Title: str_root Last modified: February 13, 2021 --- # str_root * Resolved [loopforever](https://wordpress.org/support/users/loopforever/) * (@loopforever) * [5 years, 3 months ago](https://wordpress.org/support/topic/str_root/) * Hello, I wish you a good day. I ran a scan with the Wordfence plugin. As a result of the scan, a warning like **“a suspicious code known as rot13_of_eval”** was detected in an plug-in. ** … The matched text in this file is: str_rot13 (based64_doceode( str_rot13 (“AwD1 ….); else {eval (. * I deleted this file on suggestion. But now the plugin does not work. Infected file (?), **wp-content / plugings / a_b_c / … php.** in a file called. I contacted the plug-in owner. He said: **This file belongs to the update engine. There are encrypted codes in order not to interfere with the update system. You can pass by saying IGNORE.** * That’s the way it is. The plugin is not available on WordPress.com. I bought it outside. The related file is as follows: [Image](https://i.ibb.co/tmTb8Yr/abc.png) is this right ? Can you help me ? What should I do ? Viewing 1 replies (of 1 total) * Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/) * (@wfpeter) * [5 years, 3 months ago](https://wordpress.org/support/topic/str_root/#post-14049853) * Hi [@loopforever](https://wordpress.org/support/users/loopforever/), thanks for your question. * Wordfence is only able to verify with 100% reliability whether a plugin has been compromised, such as having additional unwanted code inserted by an attacker, by checking against the official WordPress.org repository. If your plugin content tallies with the approved code within the repository, Wordfence knows no tampering has taken place. * This does not mean that you cannot use Wordfence with plugins from a site like Elgato, but Wordfence will not be able to check the code for validity in the same way so places more responsibility the developer to ensure security holes are patched and you to ensure the plugin is kept up-to-date. * If the developer has been responsive and assured you that the code flagged has not been tampered with and is legitimate code they wrote, the ‘ignore’ option would be the only course of action to take, but you will do so at your own risk. * Nulled plugins can also be inadvertently obtained from external sites, so for more details about the dangers of nulled themes and plugins, please read this blog post which details the reason why we think this is bad idea: [https://www.wordfence.com/blog/2019/11/wp-vcd-the-malware-you-install-on-your-own-sites/](https://www.wordfence.com/blog/2019/11/wp-vcd-the-malware-you-install-on-your-own-sites/) * Thanks, * Peter. Viewing 1 replies (of 1 total) The topic ‘str_root’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 1 reply * 2 participants * Last reply from: [wfpeter](https://wordpress.org/support/users/wfpeter/) * Last activity: [5 years, 3 months ago](https://wordpress.org/support/topic/str_root/#post-14049853) * Status: resolved