Title: Malicious code
Last modified: March 6, 2019

---

# Malicious code

 *  Resolved [kevjon](https://wordpress.org/support/users/kevjon/)
 * (@kevjon)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/malicious-code-14/)
 * I have used your plugin for a long time, but my hosting company have found malicious
   code in 3 files, including one of yours. Can you help me to remove this code?

Viewing 6 replies - 1 through 6 (of 6 total)

 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/malicious-code-14/#post-11282601)
 * Probably your web host scanner detected the pattern matching code that we use
   in this file for the BPS malware scanner > /wp-content/bps-backup/mscan/mscan-
   pattern-match.php. This file contains pattern matching code that checks for common
   hackers code when you run BPS MScan. So yeah it may appear to be malicious code
   to a scanner, but the code is used to check your website files for matching code
   patterns that hackers commonly use. Let me know if this is the file that your
   web host scanner is seeing as malicious. If your web host scanner is seeing a
   different file in BPS that contains malicious code then let me know which file
   that is.
    -  This reply was modified 7 years, 3 months ago by [AITpro](https://wordpress.org/support/users/aitpro/).
 *  Thread Starter [kevjon](https://wordpress.org/support/users/kevjon/)
 * (@kevjon)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/malicious-code-14/#post-11282615)
 * Thanks! The affected files are:
    ./public_html/wp-content/bps-backup/mscan/mscan-
   pattern-match.php ./public_html/wp-content/themes/912/index.php ./public_html/
   wp-content/themes/atahualpa/functions/bfa_get_options.php
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/malicious-code-14/#post-11282642)
 * Ok so send me the other 2 files to this email address: info at ait-pro dot com
   so I can check them.
 * ./public_html/wp-content/themes/912/index.php
    ./public_html/wp-content/themes/
   atahualpa/functions/bfa_get_options.php
 *  Thread Starter [kevjon](https://wordpress.org/support/users/kevjon/)
 * (@kevjon)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/malicious-code-14/#post-11282768)
 * emailed just now
 *  Thread Starter [kevjon](https://wordpress.org/support/users/kevjon/)
 * (@kevjon)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/malicious-code-14/#post-11282772)
 * By the way, they accept that your file was a false positive.
 *  Thread Starter [kevjon](https://wordpress.org/support/users/kevjon/)
 * (@kevjon)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/malicious-code-14/#post-11282937)
 * All discussion by email from here. Thanks for your great help!

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Malicious code’ is closed to new replies.

 * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938)
 * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
 * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
 * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)

## Tags

 * [recovery](https://wordpress.org/support/topic-tag/recovery/)

 * 6 replies
 * 2 participants
 * Last reply from: [kevjon](https://wordpress.org/support/users/kevjon/)
 * Last activity: [7 years, 3 months ago](https://wordpress.org/support/topic/malicious-code-14/#post-11282937)
 * Status: resolved