I have a few sites in a cPanel. A couple of them are WordPress. I changed to a new hosting provider and since then two files started being generated in multiple directories, even ones not from WordPress. The files are advanced_settings.php and common_config.php.

The system reports these files as malware, however, I opened them and they were empty. The hosting provider says this is the fault of WordPress, most likely due to some outdated plugin.

None of this ever happened in the hosts I used before for these sites. Actually, I never had this situation in any WordPress site before. I searched on Google and here, but I didn’t find a single thing about this. I’m sharing this here hoping that someone has already had or read about this and can share some help.