This Plugin was created to help WordPress admins clean infections off their site. It was inspired by my own need to clean up one of my BlueHost accounts after a pretty bad hack (see How It All Started). It is still a work in progress and I want to add many new and exciting features. It is currently being offered completely FREE of charge, though it did take quite a lot of time and hard work to develop, test, and make nice.

This project will continue to need my energy to keep it effectively getting rid of new threats and patching new vulnerabilities. That is why I am asking anyone who can, to please make a donation to keep this project going.

Eli Scheetz


  • Great plugin! Just donated $29. Keep working it !! Great plugin !!!
    -- Kostas

614 Comments on "Home"

  • On March 12, 2018 at 10:41 am, قالب وردپرس said:

    Thanks for your suppor

  • On March 6, 2018 at 4:39 am, Christophe said:

    Dear Eli,
    your plugin is so fantastic i found it stupid not to have a french translation to enlarge your audience.

    I have translated the readme (stable) and dev (stable + trunk) branch. Contact me if you need more or if you have any questions.

    • On March 6, 2018 at 5:27 pm, Anti-Malware Admin said:

      Wow, Thanks!!!
      I downloaded the fr.po file from wordpress.org and I’ll have it added to my next plugin release ;-)

  • On January 20, 2018 at 1:35 pm, Copper said:


    Thank you for your time. I installed and ran the program. It only found potential threats. But I ran on Sucuri again and it shows that there is Malware. Not sure what to do. Any advice much appreciated.


  • On January 16, 2018 at 10:16 am, Rogerio said:

    Hi there,

    First of all, congratulations on your fantastic work!

    Regarding Multisite installation, I was wondering what would be the best practice and hope you may elucidate that for me.

    Let’s say that my primary domain is MyDomain.com and at this multisite structure I only have several sub-directories such as: MyDomain.com/site1, MyDomain.com/site2, MyDomain.com/site3 and so on, with no other different domain on it. What would be the best choice from the bellow options?

    1) Let’s suppose that I install the plugin but leave it active only at my primary domain. Once I scan it, will it scan every other site (subdirectory) on my network? Will the sub-directories be protected against brute force attacks at their specific WP Admin Login pages? In other words, with a single installation at the primary domain with the proper setup of the Sacn Settings and often looking for New Definition Updates to keep it updated, will all my sub-directories be protected as well?

    2) If I install it at the primary domain and activate it through the entire network but I only setup the proper Sacn Settings and regular look for New Definition Updates at the primary domain, would work better than the first choice above? I mean, in this case will the scan go through every subdirectory and all login pages be safer against brute force attacks than the first option, but still easy to manage it through the scan setting and regular updates on the primary domain?

    3) Or neither one of the choices above would be the best practice and the proper approach would be install and activate it through the entire network (with the same email address as I have read in other comments), but setup the Scan Settings individually and look for New Definition Updates very often in each one of the subdirectory WP admin panel?

    I hope I have made it clear ;-) and you could help me out advising the best approach for this particular scenario.

    Thanks a lot for your time and help.

    Have an awesome week!
    Rogerio Barreto

    • On January 17, 2018 at 6:17 pm, Anti-Malware Admin said:

      First, to be clear, multisite installations use the same set of core files for all sites. That is why only the Network Admin can access the setting and run scans. Also, as a Network admin you can run the scan from any site and it will scan the same files.

      Now for the best practices for a multisite installation: after installing the plugin it would be best to Network Activate it from the Network Admin menu. Then you should go to the wp-admin for each of the sites and register the uniquely generated installation key (you can use the same email address for all registrations so that they will all be on the same account). You can also change any settings or firewall options that you would like to on each site.

      You can run the Complete Scan from any site as long as you are a Network Admin.

      • On January 17, 2018 at 7:08 pm, Rogerio said:

        Thanks a lot for the reply with the explanation. I will follow the advise.


      • On January 17, 2018 at 7:23 pm, Rogerio said:

        Just one last doubt. Since the scan may be managed from the main site, what would be the best practice regarding the Download of New Definition Updates. If I check the main website admin panel constantly to keep it up to date and run the scan from there, would I still need to worry about Download the New Definition Updates in very single panel of my Network?

