This Plugin was created to help WordPress admins clean infections off their site. It was inspired by my own need to to clean up one of my BlueHost accounts after a pretty bad hack (see How It All Started). It is still a little rough around the edges and I want to add many new and exciting features. It is currently being offered completely FREE of charge, though it did take quite a lot of time to develop, test, and make nice.

This project will continue to need my energy to keep it effectively getting rid of new threats and patching new vulnerabilities. That is why I am asking anyone who can, to please make a donation to keep it going.

Eli Scheetz


  • Thank you very much! Your plugin rescued my website and saved me a lot of time by not having to use the backup to restore it. I did few other scans from some 'pro' antivirus plugins, but nothing seemed to work, and they ask for a lot of money to go premium with no guarantee that it's going to solve the problem... With your plugin it's different, I could test it first. Thank you so much! It was a pleasure to send my donation too.
    -- Przemyslaw Jarocki

466 Comments on "Home"

  • On February 24, 2019 at 9:49 am, Alvaro Bulnes said:

    acabo de instalar tu plugins pero parece que no opera con la nueva versión de wordpress, cuando lo corro el programa me lanza a una pantalla a parte para scannear solo un momento para despues quedarse detenido.

    • On March 6, 2019 at 1:07 pm, Anti-Malware Admin said:

      Mi plugin opera con la nueva versión de wordpress.

      Me gustaría ayudarte a entender por qué no está funcionando para ti. ¿Podrias enviarme una captura de pantalla del escaneo un momento después de que se detenga?

  • On February 21, 2019 at 4:30 pm, Bezalel Jim said:

    Does this plugin scan the database and fix malware there?
    Since i am using pro version but the virus seems to occur again and again after fixing. I have a doubt that the virus is actually in the database which is why its occurs again.

    • On February 22, 2019 at 7:59 pm, Anti-Malware Admin said:

      Yes, the plugin does scan the database.

      If it is removing these threats but they are coming back sometime after that then your server still has some vulnerability that is letting the hacker in. It could be another site hosted on that same server, if you are on a typical shared hosting account then it is likely very easy for the malicious code to jump around from site to site and come back to your site over and over. It would need to be removed from every site on that server or you would need to move your site to a more secure hosting environment.

  • On February 18, 2019 at 6:33 am, Zhihan said:

    My site was infected and I used your plugin to effectively scan and removed the affected files. Thanks a lot for the good effort to share your work with the rest of the world!

  • On February 15, 2019 at 7:44 am, Mahmoud Almaghraby said:

    hello team

    i have site wp installed in sub-directory.
    your plugins can scan sub-directory?
    or i must install wp in root server?!

    • On February 15, 2019 at 8:24 am, Anti-Malware Admin said:

      My plugin will work fine from the sub-directory, and you should even be able to scan the root from there too.

  • On February 12, 2019 at 9:52 am, HL said:

    Hello, just wondering if the donation for the Pro version is yearly?

  • On February 9, 2019 at 2:42 am, Nathalie said:


    Can you tell me what level of donation includes everything, i.e. monitoring, automatic update/clean up, etc.?

    Also, 85% of my websites are html only but were subject to hackers in January. If I add wp in a subdirectory (like domain.com/security) and install the plugin in that directory, will it protect all the content in the public_html folder?


    • On February 9, 2019 at 10:00 am, Anti-Malware Admin said:

      This is a self-help plugin for end users like yourself to use to check and clean your own site on your own time. I do not currently offer any monitoring or clean up services beyond what the plugin can do for you. If you donate $29 or more then you will have access to all the current premium features on all your sites registered under the same account/email (including: automatic updates, core file definitions, and the brute-force login patch).

      Yes, you can install WP into a sub-directory and then use my plugin to scan the root site. There is also another possible options for scanning HTML sites. If those sites are already stored inside a sub-directory within the public_html folder for the main website on your hosting account then you should be able to scan them all from that main site if you install WP there.

  • On February 7, 2019 at 8:38 am, NILANJAN SEN said:

    How much do I need to donate to get regular updates?

  • On February 5, 2019 at 10:31 pm, walt k said:

    thanks for your plugin + updates.
    goodhelp for my scamed website !
    thanks !!!!

  • On December 18, 2018 at 5:33 am, Alan said:

    How do i download the plugin?

  • On December 1, 2018 at 12:33 pm, Fatih said:

    If I donete, Can I use pro version on multiple website?

    • On December 1, 2018 at 4:15 pm, Anti-Malware Admin said:

      Yes, you can. Just register all you site’s keys under the same email address and you donation will count for all of them ;-)

  • On November 19, 2018 at 4:30 pm, Webmaster Revista Fairway said:

    Great plugin, thanks for share it!

  • On November 19, 2018 at 3:57 am, Tomal Siddik said:

    I wanted purchase the the plugin. How can i purchase this premium plugin? I wanted use any web site and wanted removed malware.

    • On November 28, 2018 at 11:25 am, Anti-Malware Admin said:

      Just install and activate the free plugin. Then register the installation Key from the pre-filled registration form on the Anti-Malware Settings page in your wp-admin. Once you make a donation of $29 or more then all the premium feature will be available to any sites registered to your account.

  • On October 31, 2018 at 6:21 am, Bobby said:

    Thanks for sharing this amazing plugin on WordPress Plugins to easily run a complete scan to automatically remove known security threats and backdoor scripts from WordPress powered website or blog. It is helpful!

  • On October 9, 2018 at 8:08 pm, coinworldstory said:

    my website redirect to another website is this plugin help

  • On October 4, 2018 at 10:57 pm, inbal MESHULAM said:


    I did full scan and i got this message:
    “Core File Changes”
    what can I do?


  • On September 30, 2018 at 1:26 am, Lawrence said:

    This WordPress security plugin is the real definition of Malware protection when it comes to protection of WordPress websites.

    I really love the security plugin functionality

  • On September 23, 2018 at 11:38 am, Different Truths said:

    I have this code which is showing up in my header file which is showing as malware. Please fix it …/public_html/wp-admin/admin-header.php

    • On September 23, 2018 at 7:57 pm, Anti-Malware Admin said:

      This malware is in my latest definition updates. Please make sure that you have downloaded the latest definitions and then run the Themes – Quick Scan, or the Complete Scan on the wp-contents if the Quick Scan fails. It should then show the infected files and you can click the automatic fix button to clean those selected files.

      If you have trouble with any of this then please send me a screenshot of the scan results so that I can see what’s going on.

  • On August 11, 2018 at 1:18 pm, MATTHEW LAVANISH said:

    Hi Eli,

    Great plugin. Thanks for keeping this going. I’m using it following an infection just to make sure I found everything.

    Two questions:
    1) The first time I ran the plugin (pre registration) it flagged a lot of files as suspicious. Once I regiestered and donated, it no longer flagged these files. Is that just a result of having updated and better definitions?

    2) Is your plugin scanning the database as well?


    • On August 18, 2018 at 7:52 am, Anti-Malware Admin said:

      1) Yes, once you register and download the latest definition updates then the plugin can find and fix Known Threats so there is no longer a need to guess at Potential Threats.

      2) Currently (as of version 4.17.69) my plugin scans the filesystem to remove Known Threats in the code. I am work on a DB Scan now that will find and remove any SQL Injection in your database. This feature should be available in my new plugin release (coming soon).

  • On June 11, 2018 at 5:14 am, Murad Khan said:

    I Really Love Your Plugin I Just Have a suggestion to add History Page for old treats.

    • On June 12, 2018 at 7:23 am, Anti-Malware Admin said:

      There is a brief Scan history on the Scan Settings page and I am working on adding more details and rescan options to that for a future plugin update. You can also find a complete and detailed history of every threat that was fixed with myplugin on the Quarantine page in your wp-admin.

  • On June 10, 2018 at 7:06 pm, sherry b. said:

    Eli, you continue to have my eternal appreciation for your work and this wonderful plugin!!! Thank you again so much for your time and willingness to be a help in this world!


  • On April 30, 2018 at 6:01 am, Phil Whyte said:

    Hi, I found your plugin after all of my sites (15 separate web sites) were blocked by Microsoft on 27/04.

    I downloaded, installed and used your plugin and it was very easy to set up and use. I ran a full scan on one website and no malware or threats found – which was reassuring although I wasn’t sure whether there may have been something it hadn’t found. Anyway, Microsoft has since unblocked the sites so all is back to normal.

    Thank you for developing a great plugin that will hopefully keep my websites malware free. In return, I have donated your suggested $29 fee.

    One question: On your Donations page it states I can use the plugin on as many sites as I want?

