and accept this as a mystery. Please let me know if I should do anything else (i.e., uninstall/reinstall Classic Editor from the admin backend, or change the file permissions of the php and js from 0644 to 0755). — and thank you.

Viewing 10 replies - 1 through 10 (of 10 total)
  • stevenjc

    (@stevenjc)

    3 months ago

    Similar issue on a number of sites.

    The plugin classic-editor/classic-editor.php has been deactivated due to an error: Plugin file does not exist.

    Plugins page

    Deleting via ftp and reinstalling in the backend seemed to fix.

    Or https://wordpress.org/plugins/disable-gutenberg/ appears to be a workaround.

    Need to know the cause and if there’s a vulnerability here.

    • This reply was modified 3 months ago by stevenjc.
    • This reply was modified 3 months ago by stevenjc.
    exmosis

    (@exmosis)

    3 months ago

    Having a look into something related I think – WordFence reports a file difference, but shows “Unable to read file contents” when I try to view the differences. The file exists on our server, but I assume it’s trying to locate the canonical file, which may be missing for the same reason.

    Not sure if this is related, but we have v1.6.3 installed, dating back to March 30th 2023. The latest repo version indicates readme.txt has been updated to increase Tested Up To to 6.5, but no obvious changes to classic-editor.php. There’s no corresponding version tag update for the change to readme.txt, but I’m not sure how plugin updates work.

    Will keep an eye on this thread.

    • This reply was modified 3 months ago by exmosis. Reason: Hit enter too soon
    Plugin Author Andrew Ozz

    (@azaozz)

    3 months ago

    I found the classic-editor.php file missing

    This sounds troublesome. I can confirm that there have been no updates/changes to the plugin for quite some time. It works as expected in newer WP versions so only the readme.txt was updated to indicate that.

    Frankly I’m unsure about what may be deleting a specific plugin file but not the whole plugin directory. It is possible that this is caused by another plugin. @spaceling @exmosis @stevenjc could you post a list of your active plugins here if possible so we can look at what the plugins that all of you are using are doing? Also, if you’re maintaining several sites, perhaps look at the common plugins. Would be great if we can figure this out 🙂

    Thread Starter Aharon

    (@spaceling)

    3 months ago

    @azaozz Here are the recently updated plugin directories (updated prior to classic-editor.php disappearing):

    Updated Wednesday, 1 May 12:55am
    wordpress-seo (a/k/a Yoast SEO)

    Updated Tuesday, 30 April 6:26pm
    updraftplus

    Updated Monday, 29 April 6:37pm
    schema-and-structured-data-for-wp
    atec-cache-info

    • This reply was modified 3 months ago by Aharon. Reason: removed inactive plugins that had been updated
    stevenjc

    (@stevenjc)

    3 months ago

    Thanks @azaozz, really appreciated. It’s a weird one.

    In my case same deal: the classic-editor plugin directory remained but the classic-editor.php file was missing, across eight different sites.

    Common plugins on those sites
    Advanced Custom Fields
    Collapse-O-Matic
    MonsterInsights
    Gravity Forms
    Members
    Wordfence
    Yoast SEO

    lkraav

    (@lkraav)

    3 months ago

    We had a similar mysterious “plugin disappears” case just recently. Files inside directory would disappear exactly the same time every week, which, on surface, pointed to a cron job-like probability.

    It turned out to be WP’s automatic rollback feature from https://make.wordpress.org/core/2023/07/11/new-in-6-3-rollback-for-failed-manual-plugin-and-theme-updates/

    Plugin had a copy made in wp-content/upgrade-temp-backup/ and as long as this directory had an entry, WP cron job would try to restore it once a week, every week.

    There were some extra parameters on why this rollback couldn’t be successful (symlinked from PHP deployer source directory elsewhere, etc), but it was a crazy couple of months tracing this one down.

    ChatGPT suggested using auditctl -l -w /home/wordpress/deploy/plugins/stream/current/ -p wa -k deletion_watch to trace down deletion reasons, and say what you will about AI assistance, I would not have thought of this myself.

    • This reply was modified 3 months ago by lkraav.
    • This reply was modified 3 months ago by lkraav.
    stevenjc

    (@stevenjc)

    3 months ago

    Good info @lkraav, thanks.

    @azaozz this leads me to speculate about what may have happened, in my case at least. We’d recently migrated the affected sites to a server running LiteSpeed and I believe this was messing with wp-cron.php and hence plugin auto updates which could well be the culprit here.

    stevenjc

    (@stevenjc)

    2 months, 4 weeks ago

    Agh, have found out more – scratch that previous response.

    More likely in our case it was the malware scanner on our server reporting false positives.

    exmosis

    (@exmosis)

    2 months, 4 weeks ago

    I’ve had a similar issue with a second plugin on the same site, which seems to be caused by the tag being removed from the source – see https://wordpress.org/support/topic/version-3-2-1-missing/

    We’re running Wordfence for security, which apparently takes a copy of plugins for running against integrity checks and I wonder if versioning issues are causing problems here.

    I’m trying to compare readme.txt between our site, plugin downloads, and the plugin info screen, but it’s a bit confusing:

    readme.txt on our site:

    • Tested up to: 6.2
    • Stable tag: 1.6.3

    readme.txt downloading 1.6.3 package from the plugin page:

    • Tested up to: 6.2
    • Stable tag: 1.6.3

    readme.txt downloading dev version from the plugin page:

    • Tested up to: 6.5
    • Stable tag: 1.6.3

    I’m not familiar with how plugin versions work under the hood though. Would updating the tag version help Wordfence see the expected change? Wordfence notes that “If you install that new version and run a scan then you may get a scan result that a file or files have been modified because our mirror copy of the plugin for that same version number differs due to the changes the plugin author made without committing a new tag version number.

    @stevenjc What do you see in your readme.txt now that you’ve reinstalled the plugin, out of interest?

    • This reply was modified 2 months, 4 weeks ago by exmosis. Reason: Added Wordfence link and info for reference
    stevenjc

    (@stevenjc)

    2 months, 3 weeks ago

    @exmosis

    Tested up to: 6.2
    Stable tag: 1.6.3

    If you’re seeing this in another plugin as well it may well be something else that’s causing the issue. As mentioned previously the culprit in our case was our server-level malware scanner.

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.