  • On December 6, 2017 at 4:09 am, Colin James said:

    Been using this on most sites I run for a number of years now. Have pretty tight security with iThemes Security Pro and Wordfence Pro. On the odd occasion something slips through and gotmls cleans up the mess. Ran into major problems today on a new site for a client. After panic stations gotmls sorted the problem out.
    A must have piece of kit for every website I build.
    Five stars+

  • On November 28, 2017 at 10:18 pm, Stephane said:


    First, thanks a lot for your plugin.

    I launched a “complete scan” and right now, I just have the following information “Complete Scan of www started 20 hours ago and has not finish” without further indication of how much is actually done and/or how much is remaining to be done. I left the default settings : “Scan Depth -1″ and “skip files with the following extensions…”.

    How long can it take to complete a full scan ?
    Thank you.

    Best regards,

    • On November 29, 2017 at 6:34 pm, Anti-Malware Admin said:

      It sound like the Complete Scan was interrupted before it was able to finish. You have to stay on the scan results page as it runs the Complete Scan and then fix any Known Threats that it finds before you leave that page.

  • On October 30, 2017 at 7:26 pm, scene king said:

    you are moderating and deleting my comments, not very professional

    • On October 31, 2017 at 7:36 am, Anti-Malware Admin said:

      No, I’m not actually. I was just sleeping (most humans do that sometimes). When I woke up this morning and got to work I saw and replied to all your comments. Perhaps you should wait more than 5 hours and 6 minutes before jumping to conclusions like that.

      Anyway, If you are willing to give my plugin another try and send me some screenshots of the results you are getting then I am sure (with a little patience) you will find that my support is very professional (especially when you consider that the both the plugin and my support of the plugin are free).

  • On October 30, 2017 at 7:25 pm, scene king said:

    does not have a way to remove the virus/malware

    skips alot of files

    i removed all exclusions, still skips files

    • On October 31, 2017 at 7:28 am, Anti-Malware Admin said:

      What do you mean that there is no way to remove the malware? Does it find the Malware (there should be an automatic fix button)?

      I just replied to your other questions that you left on the Members page. I tried to update you account to use the core files definitions in the hopes that it would help you but it would appear that you are not using my plugin a ny more. You should try contacting me directly for more help as I don’t feel like you have provided me with enough info to really help you.

  • On October 30, 2017 at 6:27 am, Giovanni said:

    Hi, I tried your plugin but did not find anything. The web site is infected as you can to verify with sucuri. Do I miss something in plugin settings?

    Thank you very much

    • On October 30, 2017 at 7:09 am, Anti-Malware Admin said:

      It looks like the only thing that is still not fixed on your site is that the site Title has been changed to “Hacked By Pak Monster, etc., etc…”. You can change the Title of the site on the General Settings page of your wp-admin or you can check the header.php file under Appearance -> Editor. Please let me know where you find it.

  • On October 28, 2017 at 6:31 pm, Emile said:

    Trying this wonderful tool, so far I love it. Will definitely donate as soon as my cleaning finishes.
    Just a recommendation, on each site I am running it, I have to manually delete .ico from the exclusion list (skip names)
    I am having endless threats shit in form of .ico named like favicon_239e5e.ico, favicon_dec111.ico, favicon_e69c66.ico
    So, maybe ICO don’t have to be in the skip by default.
    anyway, now I deleted ALL the skips and scanning even jpgs :) ))))
    I always wanted to be a carpenter

    • On October 29, 2017 at 7:52 am, Anti-Malware Admin said:

      Thanks! I set the ICO and other image file type to be excluded by default because those file types cannot be executed directly by your server when they are called up in a browser, they are essentially harmless on their own. It take another PHP file with an include statement to invoke the malicious code in an image and so that is what my plugin looks for by default, effectively rendering the code in the image file useless. You can change those defaults as you have done and this will help you with a thorough cleanup but it will also take a long time to scan all the binary image files that are harmless, so it is not recommended by default.

      P.S. I too find a sense of joy and satisfaction in building stuff out of wood ;-)

  • On October 23, 2017 at 4:14 pm, D said:

    Not sure if this is the right forum for this, but I have a question about an error I received when trying to log into my WP dashboard. The error is posted below:

    26934705: NO_JS

    You have been redirected here from [...] which is protected by GOTMLS Anti-Malware

    If you offer any guidance in identifying this error code, I’d appreciate it.

    Great software and thanks for putting together.

    • On October 24, 2017 at 10:04 am, Anti-Malware Admin said:

      This error indicates that the additional security JavaScript that was added to your wp-login page was not working when you tried to login. When I checked your login page I could see tha the code is active and working for me. If you try it again and it’s still not working for then you should check your browser settings for popup blockers and make sure that there are no JavaScript error on the page.