    If so, I have installed it on a second site and it wouldn’t let me use the same installation key, I had to re-register the plugin again. Because of that, I couldn’t enable the ‘Core File Changes’ definitions or updates, it states: “Donate $29+ now to get Automatic Definition Updates and use the Core Files definitions.”

    I have used the same credentials to register on three of my separate WordPress sites so I need to know whether each site requires a new key and a new donation of $29 or if not, what I have missed?

    Happy to donate every year if I am reminded by the way!


    • On April 30, 2018 at 6:38 am, Anti-Malware Admin said:

      You can only use one key per site but if you register all your sites and keys under the same email address then your donation will unlock the core files definitions on all of them.

  • On April 27, 2018 at 1:24 am, Daniel Williams said:

    Hi, great plugin :) is there a way you can help find the backdoor/vulnerability on a site? Cleaning malware daily, and it’s not using anything unusual plugins wise/all up to date. Can’t stop it coming!

    Many thanks

    • On April 27, 2018 at 5:33 pm, Anti-Malware Admin said:

      Look in the Anti-Malware Quarantine to get the exact infection times and then cross reference these times in the access_log files on your server to find out if there is a script on your site that is responsible for rewriting these infections. If you find anything suspicious please send it to me so that I can examine it. If there is nothing in the log files at the time of these infection then your server is infected at a root level and you should probably move your sites to a move secure hosting environment.

  • On April 25, 2018 at 9:49 am, Nicola Chilo said:


    I’ve installed and registered the plugin since 2016 in one of my wordpress websites but in this lasts months, even if updated, it couldn’t update its definitions anymore.
    May you how why?

    By the way since the end of last year the sw worked great and found it really effective.
    Thanks in advance for your help.

    • On April 28, 2018 at 7:12 pm, Anti-Malware Admin said:

      I’m not sure why it has stopped working for you. You could check your browser Console for JavaScript errors and disable any BHOs that might be blocking the update script. You can also look in your error_log on the server to see if it is being blocked by something on the server.

      If you can find anything wrong please send me a direct email with a screenshot of the Anti-malware Settings page in your wp-admin so that I can try to help you further.

  • On April 18, 2018 at 4:22 pm, Tony said:

    My site was hacked and it is now suspended until I remove the malware. I have all of malicios files, I need to clean up those files in order to reinstate my site back on the web. Thanks in advance.

    • On April 20, 2018 at 8:20 am, Anti-Malware Admin said:

      Can you send me these files or send me a screenshot of the files so I can see how to help you with this (direct emails with attachments work best)?

  • On April 8, 2018 at 8:09 am, Geison Cruz said:

    Wow, this plugin works pretty well, as soon as I make a payment to my account, I’ll make a donation. Worth it. Excellent work

  • On March 30, 2018 at 12:28 am, MissKeera said:

    Any chance you’d add bitcoin as a donation method?

    • On March 30, 2018 at 9:03 am, Anti-Malware Admin said:

      No, I only have PayPal because it’s the most widely accepted form of online payment. You can also use a credit card on the PayPal website but I am truly sorry if that does not work for you.

  • On March 21, 2018 at 2:32 am, Andy said:


    First of all I love your plugin, it’s saved me loads of time cleaning infected sites for various clients.

    Can I just ask if you have any plans to support WP-CLI so that it is possible to schedule updates and scans from the command line, this would be incredible useful and would definitely cause me to set up a regular donation to support your work.

    Thanks again!

    • On March 24, 2018 at 10:35 am, Anti-Malware Admin said:

      Yes, I am currently working on a CLI and also a scheduled scan feature. I will let you know when I have something ready for BETA testing…

  • On March 12, 2018 at 10:41 am, قالب وردپرس said:

    Thanks for your suppor

  • On March 6, 2018 at 4:39 am, Christophe said:

    Dear Eli,
    your plugin is so fantastic i found it stupid not to have a french translation to enlarge your audience.

    I have translated the readme (stable) and dev (stable + trunk) branch. Contact me if you need more or if you have any questions.

    • On March 6, 2018 at 5:27 pm, Anti-Malware Admin said:

      Wow, Thanks!!!
      I downloaded the fr.po file from wordpress.org and I’ll have it added to my next plugin release ;-)

  • On January 20, 2018 at 1:35 pm, Copper said:


    Thank you for your time. I installed and ran the program. It only found potential threats. But I ran on Sucuri again and it shows that there is Malware. Not sure what to do. Any advice much appreciated.


  • On January 16, 2018 at 10:16 am, Rogerio said:

    Hi there,

    First of all, congratulations on your fantastic work!

    Regarding Multisite installation, I was wondering what would be the best practice and hope you may elucidate that for me.

    Let’s say that my primary domain is MyDomain.com and at this multisite structure I only have several sub-directories such as: MyDomain.com/site1, MyDomain.com/site2, MyDomain.com/site3 and so on, with no other different domain on it. What would be the best choice from the bellow options?

    1) Let’s suppose that I install the plugin but leave it active only at my primary domain. Once I scan it, will it scan every other site (subdirectory) on my network? Will the sub-directories be protected against brute force attacks at their specific WP Admin Login pages? In other words, with a single installation at the primary domain with the proper setup of the Sacn Settings and often looking for New Definition Updates to keep it updated, will all my sub-directories be protected as well?

    2) If I install it at the primary domain and activate it through the entire network but I only setup the proper Sacn Settings and regular look for New Definition Updates at the primary domain, would work better than the first choice above? I mean, in this case will the scan go through every subdirectory and all login pages be safer against brute force attacks than the first option, but still easy to manage it through the scan setting and regular updates on the primary domain?

    3) Or neither one of the choices above would be the best practice and the proper approach would be install and activate it through the entire network (with the same email address as I have read in other comments), but setup the Scan Settings individually and look for New Definition Updates very often in each one of the subdirectory WP admin panel?

    I hope I have made it clear ;-) and you could help me out advising the best approach for this particular scenario.

    Thanks a lot for your time and help.

    Have an awesome week!
    Rogerio Barreto

    • On January 17, 2018 at 6:17 pm, Anti-Malware Admin said:

      First, to be clear, multisite installations use the same set of core files for all sites. That is why only the Network Admin can access the setting and run scans. Also, as a Network admin you can run the scan from any site and it will scan the same files.

      Now for the best practices for a multisite installation: after installing the plugin it would be best to Network Activate it from the Network Admin menu. Then you should go to the wp-admin for each of the sites and register the uniquely generated installation key (you can use the same email address for all registrations so that they will all be on the same account). You can also change any settings or firewall options that you would like to on each site.

      You can run the Complete Scan from any site as long as you are a Network Admin.

      • On January 17, 2018 at 7:08 pm, Rogerio said:

        Thanks a lot for the reply with the explanation. I will follow the advise.


      • On January 17, 2018 at 7:23 pm, Rogerio said:

        Just one last doubt. Since the scan may be managed from the main site, what would be the best practice regarding the Download of New Definition Updates. If I check the main website admin panel constantly to keep it up to date and run the scan from there, would I still need to worry about Download the New Definition Updates in very single panel of my Network?

  • On December 6, 2017 at 4:09 am, Colin James said:

    Been using this on most sites I run for a number of years now. Have pretty tight security with iThemes Security Pro and Wordfence Pro. On the odd occasion something slips through and gotmls cleans up the mess. Ran into major problems today on a new site for a client. After panic stations gotmls sorted the problem out.
    A must have piece of kit for every website I build.
    Five stars+

  • On November 28, 2017 at 10:18 pm, Stephane said:


    First, thanks a lot for your plugin.

    I launched a “complete scan” and right now, I just have the following information “Complete Scan of www started 20 hours ago and has not finish” without further indication of how much is actually done and/or how much is remaining to be done. I left the default settings : “Scan Depth -1″ and “skip files with the following extensions…”.

    How long can it take to complete a full scan ?
    Thank you.

    Best regards,

    • On November 29, 2017 at 6:34 pm, Anti-Malware Admin said:

      It sound like the Complete Scan was interrupted before it was able to finish. You have to stay on the scan results page as it runs the Complete Scan and then fix any Known Threats that it finds before you leave that page.

  • On October 30, 2017 at 7:26 pm, scene king said:

    you are moderating and deleting my comments, not very professional

    • On October 31, 2017 at 7:36 am, Anti-Malware Admin said:

      No, I’m not actually. I was just sleeping (most humans do that sometimes). When I woke up this morning and got to work I saw and replied to all your comments. Perhaps you should wait more than 5 hours and 6 minutes before jumping to conclusions like that.

