How can you say that's a false positive??
This may be a serious hacker attack, and if you're not thorough and QUICK in your investigation, not only your site, but also all your related sites could be compromised!
I say this because this horrible virus has spread a massive infection in my sites!
Here's how to tell if you've been compromised:
Open your Cpanel. Go to File Manager. Navigate to the site that your Wordfence scan said had an issue.
Open these files, one by one:
wp-config.php
index.php
header.php
Now look at the code of those files. If you see a whole slew of dbase64 code crap in there at the top, right after the php command, guess what? You're screwed!
And if you're not fast, it could possibly spread all over.
If you don't see that code, consider yourself very lucky.
Another giveaway: If the flyout menus in your Wordpress installation suddenly stop working, you might have this.
Right now, I wish I had a simple solution for recovering from this.
But all I can say is - if you have this horrible infection - is to run a complete Wordfence scan. Then go through the files it shows you are infected, and clean that code out using your Cpanel code editor.
If your flyout menus start working again, you might be ok...for a while.
I hope this helps someone.
Good luck.