  • On October 18, 2017 at 8:56 pm, Jonathan said:

    thanks for great plugins..!!

  • On October 13, 2017 at 1:33 am, abhi jeet said:

    we use your plugin to remove virus from WordPress but sucuri show Malicious code in our site.

    • On October 13, 2017 at 9:01 am, Anti-Malware Admin said:

      Actually your site is now clean. Sucuri caches their scan results so you were seeing the old problem that had already been fixed by my plugin. At the bottom of their scan results page it said:
      *Cached results from more than 2 days ago. Force a Re-scan to clear the cache.

      So I clicked on the “Force a Re-scan” link and it came back clean.

  • On October 12, 2017 at 8:14 pm, Camo said:

    Got to say buddy, this anti-malware plugin is a gem. Appriciate the efford. Will donate when I got a chance, as a student don’t have much to spare though.

  • On September 14, 2017 at 9:52 am, siraj said:

    Hi, I just installed your plug in and did a quick scan and the result was 19 potential threats. But I can see the button fix the issue. can you help me with it please.

    • On September 15, 2017 at 3:08 pm, Anti-Malware Admin said:

      First you need to register your key and download the latest Definition Updates. Then you can run the Complete Scan and the Automatic Fix button will show up if any Known Threats are found.

  • On August 19, 2017 at 10:04 pm, Bala said:

    my wordpress website is throwing popup and redirecting to some irrelevant links when visiting my website. i think that this is some javascript malware attack. Is my assumption is right..?

    if yes. pls provide some advice…

    with thanks..

    • On August 20, 2017 at 9:13 pm, Anti-Malware Admin said:

      Yes, It’s probably malicious JavaScript output that is invoking this redirect, but the source might be encoded in a PHP script, if so then my plugin should find it. If it’s not in a PHP file or my plugin is not finding it then you could check the content of your pages and posts to see if the JavaScript was inserted there, You could also check for text widgets with JavaScript inserted into them,

      If you can’t find it then you can contact me directly through email for more support.

  • On August 18, 2017 at 8:44 pm, Travis said:

    I have a new client who I’m scanning their server. It has been running for about 14 hours now, but it stopped counting time at 695 minutes. The activity at the top has kept moving, but it says “Re-Scanning …” and the Scanned Files count has not increased.
    They are using 1and1, so I understand why it is painfully slow, but I would like to see some progress.

    What would cause this, and is there a way I can get it to progress?

    • On August 19, 2017 at 3:22 pm, Anti-Malware Admin said:

      It might be stuck in a loop trying to rescan all the folders that it has not gotten to yet. There may be a recursive symlink in the path or there are just too many subdirectories to get through them all before your server is timing out. You can check the error_log files on your server, they may hold some clues as to why the scan is getting stuck. You should also make sure there are no cache files in the path, that can make the scan take way too long and the cache files should be deleted anyway if you think the site might be infected. You could try scanning a smaller amount of file by only selecting certain subdirectories at a time (Click the folder names under “What to scan” and select one at a time per scan).

      You could also consider moving the site to a faster and more secure server ;-)

      • On August 21, 2017 at 9:28 am, Travis said:

        Thank you. I let it run until just now (86 hours) and it got up to 97% complete, but it actually dropped the elapsed time to 521 minutes and the files scanned dropped significantly as well.

        I am doing as you suggested and scanning parts at a time, and I AM a faster and more secure server (beep boop, I’m a bot (j/k)) but this is a new client and I have not sold them on the move yet! :)

        Thanks for a fantastic product!

  • On July 28, 2017 at 3:35 am, james gholson said:

    I hid my wordpress login with wordpress security and get this error message. How do I get help fixing this? Can you help? I am locked out…jg

    Warning: include(/homehdd/ggholson/public_html/wp-content/plugins/gotmls/safe-load/session.php): failed to open stream: No such file or directory in /homehdd/ggholson/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php on line 17

    • On July 28, 2017 at 12:24 pm, Anti-Malware Admin said:

      There seems to be files missing from the installation of the gotmls on your site. You should try deleting the whole gotmls folder in the plugins directory on your site, then you can reinstall and it should work fine.

  • On July 22, 2017 at 1:43 pm, Simon C said:

    The scanner reports a backdoor alert from a sucuri file. This is a new client’s existing website, so I don’t know if he’s ever had a sucuri account. The file sits on the root and starts with sucuri- then a bunch of alphanumerics. Is this anything to be concerned with?