      Anyway, If you are willing to give my plugin another try and send me some screenshots of the results you are getting then I am sure (with a little patience) you will find that my support is very professional (especially when you consider that the both the plugin and my support of the plugin are free).

  • On October 30, 2017 at 7:25 pm, scene king said:

    does not have a way to remove the virus/malware

    skips alot of files

    i removed all exclusions, still skips files

    • On October 31, 2017 at 7:28 am, Anti-Malware Admin said:

      What do you mean that there is no way to remove the malware? Does it find the Malware (there should be an automatic fix button)?

      I just replied to your other questions that you left on the Members page. I tried to update you account to use the core files definitions in the hopes that it would help you but it would appear that you are not using my plugin a ny more. You should try contacting me directly for more help as I don’t feel like you have provided me with enough info to really help you.

  • On October 30, 2017 at 6:27 am, Giovanni said:

    Hi, I tried your plugin but did not find anything. The web site is infected as you can to verify with sucuri. Do I miss something in plugin settings?

    Thank you very much

    • On October 30, 2017 at 7:09 am, Anti-Malware Admin said:

      It looks like the only thing that is still not fixed on your site is that the site Title has been changed to “Hacked By Pak Monster, etc., etc…”. You can change the Title of the site on the General Settings page of your wp-admin or you can check the header.php file under Appearance -> Editor. Please let me know where you find it.

  • On October 28, 2017 at 6:31 pm, Emile said:

    Trying this wonderful tool, so far I love it. Will definitely donate as soon as my cleaning finishes.
    Just a recommendation, on each site I am running it, I have to manually delete .ico from the exclusion list (skip names)
    I am having endless threats shit in form of .ico named like favicon_239e5e.ico, favicon_dec111.ico, favicon_e69c66.ico
    So, maybe ICO don’t have to be in the skip by default.
    anyway, now I deleted ALL the skips and scanning even jpgs :) ))))
    I always wanted to be a carpenter

    • On October 29, 2017 at 7:52 am, Anti-Malware Admin said:

      Thanks! I set the ICO and other image file type to be excluded by default because those file types cannot be executed directly by your server when they are called up in a browser, they are essentially harmless on their own. It take another PHP file with an include statement to invoke the malicious code in an image and so that is what my plugin looks for by default, effectively rendering the code in the image file useless. You can change those defaults as you have done and this will help you with a thorough cleanup but it will also take a long time to scan all the binary image files that are harmless, so it is not recommended by default.

      P.S. I too find a sense of joy and satisfaction in building stuff out of wood ;-)

  • On October 23, 2017 at 4:14 pm, D said:

    Not sure if this is the right forum for this, but I have a question about an error I received when trying to log into my WP dashboard. The error is posted below:

    26934705: NO_JS

    You have been redirected here from [...] which is protected by GOTMLS Anti-Malware

    If you offer any guidance in identifying this error code, I’d appreciate it.

    Great software and thanks for putting together.

    • On October 24, 2017 at 10:04 am, Anti-Malware Admin said:

      This error indicates that the additional security JavaScript that was added to your wp-login page was not working when you tried to login. When I checked your login page I could see tha the code is active and working for me. If you try it again and it’s still not working for then you should check your browser settings for popup blockers and make sure that there are no JavaScript error on the page.

  • On October 18, 2017 at 8:56 pm, Jonathan said:

    thanks for great plugins..!!

  • On October 13, 2017 at 1:33 am, abhi jeet said:

    we use your plugin to remove virus from WordPress but sucuri show Malicious code in our site.

    • On October 13, 2017 at 9:01 am, Anti-Malware Admin said:

      Actually your site is now clean. Sucuri caches their scan results so you were seeing the old problem that had already been fixed by my plugin. At the bottom of their scan results page it said:
      *Cached results from more than 2 days ago. Force a Re-scan to clear the cache.

      So I clicked on the “Force a Re-scan” link and it came back clean.

  • On October 12, 2017 at 8:14 pm, Camo said:

    Got to say buddy, this anti-malware plugin is a gem. Appriciate the efford. Will donate when I got a chance, as a student don’t have much to spare though.

  • On September 14, 2017 at 9:52 am, siraj said:

    Hi, I just installed your plug in and did a quick scan and the result was 19 potential threats. But I can see the button fix the issue. can you help me with it please.

    • On September 15, 2017 at 3:08 pm, Anti-Malware Admin said:

      First you need to register your key and download the latest Definition Updates. Then you can run the Complete Scan and the Automatic Fix button will show up if any Known Threats are found.

  • On August 19, 2017 at 10:04 pm, Bala said:

    my wordpress website is throwing popup and redirecting to some irrelevant links when visiting my website. i think that this is some javascript malware attack. Is my assumption is right..?

    if yes. pls provide some advice…

    with thanks..

    • On August 20, 2017 at 9:13 pm, Anti-Malware Admin said:

      Yes, It’s probably malicious JavaScript output that is invoking this redirect, but the source might be encoded in a PHP script, if so then my plugin should find it. If it’s not in a PHP file or my plugin is not finding it then you could check the content of your pages and posts to see if the JavaScript was inserted there, You could also check for text widgets with JavaScript inserted into them,

      If you can’t find it then you can contact me directly through email for more support.

  • On August 18, 2017 at 8:44 pm, Travis said:

    I have a new client who I’m scanning their server. It has been running for about 14 hours now, but it stopped counting time at 695 minutes. The activity at the top has kept moving, but it says “Re-Scanning …” and the Scanned Files count has not increased.
    They are using 1and1, so I understand why it is painfully slow, but I would like to see some progress.

    What would cause this, and is there a way I can get it to progress?

    • On August 19, 2017 at 3:22 pm, Anti-Malware Admin said:

      It might be stuck in a loop trying to rescan all the folders that it has not gotten to yet. There may be a recursive symlink in the path or there are just too many subdirectories to get through them all before your server is timing out. You can check the error_log files on your server, they may hold some clues as to why the scan is getting stuck. You should also make sure there are no cache files in the path, that can make the scan take way too long and the cache files should be deleted anyway if you think the site might be infected. You could try scanning a smaller amount of file by only selecting certain subdirectories at a time (Click the folder names under “What to scan” and select one at a time per scan).

      You could also consider moving the site to a faster and more secure server ;-)

      • On August 21, 2017 at 9:28 am, Travis said:

        Thank you. I let it run until just now (86 hours) and it got up to 97% complete, but it actually dropped the elapsed time to 521 minutes and the files scanned dropped significantly as well.

        I am doing as you suggested and scanning parts at a time, and I AM a faster and more secure server (beep boop, I’m a bot (j/k)) but this is a new client and I have not sold them on the move yet! :)

        Thanks for a fantastic product!

  • On July 28, 2017 at 3:35 am, james gholson said:

    I hid my wordpress login with wordpress security and get this error message. How do I get help fixing this? Can you help? I am locked out…jg

    Warning: include(/homehdd/ggholson/public_html/wp-content/plugins/gotmls/safe-load/session.php): failed to open stream: No such file or directory in /homehdd/ggholson/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php on line 17

    • On July 28, 2017 at 12:24 pm, Anti-Malware Admin said:

      There seems to be files missing from the installation of the gotmls on your site. You should try deleting the whole gotmls folder in the plugins directory on your site, then you can reinstall and it should work fine.

  • On July 22, 2017 at 1:43 pm, Simon C said:

    The scanner reports a backdoor alert from a sucuri file. This is a new client’s existing website, so I don’t know if he’s ever had a sucuri account. The file sits on the root and starts with sucuri- then a bunch of alphanumerics. Is this anything to be concerned with?

    BTW, I’ve already donated, but not through my account or the plugin. It’s from the same PP email I used to register.

    /* Encoded to avoid that it gets flagged by AV products or even ourselves :) */
    $tempb64 =

    eval( $tempb64

    • On July 22, 2017 at 3:35 pm, Anti-Malware Admin said:

      That code is not part of the sucuri plugin. It looks like something sucuri might have put on there if you hired them to fix your site but I can’t be sure. You can remove that code and it shouldn’t affect the functioning of your site.

  • On June 13, 2017 at 2:38 am, Senkale said:

    I have just used your plugins and it was so amazing . I will soon make my own donation. keep up the good work

  • On May 4, 2017 at 5:35 am, Rob Turner said:


    Seeing maldet hit that is causing sites with gotmls plugin to 500 error:

    {YARA}WebShell_Generic_PHP_5 : /home/victor40/public_html/wp-content/plugins/gotmls/images/index.php => /usr/local/maldetect/quarantine/index.php.1029613727

    I think maldet is quarantining it. Breakign the plugin and the site.

