Support » Plugin: Subscribe2 » Malicious content warning message

  • Resolved edtorrey


    We like your plugin. Our Wordfence security plugin is raising a malicious content warning message. Please take a look and let us know what is going on.

    Wordfence Message ————————-
    This file may contain malicious executable code
    Filename: dev/wp-content/plugins/subscribe2/extension/readygraph/admin.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 45 secs ago.
    Severity: Critical
    Status New
    This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘base64_decode(‘ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.

Viewing 9 replies - 1 through 9 (of 9 total)
  • We notice that the “readygraph” content is included as a plugin extension.
    What bad thing will happen if we remove the extension?

    We know the risk of having to repeat the process each time an update occurs.

    We do not want any part of our user list communicated outside our web site environment.


    If you just remove the file you will probably get a fatal error.

    Try the steps here:

    I permissioned readygraph to 644 (no execute) as a trial. So far the push notifications are still coming.

    Plugin Author tanaylakhani


    Hi @edtorrey

    Those warnings are absolutely safe. You can skip it from future scans. Basically, base64_decode is for encoding and decoding the disconnect action, you can check on line 31 and 144 of admin.php file

    And eval is basically setting the wordpress settings on the readygraph.js file settings.

    If you disconnect the readygraph, your userlist will never be communicated to readygraph.

    Plugin Author tanaylakhani


    What do you mean by push notifications? Which notifications you want to stop?

    By Push notifications, I mean that Subscribe2 is able to send emails to addressees as expected. I meant it as a footnote to having set execute permissions to OFF for the readygraph extension.

    When you say “disconnect” readygraph, I am not sure what you mean. We did not activate readygraph. The tab appears in the admin panel and menu widget. We did not follow through.

    If we did not fulfill any readygraph action, does that mean we are not connected?

    So that would mean that when you say disconnect, it is on the assumption a person has enabled the readygraph extension. Yes?

    Many thanks for your reply.

    Plugin Author tanaylakhani


    When you enable the plugin, it will take you to Readygraph connect page. If you dont connect, you have not activated the extension. And you can use subscribe2 as is. No communication will take place between your site and readygraph

    Thank you for the clarification. That is sufficient for me.

    Plugin Author tanaylakhani


    Glad to help

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Malicious content warning message’ is closed to new replies.