Home

This Plugin was created to help WordPress admins clean infections off their site. It was inspired by my own need to clean up one of my BlueHost accounts after a pretty bad hack (see How It All Started). It is still a work in progress and I want to add many new and exciting features. It is currently being offered completely FREE of charge, though it did take quite a lot of time and hard work to develop, test, and make nice.

This project will continue to need my energy to keep it effectively getting rid of new threats and patching new vulnerabilities. That is why I am asking anyone who can, to please make a donation to keep this project going.

Aloha,
Eli Scheetz

Testimonials

  • Fantastic plugin and support service. Well worth donating to. Thanks for the super fast reply and support Eli!
    -- TaraMacG

617 Comments on "Home"

  • On March 31, 2013 at 6:11 am, Steve Navazio said:

    Hey Eli,

    Thanks for a great plugin,

    Can you tell me how to use your plugin to check all of the WP installs on my server?

    Thanks in advance.

    Best Wishes,
    Steve Navazio

    Reply
    • On April 1, 2013 at 11:12 am, Anti-Malware Admin said:

      You can send me the login info for your main site and I will upgrade it to be able to scan the whole server.

      Reply
    • On April 18, 2013 at 10:30 am, Eli Scheetz said:

      Just following up. How did the scanning go on all those sites? I looked like it would take quite a while to scan all those files but did it work ok?

      Thanks for the donation too.

      Reply
  • On March 31, 2013 at 4:11 am, Susan said:

    I cannot find my key in the settings tab of WordPress. I see your plug in as “activated” but cannot find the key to register.
    thanks in advance for the assistance.

    Reply
    • On March 31, 2013 at 10:24 am, Anti-Malware Admin said:

      Just register from the form on the right hand side of the Anti-Malware Settings page in your admin.

      yoursite.com/wp-admin/admin.php?page=GOTMLS-settings

      Your key is already entered on that page. Just submit it, then go back to your admin and refresh the Anti-Malware Settings page and you can then download the definition updates.

      Reply
  • On March 28, 2013 at 1:56 pm, Roger H. said:

    Great plugin and it takes care of most of my issues but I’m still getting the malware alert on http://sitecheck.sucuri.net after running your plugin and cleaning everything it finds up.

    any help would be appreciated..

    Roger

    Reply
    • On March 30, 2013 at 4:31 pm, Anti-Malware Admin said:

      I think you are actually clean. If you look at the details of that “malware” that sucuri is finding on cheflou.com you will see that it is just an iframe in the footer that is supposed to load some content from your site (hawksviralmarketing.com). Is that not something you have engineered? (It doesn’t show anything anyway).

      I’m guessing this is just a false positive from sucuri.net

      If you do need to remove it, the code is in the Theme’s footer.php file, and the iframe content is loaded from the wp_options with the option_name of either ‘revchurch_abcode’ or ‘revchurch_subtit’.

      Reply
  • On March 25, 2013 at 12:52 pm, Xochi said:

    Greetings Eli,

    I have reinstalled WP to the latest version. Gotten rid of all plugins, and then fresh installed only one that I use. Anti-malware says there are not problems but when I asked for review from Google, I still get a message that there is a script embedded.
    URLs Type Last checked
    http://www.dobbinsfamily.net/?cat=4 Code Injection 3/25/13
    http://www.dobbinsfamily.net/?cat=5 Code Injection 3/5/13
    Please advise.
    Xochi

    Reply
    • On March 25, 2013 at 1:11 pm, Anti-Malware Admin said:

      I just look at that URL and saw that there is actually still some malware in the header. I have added this threat to my definition so that it can also be automatically repaired.

      Please try and download the new definitions and run the scan again. It should then be able to remove this new threat. After that you can request another review of your site in Webmaster Tools.

      Reply
  • On March 21, 2013 at 9:33 pm, Rolf Joho said:

    Hi Eli,

    I like your plugin, but I have one question: How can I find out which “Another Plugin or Theme is using ‘nxs_ogtgCallback’ to hadle output buffers” so I can it disabling?

