It happened when Wordpress Toolkit was first introduced in the cPanel update. Wordpress Toolkit automatically attached itself to my Wordpress website on my VPS after the update. It added the Maintenance folder under wp-contents. Inside the wp-contents folder there was also a maintenance.php file that resided outside the actual maintenance folder. Both items were added by Wordpress Toolkit automatically during the cPanel update that introduced it. I actually didn't realize it until a week ago that Wordpress Toolkit added my website when I was trying to figure out where this maintenance drop-in plugin came from that appeared on my Wordpress backend.
During that update that introduced Wordpress Toolkit, when my site was attached to it automatically, it also by default had 'Disable wp-cron.php
' feature active. I already disabled the native Wordpress cron job before Wordpress Toolkit and had a manual cron job going. Wordpress Toolkit added another cron job on top of the one I already had. So there was 2 cron jobs going. I disabled the cron job feature in Wordpress Toolkit, as well as, deleted the cron job it added. After that, I noticed after disabling that feature, it deleted the 'define('DISABLE_WP_CRON', true);' line from my wp-config.php (keep in mind, that code was in my wp-config file before Wordpress Toolkit took over, I disabled it beforehand because I was using a server side cron job). So, I had to add the line back to my wp-config file. I went to look at Wordpress Toolkit and 'Disable wp-cron.php
' was now active again. I checked server cron jobs, but only the one I manually input was there (Wordpress Toolkit did not add another one this time around).
Also, when I look at the security fixes and recommendations provided by Wordpress Toolkit, the 'secure' box is not active when checking hardening features. It's disabled and can not be clicked to apply any hardening. Anyway, that's not really a big deal since I have hardening in place in the areas Wordpress Toolkit recommends or has it flagged as critical. For example, Sucuri Wordpress plugin does the same hardening features as Wordpress Toolkit. However, Wordpress Toolkit does not recognize those hardening features in place and flags the site with critical issues. I also have my directories and files with the correct permissions but Wordpress Toolkit still flags it as being 'critical'.
I attached the file of the security issues and how the secure button is disabled.
Anyway, I like the idea of the Wordpress Toolkit. Especially, the hardening features which can replace plugins that do the same thing. That would be one or more less plugins to use if Wordpress Toolkit can do it server side instead of installing a plugin via Wordpress dashboard. The issue I have, like many others, was the roll out of Wordpress Toolkit which applied changes to web server files and/or added files and directories automatically during the release.
As to your question about sharing the contents of the files and directories so you can confirm:
Those were the contents of the maintenance folder. However, outside that folder resides maintenance.php which is located in the wp-contents folder as well. That file relates to the maintenance folder contents. Both the maintenance folder and all contents inside, and the maintenance.php were added by Wordpress Toolkit.