    This is a FYI notification.

    I am enabling using and then disabling the plugin each time I scan now.


    • On May 4, 2017 at 2:54 pm, Anti-Malware Admin said:

      This is a false positive that has already been fixed on both sides. You have an older version of my GOTMLS plugin and/or you have an outdated YARA definition file for maldet.

  • On April 27, 2017 at 9:40 pm, Perth Home Cleaners said:

    Easy to use plugins. I found it very helpful and protective.

  • On April 22, 2017 at 4:28 pm, Jalil Mehar said:

    Great Plugin I am going to donate next month.

  • On March 30, 2017 at 4:36 am, Lohith said:

    Thanks for the awesome plugin. It serves good.

    I am regularly getting attack from malware I am always scanning and deleting them and even now scanning showing everything as fine but still google showing as site may hacked. Any solution for this.

    • On March 30, 2017 at 6:56 am, Anti-Malware Admin said:

      After cleaning your site you need to login to Google Webmaster Tools and Request a Review to get your site off the blacklist so that warning will go away.

  • On March 23, 2017 at 11:38 am, Adel Serag said:

    I just donated for the plugin, but I face a problem that after fixation of the threats either manually or automatically, they come back? and the website is still red assuming unsafe!!

    • On March 23, 2017 at 12:07 pm, Anti-Malware Admin said:

      Thanks for the donation, everything look from my end, I see no infections now. If you run another scan does it find anything now?

  • On March 9, 2017 at 8:39 pm, Tirlok Singh said:

    It’s a great plugin but the issue is that i run the scan and it has removed the malware but after sometime it is again infected. It is malware code can you help me . Do you have any definition for this malware ?

    • On March 10, 2017 at 9:51 am, Anti-Malware Admin said:

      Ha, the hacker messed up on the first injection and the Hex code was not escaped properly, so the first part of that code does not even work as they had intended it to, they got it right the second time though. I have added this new bad hack to my definition updates so it can be completely removed now.

      The bigger issue for you is: How did they inject that malicious code into your site in the first place, and will they try to do it again?
      If your server still have the same vulnerability then you may still be susceptible to reinfection by this threat. Keep in mind that it may not even be your site that is vulnerable but possibly another compromised site on the same server that is spreading the infection to your site. If you are on a shared hosting plan then you should seriously consider changing hosting providers.How many site do you have on this host and do you have any other hosts you could easily move to?

      • On March 14, 2017 at 7:24 am, Roger said:

        I’ve also been infected with this bad hex code injection, lot’s of .php files injected in the server (shared hosting with 42 sites right now). I think i need to step out this shared hosting thing (keeps giving problems). Why do hosters still aprove this?

        • On March 14, 2017 at 2:38 pm, Anti-Malware Admin said:

          The typical shared hosting account is particularly susceptible to cross contamination, witch is what makes it such a target for hacker. I don’t know why the hosting providers don’t protect their clients more except that they usually benefit from the opportunity to up-sell you to one of their “more secure” hosting options, usually at some much greater price. I myself have created a Super Secure Hosting environment that solves this cross contamination issue. It is admittedly more costly than the shared hosting plans from the mega giants, but with my focused on security I have found a way to prevent this cross contamination threat. If you would like to migrate your sites to a new secure host then you can contact me directly and we can work on a hosting solution that meets your needs.

  • On February 10, 2017 at 2:58 pm, Kate said:

    I did a scan with your plugin, then did “fix selected files”, and now…only my homepage exists. Everything else (my blog, my about page, etc) have gone to 404 Not Found Error. (Which is slightly better than the Canadian pharmacy, I guess.)

    • On February 10, 2017 at 9:15 pm, Anti-Malware Admin said:

      Check your .htaccess file in the site root. The hack might have replaced the normal WordPress code, and now that the hack is gone there may not be anything there. You can go to the Permalink Settings in your wp-admin and save the setting on “Plain” and then change it back to “Post name” or whatever it was before, and that should rewrite your .htaccess file for you.

  • On February 3, 2017 at 11:56 am, Sunny said:

    Any fix for the malware MW:JS:GEN2?malware.injection.rfcc2 the scan doesn’t find it, but the sucurti scan is showing 4 infected URLs with MW:JS:GEN2?malware.injection.rfcc2

    • On February 3, 2017 at 3:36 pm, Anti-Malware Admin said:

      Sucuri caches their scan results. See the note at the bottom of their scan results page:
      *Cached results from 48 hrs ago.

      Just click the “Force a Re-scan” link to clear the cache ;-)

  • On January 19, 2017 at 4:08 am, Varun Bansal said:

    How to delete all files from quarantine together? What is the SQL query. Can you please help ?

  • On January 9, 2017 at 7:15 pm, parminder singh said:

    Great plugin, I want to know that is your plugin is same as sitelock.com, as there prices are too high i want to go with your plugin?

    • On January 11, 2017 at 4:06 pm, Anti-Malware Admin said:

      In general I would say that there are all sorts of differences between the great many security programs out there, each one with it’s own strengths and weaknesses and having a wide range of quality and value to offer. I try not to say much about my opinions about other specific security software/providers and I would not like to be compared to Sitelock in any way, but I would have to agree with you that their prices are too high ;-)

      Anyway, the nice thing about my plugin is that you can try it for free and let me know what you think :-D

  • On December 12, 2016 at 12:57 am, Marco L said:

    Hello. I just did a scan. I’ve fix all items.
    After 20 min, I have already found new malware folders and files in themes and root.
    How is it possible? I also did update with $ 14 donation. can you help me?

    • On December 12, 2016 at 10:53 am, Anti-Malware Admin said:

      It is common to be targeted for automated re-infection once your site has been breached. The server may have a root vulnerability or a scheduled task that will cause your site to get reinfected on a regular basis. There may also be many other infected sites on that server that are spreading the infection around and helping to keep this virus alive on that server. Is this a shared hosting account? How many sites tdo you have on this server?

      • On January 23, 2017 at 6:20 pm, Juan R said:

        HI, I have the same problem all my site are infected on Hostgator hosting 4 site total. any recommendations?

        • On January 24, 2017 at 8:59 am, Anti-Malware Admin said:

          It sounds like you need to get your sites off of Hostgator and onto a server where they will not be reinfected any more. I offer Super Secure Hosting for this exact reason and your sites will not get reinfected on my servers.

  • On December 9, 2016 at 7:15 am, Noavard said:

    Thanks for the really useful plugin, a tool that can protect us from very dangerous malwares.

  • On November 1, 2016 at 3:17 pm, Edward Abraham said:

    Long time user, fantastic product. Thank you for putting so much effort into a tool that is free to use. I have donated and will continue to do so as is needed and as I build new sites for clients.

    Thank you again for the hard work and for sharing with the world!!! ALOHA!

  • On October 26, 2016 at 4:55 am, Angela said:

    Hi is there a way to use your software for html website?

    • On October 29, 2016 at 12:53 pm, Anti-Malware Admin said:

      Because it is designed as a plugin for WordPress it cannot currently be run directly on any site without WordPress installed. I have plans for a stand-alone version but it is not finished yet. I the mean time you can either install WordPress on that site of copy the files from that site into a subdirectory on another WordPress site to scan it.

  • On October 21, 2016 at 10:22 am, john said:

    can you fix the error on line 1247 of gotmls/index.php

    die(“\n//Permission Error: User not authenticated!\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() – “.$sess.”000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById(‘offset_id’))\n\t\tform_login.value = GOTMLS_login_offset.getTime() – GOTMLS_login_offset_start;\n\tsetTimeout(set_offset_id, 15673);\n}\nset_offset_id();”);

    • On October 21, 2016 at 11:00 am, Anti-Malware Admin said:

      There is no error on that line or in the code you copied here. However, I did notice that this code on that line was from an older version of my plugin. Please upgrade to the newest version and then, if you are still getting an error, please send me a screenshot of the error you are seeing so that I can find the true source of that error.

  • On October 17, 2016 at 4:01 am, Marathi Calendars said:

    Hello Support team,

    My site marathi-calendar.com redirects to redirectoffers.org and then some type of offers on mobile app.

    What should i do?


    • On October 17, 2016 at 7:51 pm, Anti-Malware Admin said:

      Install my plugin, then register your installation key and download the latest definition updates, then run the complete scan and my plugin can automatically remove any Known Threats it finds.

  • On September 17, 2016 at 6:01 am, Mike said:

    Getting the following message – Quick Scan of html started 12 hours ago and has not finish?

