The WordFence security plugin today says that my installed graphene functions.php file (1.9.2) has been modified to differ from the file in the WP repository. Inspection shows about twenty lines added (around line 40) that reference a "wordpress_test_cookie." Is this a legit code update and a legit cookie or is something wrong?
I also got some spam code injected into my most recent post two lines after the `</head> tag. After restoring functions.php from the repository the spam code went away. Not sure if cause and effect or something else going on.