    Thanks for you help.
    Rolf

    Reply
  • On March 19, 2013 at 7:19 am, Cameron said:

    Hey, I have a nasty bit of malware which Sucuri defines as MW:SPAM:SEO. I found an old post where you resolve this issue for a user and I’m just wondering if your scanner can get rid of it yet?

    If not, would you like to take a look inside my website to see what wonders you can find?

    I would like to give you a donation if you can help me out.

    Reply
  • On March 15, 2013 at 9:40 pm, Patrik Fältström said:

    I have three questions that I can not find answers for on your site…maybe my click skills fails me…

    1. Do the plugin scan the content of the database?

    2. Do the plugin handle multisite setup (where for example each blog have one wp_post table each)?

    3. I see in the comments you have noticed a person that have issues with things similar to pharma drive by issues where for example google bots get different results (with the scam) while others do not. Have you included checks for such things (yet)?

    Regards, Patrik

    Reply
    • On March 16, 2013 at 9:23 am, Anti-Malware Admin said:

      My plugin does not scan the database yet but it could be made to do so. It specialises in finding and removing malicious CODE from the files on the server (single site, multisite, even non-WordPress sites). Because my plugin scans UN-compiled code from the back-end it does not need to detect the user-agent specific code designed for crawlers like googlebot. I have seen my plugin detect malicious code when other scanners (like sucuri) fail to detect anything on the front-end of the site. I can also detect back-doors and security holes that cannot be found by crawling the indexed pages of the site from the outside.

      Of course nothing is going to protect you 100% from any attack. My plugin takes an approach unlike other security plugins and it has proven to be a very useful tool for getting/staying clean. I will continue to support it and improve it to keep it up to speed with the newest threats and security holes as they are discovered.

      Reply
  • On March 3, 2013 at 11:15 pm, Stefaan Pauwels said:

    Just donated, plugin works amazingly well: got rid of all the malware when other plugins and my own attempts only weeded out a portion of the problems. Got unblocked by Google within 48 hours of running the scan and automated fixes.

    Annoyingly, Google keeps giving the old (malware-infected) results, though: as you can see here: http://knotoryus.com/knot.png. Any idea of this goes away by itself or do I need to take further action?

    Thanks again for all the help!

    Stefaan
    KNOTORYUS.com

    Reply
    • On March 4, 2013 at 8:36 am, Anti-Malware Admin said:

      Thanks for praise but it looks like you still have a nasty script in there that my plugin didn’t catch yet. It generates that “work from home” content if the REFERER of USER_AGENT is Google. I would like to find this threat and add it to my definitions update.

      If you are willing to give me access to your WP Admin I will find it and remove it for you. You can send your credentials directly to me: eli at gotmls dot net

      Reply
  • On February 25, 2013 at 8:43 am, Jack Yan said:

    Hello Eli,

    It looks like a very nice and neet tool, but when I tried to have it automatically repair, it came back and reported as Failed. I scanned again and the list came up again. Here is the message:

    fixing /home/tnt/public_html/wp-content/themes/custom-community/header.php … Failed!
    fixing /home/tnt/public_html/wp-content/themes/mammoth/header.php … Failed!
    fixing /home/tnt/public_html/wp-content/themes/mantra/header.php … Failed!
    fixing /home/tnt/public_html/wp-content/themes/redbel/header.php … Failed!
    fixing /home/tnt/public_html/wp-content/themes/twentyeleven/header.php … Failed!
    fixing /home/tnt/public_html/wp-content/themes/twentytwelve/header.php … Failed!

    Can you help, please?

    Thank you!

    Jack

    Reply
    • On February 25, 2013 at 12:11 pm, Anti-Malware Admin said:

      That error means that your webserver (apache) does not have write permission on those files. You should be able to set the permissions on those files with an FTP client like Filezilla.

      If you need my help with this I could do it for you but you would need to send your FTP login info to me: eli at gotmls dot net

      Reply
  • On February 20, 2013 at 8:30 am, Lauren J. said:

    Eli, Thank you! I am astonished at your expertise. Incredible. This is better help than I could have ever imagined. I will be donating again soon!

    Reply
  • On February 12, 2013 at 9:12 pm, Linda said:

    Hi There, Happily donated! Need your help please as we have a virus on our wordpress blog and I’m not sure what to do…. It says Infection: HTML:Script-inf
    thanks,
    Linda

    Reply
    • On February 13, 2013 at 7:02 am, Anti-Malware Admin said:

      Thanks for your donation. I would be happy to help you. I can see there is some external javascript being loaded on your site. I will need to login to your WP Admin to find the source of the injection. You can send login credentials directly to me: eli at gotmls dot net

      Reply
  • On February 11, 2013 at 11:37 am, Janet Robinson said:

    Hi, donated hoping you can give me a hand. Found 2 non-wp files that were eval base 64 ridden and trashed them. Hosting had a problem a while back and I think that’s when it happened. Your scan is showing quite a few others that are warnings but I don’t know if they’re legitimate or not. Do you think you could take a look? I’ve been blocking IP addresses for days. Thank you for your plugin – I donated!

    Reply
    • On February 11, 2013 at 11:45 am, Anti-Malware Admin said:

      Thanks for your donation. I’d be happy to look at it for you.

      You can send me your WP Admin login credentials: eli at gotmls dot net

      or you can just send me an screenshot and I’ll tell you what I can if you don’t want to give out your credentials.

      Reply
  • On February 9, 2013 at 2:37 pm, Marcio Soares said:

    Hello Eli
    Excellent Plugin.
    I did a scan and it occurred to me: http://pastebin.com/WXiaEfX6
    Should I be concerned?
    I do not know how to proceed.
    What should I do?
    Thank you.

    Reply
    • On February 9, 2013 at 4:58 pm, Anti-Malware Admin said:

      Most of that looks ok and your site does not seem to be infected. The only files in that list that I don’t know about are the one in “phplist”.

      I wouldn’t be concerned unless you have any specific symptoms.

      Reply
  • On February 9, 2013 at 9:18 am, kunal pandey said:

    Hello I do want to use your plugin.
    But the problem is my client site is not running at all it is not even allow me to open the admin panel in this case can you please let me know how can i cleaned up my client site i need to done it asap.

    Please send me suggestion.

    Thanks

    Reply
    • On February 9, 2013 at 9:51 am, Anti-Malware Admin said:

      I can see that your server is sending a 500 error on every page. I can help you get your site working again and install and run my Anti-Malware plugin but I will need to start by fixing the login page.

      I need FTP access to to get started and I may need cpanel access to view the log files too.

      You can email me directly: eli at gotmls dot net

      Reply
  • On February 4, 2013 at 8:00 am, Warren said:

    Hi Eli
    So we updated the definitions and your plugin found the problems and cleared them immediately. Our exchange rate is a bit of a bastard, but you had better believe I will be back at the end of the month to donate. This is the single most useful plugin I’ve come across. Really lovely. Thanks so much.

    Warren

    Reply
  • On January 21, 2013 at 11:48 am, Steven H said:

    I am constantly amazed at the level of customer service that Eli provides for his plug-in. I have used his product on (3) separate wordpress sites, and cannot recommend it enough. Many thanks, Eli, for always being there to shrink my headaches away! Just made a donation – please keep it up!

    Reply
  • On January 18, 2013 at 8:04 am, CW said:

    Hello AMA

    I waited an hour for email to arrive but no joy? So tried to re-register but got “already registered” error message. Still nothing arrived. Shall i start from scratch?

    (no not in spam – yes – email address correct)

    Thanks

    Reply
    • On January 18, 2013 at 8:12 am, Anti-Malware Admin said:

      I’m not sure why you didn’t get it, it was in my Sent Folder. I just forwarded it to you again. Let me know if you still don’t get it.

      Reply
  • On January 14, 2013 at 3:26 pm, Greg Roth said:

    This plug in is outstanding. FIVE STARS! I made a small donation and will make more in the future. It is well worth the cost. In the 4 years that I have used WP, this may be one of the most valuable and essential plugins that I have installed.

    My site is a music news e-zine that is recognized on Google and Bing News. We cover local, national and global artists. We have readers all over the globe. If our site is down because of malware it damages our brand and reputation. In addition it denies fans coverage of some very talented music artists who work very hard practicing their craft.

    Nice to know that those of us that have had Malware issues have an ally and support in this area! Thank you, Thank you! Thank you Eli!

    I will share the link to your plug in with some of my peers!

    Greg Roth
    Founder / Chief Contributor – Seattlemusicinsider.com

    Reply
  • On January 5, 2013 at 8:59 am, Steven H said:

    Thank you so much Eli for not only creating this plugin….but also your diligence to go beyond the call of duty to find a new hidden definition. I’ll definitely be adding this to other wordpress sites and checking in regularly.

    Reply
  • On November 10, 2012 at 6:03 am, Jeff said:

    Hey Eli, just dropped by to make my monthly donation. Your plugin is so valuable to me on a month in / month out basis that it seemed only fair to make monthly donations for covering my back.

    Can’t wait for this plugin to run automatically.

    Mahalo

    Jeff

    Reply
    • On November 10, 2012 at 7:13 am, Anti-Malware Admin said:

      Thanks again!

      I have Cron Jobs on my ToDo list. First I need to get it to run independent of WordPress, so it can scan even when WordPress is not working.

      I should have that automatic scan feature ready for testing by the end of the month. Would you be interested in BETA testing?

      Reply
  • On November 2, 2012 at 2:05 pm, Tommi said:

    Eli, Get these Fresh Comments on Top, We just made another $50.00 Donation and will make another $50.00 donation in 3 – 5 days.

    This expanded protection is critical, and you have been a blessing.

    I hope people realize the time and effort you have put in and learn to appreciate its value with contributions

    Reply
  • On October 21, 2012 at 5:48 am, Edward said:

    Great work Eli,

    This is now a standard plugin for all sites, wouldn’t be without it.
    We look forward to your continued malware protection, detection and removal advancements. Keep it up!

    Reply
  • On October 19, 2012 at 1:14 am, Tony said:

    Hi, i’m infected with Pharma Hack… Just got into a lot of blogs and howtos…. Here is the thing: I was infected using wordpress 3.4.1… Just updated to 3.4.2 and all things got right again…… I’m kinda reinfected… But i can’t find any infected file using find|grep|etc… I can’t find anything in the database tables too… It’s just affecting my rss, rss2, atom feeds…. Don’t know what to do anymore…

    I try to use your plugin to see if it could help me find anything, but, no….

    Do you have any idea what could i do??? without having to reinstall all the site… because my site is kinda heavy modified by hand in various files…

    If you want to see my files and database, send me an email….

    Thanks

    Reply
    • On October 19, 2012 at 7:24 am, Anti-Malware Admin said:

      I’m happy to help you with this infection and I’m sure we can get it cleaned up.

      The first thing I see is that it doesn’t appear that you have registered my plugin on your site yet. You should do this first and then download the latest Definition Update from the Scan Setting page in your WP Admin.

      Then you can run a Complete Scan to see if it finds any “Known Threats”. If you need any help with any of this just let me know what I can do.

      Reply
  • On October 17, 2012 at 6:53 am, Tessa Tuates said:

    Found 20 Potential Threats. How will I remove this threats?

    Reply
  • On October 15, 2012 at 1:32 pm, Edward said:

    why is the scan omitting the htaccess files

    Found 0 .htaccess Threats 250 Skipped Files

    Reply
    • On October 15, 2012 at 1:43 pm, Anti-Malware Admin said:

      My guess is that the files it skipped were not .htaccess files at all. If you click on “250 Skipped Files” it will show you a list of the files that were skipped.

      If you have any more questions please don’t hesitate to ask. It might help to send me a screenshot too.

      Reply
  • On October 13, 2012 at 3:39 am, Archie Lopez said:

    how to remove / repair the “eval” potential threats? at JS

    thank you!

    Reply
    • On October 13, 2012 at 7:20 am, Anti-Malware Admin said:

      “Potential Threats” are usually ok and should not be removed. They are there just to help you find possible exploits when you cannot get your site completely clean. When I find new Threats I add them to my definitions of “Known Threats”.

      See my FAQs

      Reply
  • On October 10, 2012 at 12:41 am, lee bennett said:

    Ive been running your plugin for a few months now and its cleaned up lots of my site’s.
    this morning a couple of my sites have been blacklisted by google for a malware .
    the plugin says its clean .the infected files are all java script exploits ,because im on shared hosting its infected about 12 sites.
    I dont know if your plugin could be updated to include this but it would be great if it could .
    here are the details:
    http://labs.sucuri.net/db/malware/mwjs-iframe-injected515?v4

    Reply
    • On October 10, 2012 at 7:00 am, Anti-Malware Admin said:

      If you want to send WordPress Admin credentials to my email (wordpress at ieonly dot com) then I can get my plugin on that site to scan all the site at once. I will also look Through the “Potential Threats” to see if there are any malicious scripts that are not being identified correctly.

      Reply
  • On October 7, 2012 at 1:51 am, Jeff said:

    Eli, I just love the “quick scan” feature.

    Thank you for your continue efforts. You are a rare breed.

    Jeff

    Reply
    • On October 7, 2012 at 9:09 am, Anti-Malware Admin said:

      Thanks, There’s more to come. I’m working on a white-list feature now that should be ready by the end of the month. This will eliminate a lot of the benign scripts from coming up in the “Potential Treats” section.

      Reply
  • On September 21, 2012 at 8:38 am, Review Crew said:

    Just wanted to stop by and let people know Eli is the real deal. I own and operate Reviewboard Magazine (Reviewboard.com) and we are in a weird spot in the food chain when it comes to product reviews. Because we do reviews on just about everything consumer related we fall into the mainstream consumer publication category of which we are actually the 2nd most popular in the United States. Go figure. We ended up getting a web STD and google crippled our website by putting up the malware stop page and listing our website as a malware site. Our advertising was stopped (Adsense) and things came to a crashing halt.

    NO ONE knew how to fix this situation properly and we tried. I posted here and ELI responded within a few hours. I trusted him and gave him admin access to our website and he did not disappoint. This man is a saint. He fixed the issue I was having with his plugin, he removed all the malware issues, and we were able to submit a request for review with google… it was successful and we are now back in action.

    Without Eli we would have had to rebuild our web server VMs, our database VMs and cut, copy and paste every article we had to make sure we didn’t have any malware. This would have taken a month and hurt us badly. I can’t tell you how grateful I am to Eli and his plugin. We are forever in his debt. If you haven’t donated for this plugin, you should really go do that now. His time is worth every cent, and we will be donating regularly to help his efforts here.

    Reply
    • On September 21, 2012 at 8:55 am, Anti-Malware Admin said:

      Wow, what a great review, thanks a lot!

      Donations feed my family but this stuff feeds my soul (or maybe my ego) ;-) but it really feels good to know how much I am helping people, Thanks!

      Reply
  • On September 20, 2012 at 9:32 pm, Kamal said:

    Can you explain what is this?
    Your great plugin found this as a critical issue(vulnerability) I am just a basic WP user, so i have no idea what these codes are. I automatically fixed the issue using your plugin but these codes are same in look as it was before Using your plugin. I am using a Theme where i found this issue

    here is the path /public_html/wp-content/themes/nobeliumful/library/prelude.php
    please advice!

    Here is the codes

    Reply
    • On September 20, 2012 at 9:41 pm, Anti-Malware Admin said:

      The codes you are trying to post will not come through on a comment.

      The easiest way for me to help you is if you can send me admin credentials for you WordPress site to my email address.

      It may take 10-12 hours for me to get to it at this point.

      Reply
      • On September 20, 2012 at 9:54 pm, Kamal said:

        Thank You so much for a quick reply.
        I have jus uploaded a snapshot of the codes there.

        The image is not in its best resolution but it is enough for you to understand the problem/issue

        I really appreciate your help and support. Millions of Thanks

        here is the link
        http://ifovr.com/wp-content/uploads/2012/09/knownissue1.gif

        Reply
        • On September 21, 2012 at 7:32 am, Anti-Malware Admin said:

          I see this is a file that has already been cleaned by my plugin. Although this line of code is very cryptic and was, no doubt, a setup for malicious injection, it is missing the eval() statement at the end that would have executed this code, so it is now harmless. It’s like a bee without it’s stinger or a gun without bullets.

          I wrote this plugin to automatically remove the threats from any file without damaging the remaining code in that file. Sometimes this leads to leftover garbage in the code that is not pretty but, by itself, is not dangerous. Since there is nothing left, in this particular file of any worth, you can delete the files if you want to.

          Please let me know if you have any other question or any other files you want me to look at.

          Reply
  • On September 19, 2012 at 7:23 am, Vanessa Roberts said:

    I have never, in all my experience on the internet, found a developer so dedicated and so helpful as Eli Scheetz.

    The service that accompanies the use of this plug in is unparalleled.

    I literally can not recommend his plug in enough.

    More than worthy of any donation you can make.

    My highest praise

    Reply
  • On September 14, 2012 at 11:02 am, Jeff said:

    Cleaned up a bunch of my sites and Eli goes well past the extra mile.

    More than glad to donate

    Reply
  • On September 11, 2012 at 5:13 pm, SB Beauty said:

    Hello

    After scanning I do not have any option to remove the malware.
    I already made my Donation.

    Thanks

    Reply
    • On September 11, 2012 at 5:25 pm, Anti-Malware Admin said:

      Thanks for the donation.

      I hope you have already read the FAQ about “Potential Threats”. If so, and you have some “Known Threats” (in red), then you could send me a screenshot of the scan results or an admin login to your site and I’ll take a look at it for you.

      Reply
  • On September 9, 2012 at 4:05 am, Jeff said:

    This plugin is a lifesaver for me….glad to donate. The donation is far less than the time and money I would spend to deal with malware myself.

    Thanks much

    Reply
  • On August 28, 2012 at 12:41 pm, Kamal said:

    Hello there. I need your help

    When I tried to run your plugin on my wp 3.4.1 multisite

    i got this error while scanning all plugins folders

    Warning: preg_match_all() [function.preg-match-all]: Compilation failed: missing ) at offset 66 in /home/mydominname/public_html/wp-content/plugins/gotmls/index.php on line 78

    Please help!

    Its not Network Activated

    Your plugin is activated on the main(root) site

    Thanks in advance

    Reply
    • On August 28, 2012 at 2:32 pm, Anti-Malware Admin said:

      Thank you for reporting this bug. I have released a new definition update that fixes this issue. Just click the “Download new definitions!” button in the admin and it should work correctly after that.

      Reply
  • On August 17, 2012 at 2:15 pm, Gianfranco said:

    H! guys I just wanted say thank you so much for this amazing plugin. I was opening all my files and doing a search and replace… That worked sometimes but other times will totally destroy the site and template. I like that you added the option to revert the changes. This plug just gets better by the day. I just wanted to drop by and tell you that I will donate as soon as I get all my websites back and running. I will add all my websites and give you a good donation.

    I also made a video for those who have issues login in the admin because of malware. This will help you access the admin and also help you get all your files back up and running.

    If you go to YouTube and type Google Malware warning you will find my 4 part video on how to. https://www.youtube.com/watch?v=GMABgT2Dnas

    Again thank you for the effort and time put into the plugin. Its well appreciated.

    Reply
  • On August 12, 2012 at 6:16 am, Howard Berry said:

    Hi, have been using your plugin to clear the problem but it just returns within minutes so trying to find the back door. base64 decode is stated to be a problem but this is in your plugin. Should it be or do i need to delete this,

    Reply
    • On August 17, 2012 at 8:18 am, Anti-Malware Admin said:

      I updated definitions and expanded the search range on the site you gave me access to. It now searches starting in the public_html directory and finds the new threats that were previously undetected. I took the liberty of removing all the threats that were found within all sites in the public_html folder. Please let me know if your infection returns again. I am happy to continue working on this until you are completely clean.

      Reply
  • On August 3, 2012 at 1:47 pm, Kamal said:

    I just sirted it . I just saw an option there to scan only the THEME folder. Thanks once again.

    Reply
    • On August 4, 2012 at 6:39 am, Anti-Malware Admin said:

      Thanks, I’m glad you found it. I’m posting this answer here anyway so that others can find it too if they have the same questions.

      To scan just the Theme folder just click on the linked option “wp-content” under “Scan What:” and check the box by “themes”. This specialized scan setting does not save, so after the scan is performed it returns to the option to scan the whole wp-content folder.

      Also, I would be interested to hear why you would want to scan only the themes folder. If you want to tell me more you can email me directly at registrations at gotmls dot net.

      Reply
  • On August 3, 2012 at 1:40 pm, Kamal said:

    What a great plugin.!!

    I just want a help. Is there any way to SCAN only the THEME folder in /wp-content/themes ??

    Please advice.

    Regards

    Reply
  • On August 1, 2012 at 10:31 pm, daniel preece said:

    will donate tomorrow

    thxs danny

    Reply
  • On August 1, 2012 at 10:43 am, TrinityCross said:

    Hello there,

    Your plugin is a fantastic piece of work and really saves me alot of time trying to locate all these viruses people like to put on your website. While your plugin works well and keeps fixing the problem. The hacker keeps being able to change a line in the /wp-config.php file.

    Could I suggest that that you potentially make the plugin fix problems automatically without having to keep pressing auto repair. Because it consumes alot of your time when you keep getting the same problem every other day and then having to sign in to do the same process over and over again.

    Maybe allowing users to have the plugin (option) to fix the problem automatically without having to constantly approve it. If a potential problem arises, you can do the same as you currently do with the plugin which is revert to the previous settings.

    Reply
    • On August 1, 2012 at 11:08 am, Anti-Malware Admin said:

      Thanks you for the complement and the suggestion. I have that idea already on my To-Do-List. I am wanting to add some kind of cron job to run automated scans and email the results to the admin. Right now I am working on making the scan process more robust. If I have enough time and some good donations I should be able to work that feature in by the end of the month though.

      However, a better answer to your problem would be to stop the attacks. If you are removing all the threats and they are coming back the next day I would suspect that we have overlooked a vulnerability on your site. I would love have the opportunity to investigate why you continue to get re-hacked. If you want me to look at it for you just email directly (I will need your WP admin credentials and FTP access would help to).

      Reply
    • On September 22, 2013 at 7:09 am, marfu said:

      the scan can’t run completely, stuck in 33% and the the scree send error message like this
      Content Encoding Error

      The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.

      Reply
      • On September 22, 2013 at 8:52 am, Anti-Malware Admin said:

        Have you tried the Complete Scan or just the Quick Scan?

        If you still can’t get it to work you can give me you WP Admin login and I’ll get in there and figure out what’s causing that error.

        Reply
  • On July 24, 2012 at 7:20 am, Rich said:

    Great Plugin… Been using it for a little bit and will donate in a few.. The only problem is I get the wordpress sites clean, however days or sometimes hours later they are re-infected.. What else can I do to get them clean and prevent re-infection?

    Thanks!

    Reply
    • On July 24, 2012 at 10:15 am, Anti-Malware Admin said:

      It sounds like my plugin is doing a good job of removing the malicous scripts that it finds :-) but it doesn’t seem to be finding the vulnerability in your WordPress site that is allowing you to get hacked :-(

      I would love to take a closer look at it for you. If I can track down the source of the infection then I can add it to my definition file so that everyone who uses my plugin will benefit.

      Reply
  • On July 23, 2012 at 5:05 pm, Admin Lotto said:

    Hi there, i give it a try on my infected website, it is work good, even when i try to hide it, this plugin still found it. now my question is, if i want to register multiple website with one account, how much the donation should be, and is it once registration and lifetime update? please advise. thank you

    Reply
    • On July 23, 2012 at 6:32 pm, Anti-Malware Admin said:

      Thanks for the complement. I am glad to hear that it worked well for you. As for how much to donate, I have not firmed that up yet, but my general thinking at this time is $10 per site (depending on your ability to pay and the number of sites you have). This is of course still completely up to you how much you give but thanks for asking.

      Reply
  • On July 16, 2012 at 12:06 pm, Rodrigo Muniz said:

    Hope you down aprove this comment, at least not until you can fix the XSS hole. The plugin has a security hole, see details:

    At index.php find the occurrence of “$_SERVER['REQUEST_URI']”
    This XSS vulnerability is exploitable, because input is not checked for html characters. To fix it we need to replace it with
    htmlspecialchars( $_SERVER['REQUEST_URI'] , ENT_QUOTES )

    Cheers from Brazil

    Reply
    • On July 20, 2012 at 10:57 am, Anti-Malware Admin said:

      This “hole” is fixed in my latest release. It was only exploitable by an WP Admin level user anyway, but I fixed it so that it would not show up as a vulnerability.

      Thanks for the heads-up!

      Reply
  • On June 7, 2012 at 9:04 pm, Fall Interacom said:

    Great plugin. and have made a donation. this plugin can be a premium plugin with some costs because solves a lot of hacker attacks issues.

    Reply
    • On June 7, 2012 at 10:39 pm, Anti-Malware Admin said:

      Thanks. The more donations I get, the more time I spend making this plugin even better. I know I could make more money if I charge for this but then I wouldn’t help as many people. I always feel good when someone voluntarily pays like you did. Thanks for your support and tell your friends.

      Reply
  • On May 30, 2012 at 4:06 am, twintea said:

    Hello ,

    Just installed your Plugin and it did a thorough scan ..lots of yellows ; am sure most of them are legit files , no problem but the bottom line is felt relieved! Now I have a scan to alert real threats and it’s really simple to use yet compact and essential ! Thanks a lot for your hard work !

    Reply
  • On April 18, 2012 at 2:17 pm, mariusz wroblewski said:

    hello, the scanner is working but I can not see anywhere the “Repair”

    Reply
    • On April 20, 2012 at 2:25 am, Anti-Malware Admin said:

      Thanks. You can only Repair “Known Threats” highlighted in RED. The “Potential Threats” in YELLOW are usually not malicious but you should still check them and if you can identify any malicious code you can send it to me and I’ll add it to the definitions as a “Known Threats”.

      Reply
      • On January 30, 2013 at 3:13 am, Flash Buddy said:

        Those ‘Yellow’ threats are for the large part javascript files. Suggest:

        Scanned to determine if iframe or reditects are in the header of footer.
        Compare file size with known good copy.

        Reply
  • On April 13, 2012 at 3:53 am, Vjatsheslav said:

    Hey,

    There should be possibility to register multiple sites with one e-mail address. I have many websites, and I don’t want to open that many e-mail addresses. I got the same malware again, someone removed the plugin and installed the script again. Does it mean the virus is on a server, or it’s simply someone hacked my password?

    Thanks.

    Reply
    • On April 20, 2012 at 2:45 am, Anti-Malware Admin said:

      Thanks for the suggestion. I am working on the feature now to allow multiple keys to be registered under one email account and user.

      If you are getting re-infected it may be that your site still has a vulnerability that continues to be exploited or, if you are on a shared host, it could be another site on the same server is infecting your site.

      I can upgrade your registration to include a higher level directory. This may allow you to scan multiple sites on your server from one admin account. If you would like to try this please email your request to registrations at gotmls.net

      Reply
  • On April 12, 2012 at 2:56 am, caporuscio tommaso said:

    Grazie per il vostro supporto prodotto ottimo.

    Reply
  • On April 3, 2012 at 8:28 am, John Pentony said:

    Just donated moments ago. Great tool. Got my server compromised weeks ago, and heard this program can prevent much of that.

    Thanks!

    Reply
  • On August 18, 2019 at 6:57 pm, hiideals said:

    Hi Eli,

    I have made the donation and again thank you for the plugin. I will keep paying you as I increase my websites.

    Reply

Leave a Reply to Greg Roth Cancel reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>