HEX
Server: Apache
System: Linux pdx1-shared-a1-38 6.6.104-grsec-jammy+ #3 SMP Tue Sep 16 00:28:11 UTC 2025 x86_64
User: mmickelson (3396398)
PHP: 8.1.31
Disabled: NONE
$ pwd: /usr/local/wp/vendor/wp-cli/doctor-command/features/
Upload Files
File: //usr/local/wp/vendor/wp-cli/doctor-command/features/check-php-in-upload.feature
Feature: Check for presence of .php files in the uploads folder

  Scenario: Detect PHP files
    Given a WP install
    And a wp-content/uploads/malicious.php file:
      """
      <?php some_malicious_code(); ?>
      """

    When I run `wp doctor check php-in-upload`
    Then STDOUT should be a table containing rows:
      | name          | status  | message                                   |
      | php-in-upload | warning | PHP files detected in the Uploads folder. |
@ Telegram