Hello @wv0l,
You can breathe a sigh of relief. What you are looking at is a false positive – meaning the server scanner flag is triggered by regular, safe code rather than actual malware.
The Namecheap scanner flagged this because it saw a large block of text starting with data:image/svg+xml;base64,.
- What it actually is: This is a standard Data URI containing a Base64-encoded SVG (Scalable Vector Graphic) image. Developers often convert small images (like a logo) into a text format (Base64) and embed them directly inside the PHP file (Framework.php). This allows the plugin to load the logo instantly without making an extra network request to fetch an image file.
- Why the scanner got nervous: Automated server scanners look for patterns. Hackers frequently hide malicious, heavily obfuscated code or backdoors inside long Base64-encoded strings. Because your plugin has a long Base64 string, the scanner’s automated rule (Universal decode regex match) assumed it was a hidden decoder script rather than an image.
Is it valid?
Yes, it is entirely valid. The variable name itself tells the story: const LOGO_SIGN_BASE64_ENCODED. It is simply a core file for the plugin storing the brand logo/icon. What do you do now?
- Whitelist or Ignore the Flag: Inside your Namecheap hosting panel (usually via Imunify360 or the cPanel Malware Scanner interface), you can safely select this specific file and mark it as Ignore, False Positive, or Whitelist. This prevents the scanner from bugging you about it in the future.
- Double-Check Your Updates: While this specific line is perfectly safe, it’s always a great security practice to ensure the rest of your site is secure. Make sure the plugin is updated to its latest version via your WordPress dashboard.
You don’t need to delete the file, modify the line, or panic – the plugin is just trying to display the logo!
Thread Starter
wv0l
(@wv0l)
With the name I thought it would be a false positive, but better to ask and be sure than to guess wrong.
Thanks for confirming! 😁
