Title: Malware Last modified: September 17, 2018 --- # Malware * Resolved [beyoyo2](https://wordpress.org/support/users/beyoyo2/) * (@beyoyo2) * [7 years, 8 months ago](https://wordpress.org/support/topic/malware-84/) * Received note from GoDaddy regarding my site. * They say this file is malicious… if I remove it do I risk breaking WordFence? * rex.xor_warnings.001 – html/mywebsite/wp-content/plugins/wordfence/vendor/wordfence/ wf-waf/src/lib/storage/file.php Viewing 5 replies - 1 through 5 (of 5 total) * [wfalaa](https://wordpress.org/support/users/wfalaa/) * (@wfalaa) * [7 years, 8 months ago](https://wordpress.org/support/topic/malware-84/#post-10704821) * Hi [@beyoyo2](https://wordpress.org/support/users/beyoyo2/) * Please send a copy of this file “wordfence/vendor/wordfence/wf-waf/src/lib/storage/ file.php” to “alaa [at] wordfence [dot] com”, our team would like to investigate that copy on your site. * Thanks. * [jfalkmedia](https://wordpress.org/support/users/jfalkmedia/) * (@jfalkmedia) * [7 years, 8 months ago](https://wordpress.org/support/topic/malware-84/#post-10725416) * I got the same notification from GoDaddy for the same file. Was there any resolution for this? * Thanks. * [SandyMe](https://wordpress.org/support/users/sandyme/) * (@sandyme) * [7 years, 8 months ago](https://wordpress.org/support/topic/malware-84/#post-10729429) * I also received notice on the same file from Godaddy. * rex.xor_warnings.001 – html/domainnamehere/wp-content/plugins/wordfence/vendor/ wordfence/wf-waf/src/lib/storage/file.php * WordFence Version 7.1.12 - This reply was modified 7 years, 8 months ago by [SandyMe](https://wordpress.org/support/users/sandyme/). - This reply was modified 7 years, 8 months ago by [SandyMe](https://wordpress.org/support/users/sandyme/). * [SandyMe](https://wordpress.org/support/users/sandyme/) * (@sandyme) * [7 years, 8 months ago](https://wordpress.org/support/topic/malware-84/#post-10730851) * I ran a comparison of the file.php file on Godaddy with the file.php I just downloaded from wordpress.org and they are identical. * [wfasa](https://wordpress.org/support/users/wfasa/) * (@wfasa) * [7 years, 7 months ago](https://wordpress.org/support/topic/malware-84/#post-10749637) * Hi! I also compared the file that had been sent in with the same file in the WordPress repository and they match. So it seems this is is a false positive. I don’t know what the rex.xor_warnings.001 rule matches on. * For those of you that are hosted with GoDaddy, if you could ask them to look in to why that rule (rex.xor_warnings.001) is matching on that file, that would be great. If you want to share it here in the forum for the benefit of other users who may be getting the same warning, feel free to do so. If you would rather send in information privately, you can reach me via [asa@wordfence.com](https://wordpress.org/support/topic/malware-84/asa@wordfence.com?output_format=md). Make sure you reference this thread if you send anything in. * Thanks! Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Malware’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [file.php](https://wordpress.org/support/topic-tag/file-php/) * 5 replies * 5 participants * Last reply from: [wfasa](https://wordpress.org/support/users/wfasa/) * Last activity: [7 years, 7 months ago](https://wordpress.org/support/topic/malware-84/#post-10749637) * Status: resolved