Multiple user reports have surfaced warning that the latest version of WordPress is triggering trojan alerts and at least one person reported that a web host locked down a website because of the file. What really happened turned into a learning experience.
Antivirus Flags Trojan In Official WordPress 6.6.1 Download
The first report was filed in the official WordPress.org help forums where a user reported that the native antivirus in Windows 11 (Windows Defender) flagged the WordPress zip file they had downloaded from WordPress contained a trojan.
This is the text of the original post:
“Windows Defender shows that the latest wordpress-6.6.1zip has Trojan:Win32/Phish!MSR virus when i try downloading from the official wp site
it shows the same virus notification when updating from within the WordPress dashboard of my site
Is this a false positive?”
They also posted screenshots of the trojan warning that listed the status as “Quarantine failed” and that WordPress zip file of version 6.6.1 “is dangerous and executes commands from an attacker.”
Screenshot Of Windows Defender Warning
Someone else affirmed that they were also having the same issue, noting that a string of code within one of the CSS files (style code that governs the look of a website, including colors) was the culprit that was triggering the warning.