During routine scanning by Wordfence, I’m getting the below error message for both wp-content/plugins/formcraft.deactivate/function.php and wp-content/plugins/formcraft.deactivate/form.php
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “include(‘images/social.png'”.
Is this a false positive that I can ignore or should I reinstall the plugin? Do something else?
Are you using FormCraft Basic, or FormCraft Premium?
Either ways, I don’t think the code include(‘images/social.png’ is a part of either of the plugins. Would it be possible for you to send me the plugin files – at nish at ncrafts dot net? Any other info on the error would be helpful.
You are running on Version 1.4 of our premium plugin, which had a security vulnerability (although not the one pointed out by WordFence). Firstly, go to CodeCanyon.net, login and download the latest plugin files. I believe version 2.1.
Remove the current FormCraft plugin, and install 2.1. Your data would be safe.