Having had serious attacks on a site I am possibly over cautious wordfence shows this file as ( May contain malicious executable code)
plugins/bb-plugin/includes/vendor/infusionsoft/xmlrpc-3.0/lib/xmlrpc.inc
Looked in last download and could not see it AHHHH, but opened a new download and can see the file checking the code I see (var $username = ‘’; var $password = ‘’
so just thought it was worth checking.
Mike
Hi Mike,
Thanks for pointing that out. I checked and that code is part of the Infusionsoft API wrapper for PHP and is supposed to be there. Those variables are used in one of the authentication methods and don’t have anything to do with WordPress. You should be good to go!
Justin
Thanks now set as OK
Hi,
I got the same message from wordfence for the same file after installing the plugin for the first time:
This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘base64_decode(’ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code.
eval is not there, but ‘base64_decode’ is…
Is this OK?
Thanks
Hi Andrea,
Yes that is ok. They are using that as part of the library to interact with their service. It’s a false positive 
Justin