    The full scan timed out after about 10 seconds. I have over 1600 post, bunch of photos etc etc.. Any ideas?

    • On September 17, 2016 at 11:03 am, Anti-Malware Admin said:

      It does not matter how many posts or photos you have, that will not make it take longer. Besides, the problem you are having is not that it’s taking a long time but rather that the scan is not finishing (maybe ever).

      Quick Scans only take a few minutes. If it’s not finished in a few minutes it’s not going to finish.

      As for the Complete Scan, I’m not sure what you mean by “timed out after about 10 seconds”. Can you send me a screenshot of that?

      It ma also help to check the error_log files on your server to see what is actually causing these problems you are having.

    • On November 1, 2016 at 3:13 pm, Edward Abraham said:

      This could also be dependent on you hosting resources. jm2c

  • On September 13, 2016 at 5:11 am, Subesh Gupta said:

    Hi , Just download your plugin. I just found my malware script here. but how to remove it from my website it. Its been affected all of my .php files and published. So google gives me RED warning. Please HELP HELP HELP

    • On September 14, 2016 at 11:56 am, Anti-Malware Admin said:

      Make sure you have the latest definition updates, then you can simply click the Automatic Fix button to remove the malicious code from those files.

      After you have a clean site you will need to “Request a Review” from your Google Webmaster Tools account so that google will remove that warning.

  • On September 3, 2016 at 10:35 am, ano said:

    how can I revoke whitelisted items?

    • On September 3, 2016 at 5:37 pm, Anti-Malware Admin said:

      remove the “GOTMLS_definitions_array” row from the wp-options table and download the latest definition updates again.

      • On June 30, 2018 at 1:24 pm, Matts Norrgard said:

        First of all, thanks for a good plugin!

        My question is where I can find the “wp-options table”.
        Pls advice.

        • On July 1, 2018 at 1:47 pm, Anti-Malware Admin said:

          The wp_options table is in your database. There is no direct DB access built into WordPress so you would need to access the DB through your hosting control panel (or PhpMyAdmin).

  • On August 6, 2016 at 4:07 am, Andreas said:

    I used your plugin for a site that I was told has malware on. found it and removed it. I loved it right from there.

    I would love to install this on all my sites and clients site. is there a volume deal/lic I can buy so I can use

    • On August 8, 2016 at 2:30 pm, Anti-Malware Admin said:

      Just use the same email address when registering all the other sites and they will all be under the same account. Donate as much as you would like on site that is registered to that account and you donation will be reflected on all those sites ;-)

      • On August 10, 2016 at 5:44 am, Andreas Pastor said:

        OK all done. One last question. Is there any plans to have this run automatically and sent out an email if anything is found?

  • On August 4, 2016 at 8:37 am, Tom Thayer said:

    Just donated. Keep up the great work. :)

  • On July 9, 2016 at 4:43 am, kerry banz said:

    I just downloaded your plug. I ran the scan and a threat was identified in Read/Write Errors. There was no repair button with the link it identified when I hover over the link I get a message “failed to read this file! (readable? Eww-r–r-r–]). Since I am a novice at this (or anything that falls under IT/programing), I was wondering if you could let me know what I need to do next.
    My email has been spoofed and I am receiving up to 100 “undeliverable” email messages an hour. I was able to figure out that the spoofer used my shared server to get to me…and yes, I have now been educated on why not to use a shared server (and will be rectifying the issue as soon as I can get the “undeliverable” email notifications to STOP!!

    Thank you,

    • On July 9, 2016 at 9:55 am, Anti-Malware Admin said:

      Read/Write errors, by definition, cannot be fixed automatically. Those are files that my plugin could not read or write to, therefore my plugin cannot fix them for you. It does not mean that those files are malicious but you will need to investigate and fix the permissions manually (with escalated permission because anything running under PHP, like my plugin, will not have the necessary access).

  • On June 23, 2016 at 11:56 am, Darko Zoric said:

    I recommended this plugin to all wordpress admins.. I installed this plugin and find malware scripts in Potential Threats .. My malwares is for sending automatic emails and all scripts is with extension .php … So i suggest you all to open files in Potential Threats and check all.. Again, great plugin, Thanks

    • On June 23, 2016 at 3:59 pm, Anti-Malware Admin said:

      Thanks for great recommendation!

      Also, if you will send me those Potential Threats that you found malicious code in then I can add them to the Known Threats in my next definition update so that they can be automatically removed.

  • On June 23, 2016 at 6:38 am, Primoz Kvaternik said:

    I have a serious problem. I am under constant attack for 2 of my blogs where I have installed your plugin. The point is that today Google blacklisted both of my blogs because of malware… I’ve got the following message “Warning – visiting this website may harm your computer!” and from Google search you simply cannot access these sites.

    I am asking you do you have any solution for that, because as soon as I clean the site using your plugin at once after some time, maybe even hours it is affected again. As Google needs 24 hours to put site back again it will be again affected and it is practically dead.

    • On June 23, 2016 at 7:30 am, Anti-Malware Admin said:

      Your sites are clearly not safe on the server you are current hosting them on. In order to keep them from getting reinfected by this same exploit you may need to move them to a more secure hosting environment. I do offer Super Secure Hosting for situation such as this. You can sign-up for my hosting here if you need a place to host your sites that is safe from these hacks:

  • On June 3, 2016 at 4:12 pm, RK1 said:

    Hi – great plugin. I’m getting this message in the admin window. Can you please tell me what this means?

    “Another Plugin or Theme is using ‘Bot_ContentGenerator::addLinks’ to handle output buffers.
    This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).”

    • On June 8, 2016 at 5:23 pm, Anti-Malware Admin said:

      That message means that there is some code on your site that is invoking an output buffer handler which can alter the content that is displayed on your site. It is difficult to detect exactly where that code is included but my plugin should find it if you run Complete Scan with the latest definition updates installed.

  • On May 31, 2016 at 4:24 am, JK said:

    Question: This plugin is simply great and cleaned up all malicious codes. How do we prevent future attacks from happening? Let me know.


  • On May 6, 2016 at 5:31 am, Kenneth Black ken@socialsaleshq.com said:

    What do we do with Potential threats ? How do we delete these and get rid of these threats ?

    • On May 6, 2016 at 11:47 am, Anti-Malware Admin said:

      As the notice on those results states: Those files are likely not malicious at all. So you don’t need to do anything with them. That’s why my plugin does not automatically fix them. However, if your site is still infected and there are no Known Threats (in red), then you may want to have a professional take a look at those files first to see it the infection might be in those somewhere.

  • On May 3, 2016 at 2:52 am, Panduranga Reddy said:

    Excellent work!

  • On April 28, 2016 at 3:17 am, daniel said:


    I want know if possible run the script in other CMS , Drupal for example or only php web sites.

    Thanks a lot for your hard work !

    • On May 9, 2016 at 1:18 pm, Anti-Malware Admin said:

      I’m sorry but this is only a WordPress plugin at the moment. I am working on a Command-Line version but it is not ready for release yet.

      • On December 22, 2016 at 2:59 pm, Matteo said:

        Great! I wait for the day that it will be ready! Yours is the best anti-malaware that I ever seen in my life, wow! Webservers should use it too, not mcafee for example..

  • On April 27, 2016 at 8:31 am, Brian Dean said:

    So for $29 donation you think your plugin should find and clean SEO Malware as well as HTML: HideMe-l [Trj]?
    These seem to be the two I’m having issues removing.

    Let me know and I’ll pay now.

    • On April 27, 2016 at 1:19 pm, Anti-Malware Admin said:

      My plugin should find and clean all those malware infections if you have the latest definition updates, even if you do not donate. However, if you do donate at the $29+ level then you can use the Automatic Updates to install the Core Files definitions and that should make the scan and fix process faster, more accurate, and more effective overall.

      Please feel free to contact me directly with more specific info about your site and your infection if my plugin is not finding it for you.

  • On April 15, 2016 at 2:02 am, Jim said:


    This plugin sounds great. but to upgrade to the premium, how much does it cost and what is that donate button, what if the different?

    In general, donate is up to us how much to give, upgrade premium is a set price, no where to be find?

    Very confusing??? Please explain how it go and work? Thanks

    • On April 15, 2016 at 3:38 pm, Anti-Malware Admin said:

      There are different feature available at different levels of donations (explained in red next to locked features). You should feel free to donate as much or as little as you want, but basically everything is unlocked at the $29+ level for as many domains as you want ;-)

  • On April 11, 2016 at 7:05 am, Robin said:

    I received a message from my hosting that my site had been infiltrated by phishing malware. I tried to run a “Core Scan”, but at 31% it had found a backdoor script but stopped scanning. A pop-up indicated that there was either not enough memory or something else was preventing the scan from completing. The pop-up instructed me to use the “complete scan” feature to scan the site. In so doing the “complete scan” completed 100% but found no malware. How is this possible when the core scan resulted in at least one issue? I have been asked to close my site for maintenance until this issue is resolved. Google Safe Browsing Diagnostic is indicating that my site is “Partially Dangerous”. I sent an email to eli AT gotmls DOT net regarding this issue, and received no response. Please acknowledge and advise. Thank you

    • On April 12, 2016 at 11:26 am, Anti-Malware Admin said:

      I replied to your direct email 7 days ago, right after you sent it, please check your spam folder.

      Did you Fix the Back-door that was found when you ran the Core File Scan? It does not need to reach 100% for you to Fix the problems that it finds. I don’t know of any reason why the Complete Scan would find less than the Quick Scan unless you already fixed that threat or if you are only running the Complete Scan on the plugins and the prior threat was not found in the plugins at all.

      Please try the Complete Scan on the whole site, look for any problems, and let me know what you find.

  • On March 29, 2016 at 3:08 am, Primož Kvaternk said:

    I have installed on 2 of my blogs your anti-malware software which is great. But I have special problem, that intruders put malicious code on a regular basis and I need all the time cleaning my blogs. Do you intend to create a scheduled software triggering?

    Thanks for your reply, Primoz

    • On March 29, 2016 at 3:20 pm, Anti-Malware Admin said:

      Yes, I am currently working on a script that can be executed from the command line and scheduled in your crontab.

      I will make a big announcement when this capability is available as it is a much requested feature.

  • On March 23, 2016 at 10:13 pm, Михаил Беляев said:

    Спасибо за скрипт !! Очень помог !! Успехов в развитии.

  • On March 23, 2016 at 12:43 am, Arno said:

    Your WP plugin is really great.
    It solved a brute forece attack problem I have since month at one of my clients WP blog.

    Is it possible to donate a amout of money via paypal to have a multisite license ?


    • On March 23, 2016 at 7:12 pm, Anti-Malware Admin said:

      You can run my plugin on multi site or on as many individual WordPress installs as you want, and if you register each site with the same email address then your donation will count for all of your sites :-)

  • On March 22, 2016 at 5:34 am, Test Site said:

    Installed the plugin to remove a hack from a test site on a subdomain that we were using. But now I can’t login to my regular WordPress site. I need to either remove the plugin OR figured out how to get around this error message:

    You have been redirected here from (website) which is protected against brute-force attacks by GOTMLS.NET

    Please help.

    • On March 22, 2016 at 7:29 am, Anti-Malware Admin said:

      This is caused by a JavaScript error on your wp-login page. The Events Calendar plugin on your site it throwing a warning and because your server is set to output warning it is breaking my JavaScript output.
      On line 49 of …/wp-content/plugins/the-events-calendar/common/src/Tribe/Admin/Notice/Archive_Slug_Conflict.php the error is:
      “in_array() expects parameter 2 to be array, boolean given”

      To fix this problem you can either deactivate that Events Calendar plugin or fix the code in that plugin or disable the displaying of PHP warnings in your server’s php.ini file.

      Please let me know if I can be of any further assistance in this matter.

  • On March 16, 2016 at 6:16 pm, David Smith said:

    I have made a 14 dollar donation can I run auto repair or do I have to pay another 29 this is for a carity website that has been hacked?

    • On March 17, 2016 at 8:41 am, Anti-Malware Admin said:

      Thanks for your donation, but my plugin will remove know threats and back-door scripts (in red) even if you do not make a donation.

      If you are asking about potential threat (in yellow), these will never be removed automatically because they are likely not malicious at all.

      If you have any more questions or need any more help please send me a screenshot so I know what you are dealing with.

  • On February 11, 2016 at 2:01 am, shamiraz k said:

    very nice
    i love to use this in sites as i am new i haven’t use this before
    really awesome work by you guys keep it up

  • On January 24, 2016 at 1:30 am, Katherine Martin said:

    This is a God send!! Thanks so much!

  • On January 14, 2016 at 5:50 pm, David Norwood said:

    awesome! thanks so much..im worried that the issue may be bigger than I thought as I did a google search for the website and see pages that may have been created by hacker, which is causing the website to be flagged..any suggestions on what action I should take?

  • On January 14, 2016 at 5:24 pm, David Norwood said:

    hi there! I recently signed up for my website, and I love this! However, I got a key and used it on here to sign up and register, but when I log in to wordpress, the right bar says “No key!” also, is the scan actually working??

    - David

    • On January 14, 2016 at 5:40 pm, Anti-Malware Admin said:

      Use the “Get FREE Key” button on the right site of the Anti-Malware Settings page in your wp-admin. Then you the form provided to register the pre-filled key if it prompts you to, and then download the latest definition updates.

      Then you can start a Complete Scan to find and remove any Known Threats ;-)

  • On January 14, 2016 at 11:08 am, Tolly said:

    Thanks for the wonderful plugin. I have one quick question tho.
    The plugin constancy keeps changing my PHP back to 5.2 whenever I update to 5.4.
    It might also be changing my htaccess too.


    • On January 14, 2016 at 11:33 am, Anti-Malware Admin said:

      Thank you but it couldn’t possibly be my plugin that is changing your PHP version. Also, it only changes the .htaccess file when you click on the XMLRPC patch and then it only adds a Directive and doesn’t change anything else in that file. It must be something else that is messing with your PHP settings.

  • On January 9, 2016 at 1:27 am, DebLiz said:

    Just….. God bless you. Seriously. You’re the best thing that’s ever happened to me in 6 years of working with WordPress!

    I haven’t donated yet because I just don’t have the funds, but I promise you as SOON as I get paid for my latest project, I’ll be donating just as much as I can.

    I’ve been in tears over my server being completely inundated with malicious stuff – it’s been awful. I lost most of my portfolio websites and had to just delete most everything. Luckily I was able to get to the admin dashboard for the important sites and I’ve been just praying for a solution…

    I’m currently scanning my site, debliz.com and so far (at 37%) your plugin has detected and fixed one htaccess treat, SIX backdoor scripts, and almost SEVENTY “known threats”!!! I KNEW it was bad… but my gosh!

    There’s also 23 “potential threats” … I’m not sure what to do with them – but I’m tempted to just let your plugin ‘fix’ them without even checking into them. I’m so unbelievably grateful to you for all of your hard work.

    You may very well have saved my entire web business. I cannot express to you how grateful I am. And I’ll show my appreciation monetarily as soon as I possibly can. THANK you so much again!


    • On January 11, 2016 at 3:41 pm, Anti-Malware Admin said:

      Thanks for your kind words and I see that you donated so thanks for that too ;-)

      The Potential Threats are usually not malicious so my plugin doesn’t fix them automatically but if you are still finding malicious content on your site after the auto-fix of the Known Threats then you can click through these potential threats to view the suspect code and decide if it’s something you want to remove or if it looks safe you can leave it there. You can also send any Potential Threats to me directly and I will let you know what I think.

  • On December 22, 2015 at 2:14 am, Rob Edmunds said:


    Have a clients site that has been hacked and possibly a few more, would like to register and pay a donation for use on multiple sites – is this possible??



    • On December 22, 2015 at 8:48 am, Anti-Malware Admin said:

      Yes, each site will have it’s own Key but if you register those Keys using the same email address then they will all be under the same account.

  • On December 11, 2015 at 1:58 am, xriz said:

    hi, i love the plugin and soon will donate. i just have 1 question, is it safe if i delete all files in quarantine? thanks

    • On December 11, 2015 at 7:26 am, Anti-Malware Admin said:

      If your site is now clean and working fine then yes, it’s safe to delete the quarantine but it’s also safe to leave those records in the quarantine. Quarantine records are not a danger to your site and they can be helpful for investigating the source and method used to infect your site.

  • On December 5, 2015 at 6:34 am, Foamy Media said:

    thanks so much for this plugin, it helped remove a back door script which my hosting company could not find!! awesome

  • On December 2, 2015 at 11:22 am, Ruoall said:


    Love the plugin.

    Regarding the donation, if I donate, will I get the Bruteforce and BETA functions to all my sites that I have it installed on or do I have to donate per site?

    • On December 2, 2015 at 1:33 pm, Anti-Malware Admin said:

      One donation per account, you can register multiple site under the same account by using the same email address on the registration form.

  • On November 26, 2015 at 4:42 am, Kristine Allcroft said:

    Hey Eli!
    Thanks for creating this plugin.
    It’s better than Site Lock’s anti malware protection.
    I’m having a bit of a problem. When the scan reaches 93% it starts all over again at zero.
    What’s up?
    I’d like to get a complete scan and move on.

    Happy Thanksgiving!

    • On November 26, 2015 at 8:47 am, Anti-Malware Admin said:

      It’s not actually starting over “at zero”, it’s just going back to “re-scan” some of the files that it failed to read on the first pass. If your server’s memory limit is too low then there may be a lot of files that it failed to scan in bulk, but it will re-scan them and then it will finish. There may then be a number of read/write errors listed in your results, those would be the files that failed the re-scan.

      The overall problem you are facing is entirely to do with your sub-par hosting. I would strongly suggest moving your site to a better host.

  • On November 25, 2015 at 7:25 am, Duncan E said:

    Thanks for a great plugin. I’ve spent the last few weeks tracking an infection on our main webserver with no permanent success. But your plugin has nailed the little bugger once and for all. Well worth the donation!

  • On November 18, 2015 at 7:15 am, Lois said:

    Hi Eli,

    Just wanted to say how much easier your plugin has made to my life & management of my sites! Malware was constantly being injected into my WP sites so much so that Blue Host shut 2 sites down twice. I’d no sooner get them cleaned and I’d be infected again. The amount of money I paid for cleaning and patching was astronomical. I am not a web builder or coder and clearly I was taken advantage of. I found your plugin through a search, installed on sites, (very easy) and now I run scans on my own, clean what comes and have saved myself a small fortune. I have recommended your plugin to dozens of colleagues and I thank you so much for making this available to techies and non-techies (me)!>

  • On November 13, 2015 at 3:26 am, Bill Sierchio said:

    Updated from 4.15.42 to 4.15.44 – Now my scans have come to a crawl – used to be able to complete a full scan in about 30mins, now in 24hrs it only made it to 1% done.
    any suggestions?

  • On November 1, 2015 at 8:53 am, Jennifer Rutherford said:

    i just wanted to drop a line and say how much i like your anti-malware. i run http://www.foogazoo.com, a very simple site that is just meant to make people smile.

    recently, i was attacked by malware, and after several days and trying other fixes, i came across your software. i found it easy to use and most importantly, entirely effective!

    so i wanted to let you know, i just donated the suggested $29. thank you eli!

  • On October 28, 2015 at 3:31 am, Anil said:


    https://wordpress.org/plugins/gotmls/ this shows missing seems plugin i deleted where i can download please give me link.

    • On October 28, 2015 at 12:54 pm, Anti-Malware Admin said:

      Otto at WordPress complained about my plugin’s use of base64_decode. Even though it was totally legit (I use it to decode my definitions blob that stores an array of Threats) he suspended the plugin on wordpress.org saying that it was in violation of the WordPress Plugin Guidelines. I changed the PHP code into an array so it is “human readable” (not that it will make any more sense to most people than that Base64 blob did), but now I am just waiting for them to review the changes and restored the link to the WordPress Plugin Repository.

      For now you can download The new version of my plugin here:

  • On October 19, 2015 at 12:03 am, Dan P said:

    HI Eli,

    does this plugin take server ressources when not scanning (at least not started by me)?

    Using your plugin on several installations on server and get /tmp space issues and Relic alerts all the time even when not running any of them. Is it better to deactivate them after a run?

    Thx a million


    PS.: Couldn’t solve this RUM warning GOTMLS.NET gives me…is it possible that New Relic software (server monitoring by hosting company) makes GOTMLS.NET give me thge warning? I disabled every cache etc …? Thx again for your work & help

    • On October 19, 2015 at 12:09 am, Dan P said:

      before I forget: THANK YOU SO MUCH FOR SUCH A GREAT HELPFUL TOOL… I tested several and yours is the best I have seen!

    • On October 19, 2015 at 12:22 am, Anti-Malware Admin said:

      My plugin does not use up resource when you are not running a scan. If you have the Brute-Force Protection feature enabled then your server may white session information to the /tmp directory, that could be a problem it your tmp space is really limited.

      What “RUM warning” are you getting?

      • On October 19, 2015 at 12:32 am, Dan P said:

        Hi Eli,

        thx for the fast response!!!

        yes, we have /tmp size issues… will look into the size thing

        THis is the warning I get everywhere:

        Another Plugin or Theme is using ‘New Relic auto-RUM’ to handle output buffers.
        This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
        Consider disabling caching and compression plugins (at least during the scanning process).

        any idea??



        • On October 19, 2015 at 1:12 am, Anti-Malware Admin said:

          That warning is just to let you know about any code that has run ob_start with a custom output buffer handler. You should only be getting this message on the Anti-Malware pages in your wp-admin. If you are getting this on other pages then something is very wrong on your site. If you want me to take a look at it then you can send me you wp-admin login, but it is after 1am here so I will get some sleep first and check it out when I get up.

  • On October 16, 2015 at 1:17 pm, Lorie Collins said:

    I have not yet used your plugin as we just came across it; my host provider actually installed this after an SEO malware infection was detected on the client’s site. I just have a question for you.

    It is my intention to begin using this plugin on all our client sites, and I have no issues with signing up each individual client/site, and encouraging them to donate to you. My question is, how does the plugin work with:

    A) multiple domains (domain.com; http://www.domain.com; http:// https://; parkeddomains.com)
    B) if we install the plugin on an under development site (dev.domain.com) and then move it to the live http://www.domain.com, do we need to create a new account when we launch the site? If we register the account on the http://www.domain.com but install it on the dev.domain.com, will it work or create conflicts of any kind?

    I need to know if this will allow a preemptive installation at the beginning of the development, or if it has to be the very last step after launch.

    C) How does it work with Ecommerce sites where part of the website is hosted elsewhere? Example I have a client who’s wordpress that I want to protect is on http://www.domain.com but one of her “pages” is on domain.bigcommerce.com. Will THAT create a conflict? Should we create an exclusion rule so the 2ndary offsite store doesn’t weird out your plugin and create false postives?

    D) What is the size of your installed plugin? We use Duplicator (Free version) for backups. Will this create an issue with the backups due to size (it doesn’t like files 3+ mbs)?

    E) Will caching plugins create any kind of a conflict? w3-total-cache; wp-super-cache; wp-fastest-cache

    • On October 16, 2015 at 3:31 pm, Anti-Malware Admin said:

      A) It works fine with multiple domains/URLs, each domain must be registered with it’s own auto-generated key, but if you use the same email address then all the registered sites will be under the same account.
      B) Just register the plugin again with the same email whenever you change the URL and it will not loose anything and there will be no conflicts.
      C) My plugin will not effect, protect, block, conflict with, or otherwise interfere with any external site. It only scan the local file system on the server that your website resides on, and it only protects the WordPress site it is directly installed on.
      D) My plugin is only about 400KB in total.
      E) Caching plugins are a bit of “can-of-worms”… they tend to conflic with many other plugins in lots of inconsistent or unpredictable ways, and are generally not worth the trouble they can cause, IMHO. At the very least you should turn off caching and delete all cache files before running any kind of scan on your sites. Caching can interfere with the scanning process and also render inaccurate results. Cache files are temporary so there is not much point in scanning them but if they are scanned it can be tedious and time consuming for the scanning software and so it can dramatically increase the scan time.

      I hope that adequately answers all your questions. Feel free to contact me again if you have any more concerns.

  • On October 10, 2015 at 8:23 am, Bill Bostic said:

    Awesome application. Nothing else is remotely close!

    Thank you!

  • On October 9, 2015 at 9:49 am, Nerissa Drury said:

    Hi, I just found out through Google that my website has been hacked. Apparently URL injection. This is added onto the end of my website address /INVICTA/10051027708.html
    Can this software clean this kind of hacking?

    Thanks in advance!

    • On October 9, 2015 at 10:34 am, Anti-Malware Admin said:

      It is hard to detect and differentiate HTML that advertises something you might want on your site from HTML that was put there maliciously that advertises something your don’t want on there. That said, my plugin will detect most PHP threats and vulnerabilities that would let a hacker put stuff like that on your site. It would be best if you delete that INVICTA folder if it was added maliciously and there is no important content in it, but it is also a good idea to run a Complete Scan of your whole site to look for the back-door scripts or other threats that may be exploitable so that that kind of content does not keep getting put on your site. If you have a chronic re-infection problem then you may want to look for a more secure hosting environment.

      I do also offer Super Secure Hosting for $12/month per site, if you want to more your site to a server that does not get hacked ;-)

  • On October 7, 2015 at 5:03 am, Alicia said:

    When I try to update the definitions, I get the following error:

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, webmaster@blog.nrcprograms.org and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    I made a donation under my initial email address and blog a few months ago, but we have since moved to a new sub-domain. I was able to update the definitions last month, so I don’t think that is the problem, but I guess it is still possible. Is there anything else that could be the problem?

    Thank you,

    • On October 7, 2015 at 3:33 pm, Anti-Malware Admin said:

      Your host must be blocking the JavaScript Update. You should try the Automatic Update method, that seems to work fine on any server even if the manual update method fails.

      Let me know how that works for you.

  • On September 18, 2015 at 8:49 am, Mike Blaney said:

    I have installed the plugin on two websites hosted at Bluehost. I have run the scan 20 times on each website over the past few days and every second time the back door script is back and often there are 3 core file changes. I fix them each time, fo to my ftp file manager and delete new directories, but the malware keeps coming back and trying to send emails. Any suggestions?

    • On September 18, 2015 at 1:32 pm, Anti-Malware Admin said:

      You need to find out how these malicious scripts are getting planted on your server. The next time you get hit with these files you need to take a look at the timestamps on these files. There is the modified time, which might be help but can sometimes be forged, there is also a changed time which is surely going to indicate the exact time of the infection. This is the most important info you can get from these files and it needs to be examined and recorded before you make any kind of changes to these files. You can then look in the raw access_log files and cross reference infection times with any unusual activity to see what scripts were called at that exact time. This could indicate where your vulnerability is.

  • On August 23, 2015 at 11:13 am, Luis Castro said:

    Hi, i have several domains on my account. Do i need to donate 29$ in each of them in order to access the full package?

    • On August 24, 2015 at 7:58 pm, Anti-Malware Admin said:

      Nope, one donations will active the full features on all sites registered to that email address.

      • On August 24, 2015 at 8:08 pm, noppadol L said:

        we need to install your plugin all our domain site if we have many domain? and if we have many subdomain.? Thanks.

        • On August 31, 2015 at 6:39 am, Anti-Malware Admin said:

          Scanning the main site may scan the files of the other sites if they are nested inside the directory of the main site. However, the scan works best on a single site and the firewall and brute-force protection is only active on the sites you have the plugin installed on. Therefor, it would be best to install the plugin on each domain. If you have a Multisite installation then you can Network Activate a single copy of the plugin to protect all sites.

  • On July 15, 2015 at 9:56 pm, Pharma Hygiene said:

    Don’t you agree it would be a good idea to update your wp to 4.2.2 for security reason?

    • On August 4, 2015 at 9:24 am, Anti-Malware Admin said:

      If you are on 4.2 or 4.2.1 then you should definitely update to the newest version which is currently 4.2.4, but if you on a older version of WordPress then I don’t necessarily recommend upgrading to 4.2.X automatically. Call me old fashion but I personally like 3.7 and I have just update to the latest security release 3.7.10. I use the tried and true versions that have been around for a while and there are no known security vulnerabilities with 3.7.10 that I am aware of. Whereas, 4.2.X is still fairly new and they keep finding more bugs to fix which make is less stable and potentially less secure, IMHO.

  • On July 12, 2015 at 6:32 am, Ray Rodriguez said:

    Quick question if I want to donate and use the plugin in multiple sites, so i need to donate for each site in order to get the extra benefits?

    • On July 13, 2015 at 9:03 am, Anti-Malware Admin said:

      Currently your donations are applied to your account and all sites/keys registered to the email address associated with that account.

  • On July 8, 2015 at 8:42 am, Larry Launstein Jr said:

    I recently paid the $29 donation to get the extra features of your program, and I have not gotten those updates yet. What do I have to do?

    • On July 8, 2015 at 9:54 am, Anti-Malware Admin said:

      You need to enable the Automatic Update feature to get the Core Files definition update. Once you run the Complete Scan with the Automatic Updates enabled you will have the option to check for Core File Changes.

  • On July 1, 2015 at 7:21 am, Ross Barbieri said:

    Just made a second donation. I gotta say man: you’re awesome – and gotmls is an excellent tool. I’m a developer, so if there is a way I can help you out let me know.

  • On June 27, 2015 at 2:51 pm, Dennis Albert said:

    I am the admin for this website and I cannot log into the back end of my website. The message I keep getting is You have been redirected here from http://www.greenwichneighborsunited.com which is protected against brute-force attacks by GOTMLS.NET & then the #5199346.
    I have refreshed my browser, cleaned all cookines & cache, still cannot get in!
    Please help me to be able to get back into my own website!

    • On June 27, 2015 at 6:27 pm, Anti-Malware Admin said:

      #5199346 is a NO_SESSION error. So your browser in not maintaining a persistent session. I just tested you login page from my browser and I was not redirected so it is not a problem with your server or my plugin. You should check the security settings on your browser to make sure sessions are enabled or try a different browser.

  • On June 24, 2015 at 10:17 pm, Mehedi Hasan said:


  • On June 11, 2015 at 11:50 am, Yogesh said:


    if i donate, then for how many sites can i use that key?

    • On June 11, 2015 at 5:54 pm, Anti-Malware Admin said:

      Each site is registered to it’s own key. You can register as many keys/sites as you want using the same email address so that they are all under the same account that you donated with.

  • On May 28, 2015 at 12:52 am, Pat Ward said:

    Every time I click on “check for definition updates” I get this message

    “No response from server!” why am I getting this message?

    • On May 28, 2015 at 10:45 am, Anti-Malware Admin said:

      There must be something blocking you from checking my server for updates. Check the error console in your browser to see if it will tell you why the update server is blocked. You may need to change the security settings in your browser or try another browser.

  • On May 27, 2015 at 10:51 am, Daniel said:

    Hi Eli,
    On scanning my website the result is 1 known threat, and it highlights the code lines as in the image attached https://dl.dropboxusercontent.com/u/3546925/Threat.jpg . Could you please have a look and tell me if this is indeed a threat as I want to inform the plugin creator to fix but I don’t know how to explain to him ? Thank you.

    • On May 27, 2015 at 11:37 am, Anti-Malware Admin said:

      Thanks for send this info to me. This is actually a false positive. I found the reason for this file being incorrectly identified as a Known Threat and I have released new Definition Update that resolves this issue. Please download the new Definition Update and this file will no longer be flagged as a Known Threat. Thanks again for bringing this to my attention.

  • On May 17, 2015 at 12:23 pm, Toby Drysdale said:

    Love the plugin and have been happy to donate.

    However, I appear to have a problem on a few sites that I’ve installed the plugin on. The full scan starts the process OK but sticks at 0%. I’ve tried running the quick scan and that fails too at between 30% and 54%. Memory is set to 512Mb on all sites. The websites are spread over 2 different servers and a few of the sites scan without a problem. Really stumped as to how to proceed further – I’ve retried the scans and left for several hours – any help/tips would be greatly appreciated :)

    WordPress: 4.2.2
    Plugin: 4.15.21
    Definitions: F5B9Q

    • On May 17, 2015 at 2:46 pm, Anti-Malware Admin said:

      Thanks for reporting this bug. I found that the WP function current_user_can() cannot be called from the admin_init or admin_menu hooks in some versions of WordPress without causing a Fatal error in /wp-includes/capabilities.php. This is because it calls wp_get_current_user() which is found in /wp-includes/pluggable.php but not always included at this point.

      This looks like a major bug in WP and I am not yet sure what versions are affected but I will be submitting a bug report to the WP Core team shortly. For now I have release a patch for this issue in version 4.15.22 that include the needed pluggable.php file before calling current_user_can.

      Please upgrade to version 4.15.22 and confirm that that fixes the issue for you.

  • On May 16, 2015 at 4:42 am, Rahul Sharma said:

    I have just installed your plugin and it is scanning website….however I hosted my wordpress websites on ipage they have send me a list of 1500 + Malware and ask me to fix or remove it in 48 hours from there servers and I have around 20 + websites so will it work for all the website?
    I am worried or else I have to buy another shared hosting who will allow me to host my websites ??? This ipage company is forcing me to buy sitelock which is of no use..I have read so many reviews in the past one week,,,,about sitelock …I have read a lot about your plugin and I am hopefull……

    • On May 16, 2015 at 7:45 am, Anti-Malware Admin said:

      You should be able to clean all your sites with my plugin. I understand they have given you a very tight deadline. If all your sites are structured as sub-