False positives with the Redux Framework

I’ve recently installed a theme on my site which recommends the use of the Redux framework plugin which I have also installed.

The first scan Wordfence run on my site after the new theme was applied, I received the following warning:

This file may contain malicious executable code:
…/wp-content/themes/evolve/library/admin/redux-extensions/extensions/vendor_support/vendor/ace_editor/mode-php.js

This file is a PHP executable file and contains an eval() function and base64() decoding function on the same line. This is a common technique used by hackers to hide and execute code.

I posted this issue in the support forums and both the theme creator and the lead developer of Redux assured me it was a false positive.

The lead developer of Redux further added:

First, Ace Editor is an open source project used by endless companies on the net. You can see details about it here: https://ace.c9.io/

The Wordfence is giving a PHP flag error for a JavaScript file, which means it’s just mass searching for strings using regex. If you search the source of the file in question (https://github.com/ajaxorg/ace/blob/master/lib/ace/mode/php/php.js). you’ll see that there is NO eval() anywhere, but there is reference to the EVAL name. Which means they’re just searching for eval, not eval( or eval (.

My suggestion is you contact Wordfence and suggest to them to improve their regex, so that something as simple as this does not cause an error. For truly, this is a false alarm.

You might want to take a look at fixing this as the Redux framework is relatively widely used and you don’t wanna scare people for no reason.

https://www.ads-software.com/plugins/wordfence/