settings_page.php gets flagged by Apache MalDet

  • Resolved timpiazza

    (@timpiazza)


    9 years, 1 month ago

    settings_page.php in plugins/wpematico/app/ is getting flagged and quarantined as malware by my server’s scanner. Upon inspection, I found the following line of code that I believe is the cause.

    $cfg[‘mailpass’] = base64_encode($cfg[‘mailpass’]);

    Base64_encode is commonly used by hackers to hide what they’re doing when they infect files.

    What would be the harm in removing this line?

    https://www.ads-software.com/plugins/wpematico/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author etruel

    (@etruel)

    base64_encode is a normal PHP function. I used it in plugin for encode smtp credentials if used to send mail. Is a risk security if is saved in database as plain text

    You must whitelist the file on your antivirus or also can delete those lines in the plugin if you are not using SMTP for emails . The function is used several times.

    How you solved it, @timpiazza?

    Plugin Author etruel

    (@etruel)

    timpiazza yesterday was released a new version 1.2.5 without use of php functions base64_encode and base64_decode in settings_page.php

    Could you tried if is working now ?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘settings_page.php gets flagged by Apache MalDet’ is closed to new replies.