I need some help please. Today I ran the Exploit Scanner plugin. It returned a lot of results--over 30 "severe" and 16 in "level warning" then 100+ in the "level result" category.
Most of the severe ones are from 2 backup plugins, backupwordpress and xcloner. The backupwordpress result is base64_decode.
It returned similar results from xcloner and some mysql_query results. I just deleted xcloner because I didn't use it.
All level warning results are iframe. Several from the Share and Follow plugin, a couple iframes list websites I don't recognize.
The display:none is also listed a lot, like Akismet and share and follow.
I actually haven't downloaded many plug ins, but it seems most of them are coming up anyhow. I read there are false positives, but that the severe results are...severe, esp if they are the base64. I don't know if it's normal to be that because it's a backup, if I should delete it, or if I'm compromised. If I'm hacked, what do I do?
Any advice is very appreciated. I don't know much, obviously.