If you are using Wordfence’s security scanner, and having it tell you that you have a virus “Backdoor:PHP/SEemf0Ji” in the file phpseclib/tests/Unit/Crypt/RSA/LoadKeyTest.php inside UpdraftPlus, then this is a false positive (*). You can compare your file with the original file from the phpseclib project here – https://github.com/phpseclib/phpseclib/blob/master/tests/Unit/Crypt/RSA/LoadKeyTest.php – containing the same string which Wordfence wrongly identifies as a virus as a test RSA key in a harmless context.

If you get this report, then please do report this to Wordfence if you can. The number of times their plugin continues to flag false positives in different places is a non-trivial support burden and we wish they would implement some technology to remove the easy-to-discover false positives like this one, especially in a top-20-most-installed plugin like UpdraftPlus. It is a burden upon their users too; we presume you prefer to do real work than read and investigate incorrect reports!

(*) Of course, at this point, now that this is known to be a widespread false positive, injecting that virus in that file would be a smart move for any hackers. This is another reason why false positives. So, to be entirely sure you’re safe and err on the side of being over-cautious rather than otherwise, you will want to test that the file is identical to the pristine version linked above.

David Anderson (lead developer)

The post WordFence reporting false positives when virus-scanning appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.