This file may contain malicious executable code/srv/users/serverpilot/apps/wordpress/public/wp-content/plugins/js_composer/assets/lib/php.default/php.default.min.js

• Filename: wp-content/plugins/js_composer/assets/lib/php.default/php.default.min.js
• File type: Not a core, theme or plugin file.
• Issue first detected: 8 secs ago.
• Severity: Critical
• Status: New

This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘base64_decode(‘ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.

This is screenshot Here!

The file is inside x-theme file. Also, backup process doesn’t work properly due to this file. What do I have to do? can I remove it or ignore it? Please let me know.
Thanks.

Eval basically parses and executes codes from a string, in the past it was used by hackers to hide iframes and bad links on compromised sites, that’s why the security checker is triggering this warning.

A lot of applications you use each day like Google mail are usign the eval function to speed up the display of content so you do not have to worry.

In conclusion this warning can be disregarded since it’s part of the Visual Composer code base but not harmful in any way.

Unfortunately, we’re not connected to them as there are no integration added between us in theme. But, will try to forward this to WPBakery as they are the author of visual composer plugin, though I can’t guarantee some result.

The problem with security plugins is they can’t check the actual use of the script, like if it’s harmful or not. And if they find it similar from their listing, then they will mark it as malicious regardless of theme or plugin.

Thanks!