If you are using Wordfence’s security scanner, and having it tell you that you have a virus “Backdoor:PHP/SEemf0Ji” in the file phpseclib/tests/Unit/Crypt/RSA/LoadKeyTest.php inside UpdraftPlus, then this is a false positive (*). You can compare your file with the original file from the phpseclib project here – https://github.com/phpseclib/phpseclib/blob/master/tests/Unit/Crypt/RSA/LoadKeyTest.php – containing the same string which Wordfence wrongly identifies as a virus as a test RSA key in a harmless context.
If you get this report, then please do report this to Wordfence if you can. The number of times their plugin flags false positives in different places is a non-trivial support burden. We wish they would implement some technology to remove the false positives like this one, especially in a top-20-most-installed plugin like UpdraftPlus. Presumably Wordfence users would also prefer to do real work rather than have lots of them all reading and investigating the same incorrect reports.
(*) Of course, at this point, now that this is known to be a widespread false positive, injecting that virus in that file would be a smart move for any hackers. This is another reason why false positives are bad news. So, to be entirely sure you’re safe and err on the side of being over-cautious rather than otherwise, you will want to test that the file is identical to the pristine version linked above.
David Anderson (lead developer)
WordFence has now disabled the rule. It shouldn’t show up in new scan while they are investigating and implementing a fix for the scan signature.