@wfjanet this may not be a false positive but a sign of website exploitation
We have responded recently to a cyberincident where this script was found in some of the payloads/changed files
@coldxot I recommend investigating your website for signs of compromise, e.g. new changes/files or accounts added, vulnerable plugins, etc
