Wordfence warning, what to do?

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #412087
    Marianna
    Participant

    Hi I got this warning from Wordfence on one of my sites:

    Filename: wp-content/plugins/updraftplus/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Details: This file is a PHP executable file and contains the word “eval” (without quotes) and the word “unpack(” (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans. This file was detected because you have enabled HIGH SENSITIVITY scanning. This option is more aggressive than the usual scans, and may cause false positives.

    Have not seen this before, have Updraft installed on a lot of pages. Is this hig sensitivity on behalf of Wordfence? Should I delete the file?
    thanks

    #412127
    Bryle Crodua
    Moderator

    Hi Marianna,

    I believe that this is a false positive and can just ignore it.

    The file in question is part of the PHP Secure Communications Library, and is used to encrypt some data transfers to remote storage.
    As such, it does share some decryption functions that can be flagged by security programs/plugins.

    Regards,
    Bryle

    #412133
    Marianna
    Participant

    Hi Bryle, thank you so much. I will follow your advice
    best

Viewing 3 posts - 1 through 3 (of 3 total)
  • The topic ‘Wordfence warning, what to do?’ is closed to new replies.