In a recent security scan of a client’s site we found a mystery file located at the root of the WordPress installation. It’s a ssv3_directory.php file.
A little Internet research led me to believe that the file was installed by BlueHost. So I asked them about it today.
The technical representative that I chatted with was familiar with the file and said that it shouldn’t be deleted because it might cause “random” WordPress issues.
When I pressed for more details he stated the file was, “generated by installing Plugins or themes on your WordPress so, you can not find the file in while the WordPress installation.”
In other words, the rep believes that the file was not added by BlueHost, but was instead installed by WordPress when a plugin or theme was added to an installation.
I’m not buying it. My guess is that it’s a BlueHost file. After all, they are the company that installed a plugin on all of their customer’s hosting accounts to update WordPress software. (If you have a BlueHost hosting account you can find it at wp-content/mu-plugins/sso.php.)
What does the ssv3_directory.php file do? I still don’t know.
My advice is that if you’re still using BlueHost as a hosting company, keep the ssv3_directory.php file in place. If you’ve moved from BlueHost to another website host, then make a backup copy of the file for safekeeping. Make a complete backup of your site. Then delete the ssv3_directory.php file on your server. Take a look at your site and watch for “random WordPress issues.”