Need help with the Defender Security Issue.

Recently I am getting this kind numerical indicator on Defender Pro but when I look, there is nothing to do.
It used to be that all the numbers referred to security tweaks that needed to adjust. Any ideas? Please check and help.
https://cdn.livechat-static.com/api/file/lc/att/8801096/f81db5da4ca09f316ebd1272b88070c3/2020-01-07_2110.png

  • Dmytro Borovyk
    • Staff

    Hello Randy,

    Thank you for contacting us!

    The number indicated there refers to the issues found by the recent file scan. More details are available now in the report within the File Scanning section.

    Please note that the file scan duration depends on the number of files, available server resources, and the scan settings, and it sometimes can take hours to finish. We are always working on optimizing the scanning process. More details about the upcoming improvements are available in our roadmap.

    Some of the issues reported by Defender on your site are a few extra files, which are not part of the WordPress core. The files mentioned there are simply PHP error logs generated by your server, so those are not dangerous.

    And the last “Suspicious function found” warning in the report is signalling about the discouraged eval() PHP function found in one of the plugins.

    Using this function is a potential security weakness and should be avoided as explained in the official PHP docs.

    I can see that that plugin is still using the older version of the Twig library, while the eval() function has been already removed from the newer Twig releases. You can contact the plugin developers and ask if they could update the included Twig library to get rid of the eval() function.

    Best Regards,
    Dmytro