Title: False postoves Last modified: August 25, 2021 --- # False postoves * Resolved [drmrgood](https://wordpress.org/support/users/drmrgood/) * (@drmrgood) * [4 years, 9 months ago](https://wordpress.org/support/topic/false-postoves/) * Hi to all of you! First I need to say that your plugin is great! I use the free version. Today I get the positive malware scan on one of the wordfence files. The file is: wp-content/wflogs/index.php . Scan says this: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: wfconfig’;\x0d\x0a\x09\x09\x09\x09if ( $wpdb- >get_var( “SHOW TABLES LIKE ‘{$a5e5b45b88a2c361714f8a054befe5df1}'” ) == $a5e5b45b88a2c361714f8a054befe5df1){\ x0d\x0a\x09\x09\x09\x09\x09$ae6dbc64714a026ab1ddfa9bf42689cb3 = $wpdb->get_row(“ S… * What to do now? Is this a false positive or not? * BR * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Ffalse-postoves%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 4 replies - 1 through 4 (of 4 total) * [kkeiperssc](https://wordpress.org/support/users/kkeiperssc/) * (@kkeiperssc) * [4 years, 9 months ago](https://wordpress.org/support/topic/false-postoves/#post-14805240) * This is most likely not a false positive. 99% of the time, only hackers use hex encoded function names. I would take the site down for maintenance and begin clearing out hacked files. If you didn’t put that file there, I would say there is a high likelihood that your site has been compromised. * [kkeiperssc](https://wordpress.org/support/users/kkeiperssc/) * (@kkeiperssc) * [4 years, 9 months ago](https://wordpress.org/support/topic/false-postoves/#post-14805243) * Are you comfortable with providing a pastebin.com link to the contents of the wp-content/wflogs/index.php file? I’d like to see what all is in it. * Thread Starter [drmrgood](https://wordpress.org/support/users/drmrgood/) * (@drmrgood) * [4 years, 9 months ago](https://wordpress.org/support/topic/false-postoves/#post-14806656) * All of a sudden the file index.php placed in wp-content/wflogs folder no longer exists. * Plugin Support [wfscott](https://wordpress.org/support/users/wfscott/) * (@wfscott) * [4 years, 9 months ago](https://wordpress.org/support/topic/false-postoves/#post-14809341) * Hello, [@drmrgood](https://wordpress.org/support/users/drmrgood/). * I would not expect to see that file or contents in the wflogs folder. As a last resort, you can delete the wflogs folder itself (I would make a local backup of it) and the folder will regenerate the contents, however, keep in mind you will lose some block data and the protection will go into Learning Mode. I would then recommend you switch from Learning Mode to Enabled and Protecting via Wordfence > Firewall > All Firewall Options > Web Application Firewall Status. * I would recommend running a high sensitivity scan (Wordfence > Scan > Scan Options and Scheduling) to see if anything else suspicious is found, then if need be, consider having a site cleaning or audit done to further check for malware. * Please let me know if you have any questions. * Scott Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘False postoves’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 4 replies * 3 participants * Last reply from: [wfscott](https://wordpress.org/support/users/wfscott/) * Last activity: [4 years, 9 months ago](https://wordpress.org/support/topic/false-postoves/#post-14809341) * Status: resolved