Agreed. WordFence 4.0.2 has just flagged dozens of my sites with files containing possibly containing malicious code. I’m double checking with plugin authors, but I think these are all false positives.
Gravity Forms –
wp-content/plugins/gravityforms/form_display.php
ManageWP Worker plugin –
wp-content/plugins/worker/init.php
NextGen –
wp-content/plugins/nextgen-gallery-pro/modules/autoupdate/module.autoupdate.php
Good call. Thanks. So I guess it’s safe to ignore for now.
I can confirm that as well – usually some mismatched “eval”(where “eval” is part of a word) combined with either base64_decode() or urldecode().
And I know that base64_decode() is frowned upon, but one of the times it contained a base64_encoded image and the other time it was just a freemium theme trying to put stuff in the footer :doh:.
Confirmed this is an issue but may already be fixed. Lets merge this conversation into this thread:
http://wordpress.org/support/topic/latest-version-causing-major-issues-with-major-plugins?replies=7#post-5191465
…which I’m about to update.
Marking this one resolved.
Regards,
Mark
PS: If you found this helpful, please rate Wordfence 5 stars.
http://wordpress.org/plugins/wordfence/
