Title: Plugin Security Last modified: February 13, 2021 --- # Plugin Security * [loopforever](https://wordpress.org/support/users/loopforever/) * (@loopforever) * [5 years, 3 months ago](https://wordpress.org/support/topic/plugin-security-4/) * Hello there, I ran a scan of my website with the Wordfence plug-in. * However, it detected a virus in the plugin I used. The virus description is as follows: … The matched text in this file is: str_rot13 (based64_doceode (str_rot13(“ AwD1 ….); else {eval (. ) * I deleted the relevant file. However, the plugin no longer works. I contacted the plug-in owner. He told me that this is required for WordPress updates and is a code encryption technique for security. The content of the relevant file is as follows. Is this true ? Can you help me ? * File content: [image](https://i.ibb.co/tmTb8Yr/abc.png) Viewing 7 replies - 1 through 7 (of 7 total) * [Alan Fuller](https://wordpress.org/support/users/alanfuller/) * (@alanfuller) * [5 years, 3 months ago](https://wordpress.org/support/topic/plugin-security-4/#post-14045486) * Is it a premium plugin or free plugin? * Thread Starter [loopforever](https://wordpress.org/support/users/loopforever/) * (@loopforever) * [5 years, 3 months ago](https://wordpress.org/support/topic/plugin-security-4/#post-14045504) * Pro plugin. However, it is not available on WordPress.org. I bought it from a website. * [Alan Fuller](https://wordpress.org/support/users/alanfuller/) * (@alanfuller) * [5 years, 3 months ago](https://wordpress.org/support/topic/plugin-security-4/#post-14045616) * OK, obviously this forum is not for discussing pro plugins as such. * But from a developer of free and pro plugins perspective I can say, categorically that this sort of encryption is not required in anyway for `WordPress.org updates` to work. * It could be that it is required for the way the pro plugin author manages `off WordPress.org` updates, which it is impossible to pass any comment on, except the pro plugins I create do not have any eval / base64 stuff to manage `off WordPress. org` updates. * Thread Starter [loopforever](https://wordpress.org/support/users/loopforever/) * (@loopforever) * [5 years, 3 months ago](https://wordpress.org/support/topic/plugin-security-4/#post-14045623) * Thank you for your help. As a result, should I continue to use it or not? Does it pose a risk? I could not fully understand. * [Alan Fuller](https://wordpress.org/support/users/alanfuller/) * (@alanfuller) * [5 years, 3 months ago](https://wordpress.org/support/topic/plugin-security-4/#post-14045641) * I couldn’t possibly say. Sorry. * Thread Starter [loopforever](https://wordpress.org/support/users/loopforever/) * (@loopforever) * [5 years, 3 months ago](https://wordpress.org/support/topic/plugin-security-4/#post-14045662) * Mr Alan, Will anyone ask this? Is this a bug for WordPress? Is not it ? Could it be a malware? Is my data safe? Is not it ? * [Alan Fuller](https://wordpress.org/support/users/alanfuller/) * (@alanfuller) * [5 years, 3 months ago](https://wordpress.org/support/topic/plugin-security-4/#post-14045742) * Sorry, * No one here will be able to answer. It is a premium plugin which is not supported on these forums. * If you are uncomfortable and unable to determine if it is safe you have two course of action 1) not use it 2) engage a security consultant Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Plugin Security’ is closed to new replies. * In: [Developing with WordPress](https://wordpress.org/support/forum/wp-advanced/) * 7 replies * 2 participants * Last reply from: [Alan Fuller](https://wordpress.org/support/users/alanfuller/) * Last activity: [5 years, 3 months ago](https://wordpress.org/support/topic/plugin-security-4/#post-14045742) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics