Welcome to the WPML Support. The warning appears to come from your security plugin detecting a change in a WPML-generated file inside wp-content/uploads/wpml/.
Since this is a text file (changelog.txt) in the uploads directory and not a core WPML plugin file, this is usually expected behavior after plugin updates or background WPML processes.
It does not immediately indicate a problem or malware infection.
Hi Lucas,
this is not a text file, you need to decode it to see more.
Since when wpml created a file like this in che uploads/wmpl folder? (which contains only this file)
attached the file (renamed txt > png to upload it)
The file wp-content/uploads/wpml/changelog.txt is a WPML-generated internal file. It is safe and is used by WPML to store changelog-related internal data.
This is a newer implementation. In the past, this data used to be stored in the WordPress options table, with autoload enabled, which could unnecessarily increase the size of the autoloaded data in the database. To improve that, WPML now stores this information as a file inside the uploads/wpml folder instead.
That is why you see this file there now.
The content may look unusual or unreadable because it is stored in an encoded/compressed format for internal use. This is expected.
Hi Lucas,
thank you for the update. The fact is that 20+ websites give me a warning every day. Could you tell Security Pro (Stellar, SolidWP) that this is a harmful file to not include in the warning.
There will be a lot of customers of both plugins who will feel annoyed about this.
Waldemar
Thanks for bringing that to our attention, I'll investigate. Can you please share more details on where and how you got this notice? Did it happen after you upgraded WPML, for example?
I tried reproducing on a fresh install using the free version of the plugin, but didn't get any warnings about the changelog file after scanning.
Finally, please also share your WPML debug information with me, using the provided form. You can check the steps here:
