This file may contain malicious executable code – Wordfence warning

Home Forums BulletProof Security Pro This file may contain malicious executable code – Wordfence warning

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #1033
    AITpro Admin

    Email Question:

    I ran a security check after the installation and the system gave this message. Why did I get this file? I am planning to remove it.



    File type:

    Not a core, theme or plugin file.

    Issue first detected:

    9 secs ago.





    This file is a PHP executable file and contains an eval() function and base64() decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans. 

    Tools: View the file. Delete this file (can’t be undone).
    Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.

    AITpro Admin

    As of BPS Pro 9.6 the Pro-Tools Base64 Decoder / Encoder tools were moved to their own individual pages and can be deleted individually from Pro-Tools. See this Forum link for full details:

    Scanners do not have the capability to actually tell the difference between good code and bad/malicious code with 100% accuracy.  Scanners look for coding patterns or php code functions that are used in hacking scripts.  Scanners can help to generally find possible code that could or might be bad, but a scanner just does not and can never be configured to have the capability to actually really tell you 100% if code is good or bad.  😉

    BulletProof Security Pro has a Base64 Decoding Tool in the Pro-Tools component of BPS Pro.  That Base64 decoding tool has standard legitimate php functions that are used to decode Base64 code/hackers code.  The Wordfence scanner is seeing those legitmate php functions in the tools.php file, but cannot really tell whether or not this is actually good or bad/malicious code and can only generally see that the code might be possibly bad/malicious.

    To solve this issue just tell Wordfence to always ignore this file.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.