    BTW, I’ve already donated, but not through my account or the plugin. It’s from the same PP email I used to register.

    /* Encoded to avoid that it gets flagged by AV products or even ourselves :) */
    $tempb64 =

    eval( $tempb64

    • On July 22, 2017 at 3:35 pm, Anti-Malware Admin said:

      That code is not part of the sucuri plugin. It looks like something sucuri might have put on there if you hired them to fix your site but I can’t be sure. You can remove that code and it shouldn’t affect the functioning of your site.

  • On June 13, 2017 at 2:38 am, Senkale said:

    I have just used your plugins and it was so amazing . I will soon make my own donation. keep up the good work

  • On May 4, 2017 at 5:35 am, Rob Turner said:


    Seeing maldet hit that is causing sites with gotmls plugin to 500 error:

    {YARA}WebShell_Generic_PHP_5 : /home/victor40/public_html/wp-content/plugins/gotmls/images/index.php => /usr/local/maldetect/quarantine/index.php.1029613727

    I think maldet is quarantining it. Breakign the plugin and the site.

    This is a FYI notification.

    I am enabling using and then disabling the plugin each time I scan now.


    • On May 4, 2017 at 2:54 pm, Anti-Malware Admin said:

      This is a false positive that has already been fixed on both sides. You have an older version of my GOTMLS plugin and/or you have an outdated YARA definition file for maldet.

  • On April 27, 2017 at 9:40 pm, Perth Home Cleaners said:

    Easy to use plugins. I found it very helpful and protective.

  • On April 22, 2017 at 4:28 pm, Jalil Mehar said:

    Great Plugin I am going to donate next month.

  • On March 30, 2017 at 4:36 am, Lohith said:

    Thanks for the awesome plugin. It serves good.

    I am regularly getting attack from malware I am always scanning and deleting them and even now scanning showing everything as fine but still google showing as site may hacked. Any solution for this.

    • On March 30, 2017 at 6:56 am, Anti-Malware Admin said:

      After cleaning your site you need to login to Google Webmaster Tools and Request a Review to get your site off the blacklist so that warning will go away.

  • On March 23, 2017 at 11:38 am, Adel Serag said:

    I just donated for the plugin, but I face a problem that after fixation of the threats either manually or automatically, they come back? and the website is still red assuming unsafe!!

    • On March 23, 2017 at 12:07 pm, Anti-Malware Admin said:

      Thanks for the donation, everything look from my end, I see no infections now. If you run another scan does it find anything now?

  • On March 9, 2017 at 8:39 pm, Tirlok Singh said:

    It’s a great plugin but the issue is that i run the scan and it has removed the malware but after sometime it is again infected. It is malware code can you help me . Do you have any definition for this malware ?

    • On March 10, 2017 at 9:51 am, Anti-Malware Admin said:

      Ha, the hacker messed up on the first injection and the Hex code was not escaped properly, so the first part of that code does not even work as they had intended it to, they got it right the second time though. I have added this new bad hack to my definition updates so it can be completely removed now.

      The bigger issue for you is: How did they inject that malicious code into your site in the first place, and will they try to do it again?
      If your server still have the same vulnerability then you may still be susceptible to reinfection by this threat. Keep in mind that it may not even be your site that is vulnerable but possibly another compromised site on the same server that is spreading the infection to your site. If you are on a shared hosting plan then you should seriously consider changing hosting providers.How many site do you have on this host and do you have any other hosts you could easily move to?

      • On March 14, 2017 at 7:24 am, Roger said:

        I’ve also been infected with this bad hex code injection, lot’s of .php files injected in the server (shared hosting with 42 sites right now). I think i need to step out this shared hosting thing (keeps giving problems). Why do hosters still aprove this?

        • On March 14, 2017 at 2:38 pm, Anti-Malware Admin said:

          The typical shared hosting account is particularly susceptible to cross contamination, witch is what makes it such a target for hacker. I don’t know why the hosting providers don’t protect their clients more except that they usually benefit from the opportunity to up-sell you to one of their “more secure” hosting options, usually at some much greater price. I myself have created a Super Secure Hosting environment that solves this cross contamination issue. It is admittedly more costly than the shared hosting plans from the mega giants, but with my focused on security I have found a way to prevent this cross contamination threat. If you would like to migrate your sites to a new secure host then you can contact me directly and we can work on a hosting solution that meets your needs.

