- This topic has 2 replies, 2 voices, and was last updated 4 years, 10 months ago by Marianna.
-
Posts
-
Hi I got this warning from Wordfence on one of my sites:
Filename: wp-content/plugins/updraftplus/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file is a PHP executable file and contains the word “eval” (without quotes) and the word “unpack(” (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans. This file was detected because you have enabled HIGH SENSITIVITY scanning. This option is more aggressive than the usual scans, and may cause false positives.Have not seen this before, have Updraft installed on a lot of pages. Is this hig sensitivity on behalf of Wordfence? Should I delete the file?
thanksHi Marianna,
I believe that this is a false positive and can just ignore it.
The file in question is part of the PHP Secure Communications Library, and is used to encrypt some data transfers to remote storage.
As such, it does share some decryption functions that can be flagged by security programs/plugins.Regards,
Bryle
- The topic ‘Wordfence warning, what to do?’ is closed to new replies.