Navigation
Archive / Wordfence security plugin point this file "php.default.min.js"
This is archived content. Visit our new forum.
  • Author
    Posts
  • March 5, 2015 at 4:36 pm #221280
    mpark0701
    Participant

    After I scan my site using Wordfence plugin, the results as follow.

    This file may contain malicious executable code/srv/users/serverpilot/apps/wordpress/public/wp-content/plugins/js_composer/assets/lib/php.default/php.default.min.js

    • Filename: wp-content/plugins/js_composer/assets/lib/php.default/php.default.min.js
    • File type: Not a core, theme or plugin file.
    • Issue first detected: 8 secs ago.
    • Severity: Critical
    • Status: New

    This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘base64_decode(‘ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.

    This is screenshot Here!

    The file is inside x-theme file. Also, backup process doesn’t work properly due to this file. What do I have to do? can I remove it or ignore it? Please let me know.
    Thanks.

    March 6, 2015 at 10:58 am #221737
    Rubin
    Keymaster

    Hey There,

    Eval basically parses and executes codes from a string, in the past it was used by hackers to hide iframes and bad links on compromised sites, that’s why the security checker is triggering this warning.

    A lot of applications you use each day like Google mail are usign the eval function to speed up the display of content so you do not have to worry.

    In conclusion this warning can be disregarded since it’s part of the Visual Composer code base but not harmful in any way.

    April 29, 2015 at 11:09 am #261490
    aj m
    Blocked

    you may want to contact the people at Wordfence and tell them this is part of the core plugin set?

    April 29, 2015 at 7:07 pm #261787
    Rad
    Moderator

    Hi there,

    Unfortunately, we’re not connected to them as there are no integration added between us in theme. But, will try to forward this to WPBakery as they are the author of visual composer plugin, though I can’t guarantee some result.

    The problem with security plugins is they can’t check the actual use of the script, like if it’s harmful or not. And if they find it similar from their listing, then they will mark it as malicious regardless of theme or plugin.

    Thanks!

  • Author
    Posts
  • <script> jQuery(function($){ $("#no-reply-221280 .bbp-template-notice, .bbp-no-topic .bbp-template-notice").removeClass('bbp-template-notice'); }); </script>