Security false positive: StandalonePHPEnkoder.php

When updating your site, you may see a security alert from Defender Pro (by WPMU DEV) about the StandalonePHPEnkoder.php  file included with GravityView. The flagged code can look suspicious because it uses the eval()  function; this is often associated with malicious code.

Recommended action

You can safely add the StandalonePHPEnkoder.php file to a list of allowed files in Defender Pro to prevent future alerts.

Why this is safe:

  • The file belongs to GravityView.
  • It obfuscates email addresses to reduce spam.
  • The security alert is a false positive.
  • You can allowlist the file without risk.

Why this happens

The StandalonePHPEnkoder.php file is part of GravityView. It is responsible for obfuscating email addresses to protect them from spambots. When you add an Email field to a View, the script ensures that addresses are readable to humans in the browser, but hidden from automated crawlers.

The use of eval()  is part of how the PHPEnkoder tool decodes the obfuscated email in the browser. Although this looks like suspicious behavior, it is expected and safe.

Security plugins such as Defender Pro may incorrectly flag this code as malicious. This is a false positive and not an indication of any compromise.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us