  • On February 10, 2017 at 2:58 pm, Kate said:

    I did a scan with your plugin, then did “fix selected files”, and now…only my homepage exists. Everything else (my blog, my about page, etc) have gone to 404 Not Found Error. (Which is slightly better than the Canadian pharmacy, I guess.)

    • On February 10, 2017 at 9:15 pm, Anti-Malware Admin said:

      Check your .htaccess file in the site root. The hack might have replaced the normal WordPress code, and now that the hack is gone there may not be anything there. You can go to the Permalink Settings in your wp-admin and save the setting on “Plain” and then change it back to “Post name” or whatever it was before, and that should rewrite your .htaccess file for you.

  • On February 3, 2017 at 11:56 am, Sunny said:

    Any fix for the malware MW:JS:GEN2?malware.injection.rfcc2 the scan doesn’t find it, but the sucurti scan is showing 4 infected URLs with MW:JS:GEN2?malware.injection.rfcc2

    • On February 3, 2017 at 3:36 pm, Anti-Malware Admin said:

      Sucuri caches their scan results. See the note at the bottom of their scan results page:
      *Cached results from 48 hrs ago.

      Just click the “Force a Re-scan” link to clear the cache ;-)

  • On January 19, 2017 at 4:08 am, Varun Bansal said:

    How to delete all files from quarantine together? What is the SQL query. Can you please help ?

  • On January 9, 2017 at 7:15 pm, parminder singh said:

    Great plugin, I want to know that is your plugin is same as sitelock.com, as there prices are too high i want to go with your plugin?

    • On January 11, 2017 at 4:06 pm, Anti-Malware Admin said:

      In general I would say that there are all sorts of differences between the great many security programs out there, each one with it’s own strengths and weaknesses and having a wide range of quality and value to offer. I try not to say much about my opinions about other specific security software/providers and I would not like to be compared to Sitelock in any way, but I would have to agree with you that their prices are too high ;-)

      Anyway, the nice thing about my plugin is that you can try it for free and let me know what you think :-D

  • On December 12, 2016 at 12:57 am, Marco L said:

    Hello. I just did a scan. I’ve fix all items.
    After 20 min, I have already found new malware folders and files in themes and root.
    How is it possible? I also did update with $ 14 donation. can you help me?

    • On December 12, 2016 at 10:53 am, Anti-Malware Admin said:

      It is common to be targeted for automated re-infection once your site has been breached. The server may have a root vulnerability or a scheduled task that will cause your site to get reinfected on a regular basis. There may also be many other infected sites on that server that are spreading the infection around and helping to keep this virus alive on that server. Is this a shared hosting account? How many sites tdo you have on this server?

      • On January 23, 2017 at 6:20 pm, Juan R said:

        HI, I have the same problem all my site are infected on Hostgator hosting 4 site total. any recommendations?

        • On January 24, 2017 at 8:59 am, Anti-Malware Admin said:

          It sounds like you need to get your sites off of Hostgator and onto a server where they will not be reinfected any more. I offer Super Secure Hosting for this exact reason and your sites will not get reinfected on my servers.

  • On December 9, 2016 at 7:15 am, Noavard said:

    Thanks for the really useful plugin, a tool that can protect us from very dangerous malwares.

  • On November 1, 2016 at 3:17 pm, Edward Abraham said:

    Long time user, fantastic product. Thank you for putting so much effort into a tool that is free to use. I have donated and will continue to do so as is needed and as I build new sites for clients.

    Thank you again for the hard work and for sharing with the world!!! ALOHA!

  • On October 26, 2016 at 4:55 am, Angela said:

    Hi is there a way to use your software for html website?

    • On October 29, 2016 at 12:53 pm, Anti-Malware Admin said:

      Because it is designed as a plugin for WordPress it cannot currently be run directly on any site without WordPress installed. I have plans for a stand-alone version but it is not finished yet. I the mean time you can either install WordPress on that site of copy the files from that site into a subdirectory on another WordPress site to scan it.

  • On October 21, 2016 at 10:22 am, john said:

    can you fix the error on line 1247 of gotmls/index.php

    die(“\n//Permission Error: User not authenticated!\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() – “.$sess.”000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById(‘offset_id’))\n\t\tform_login.value = GOTMLS_login_offset.getTime() – GOTMLS_login_offset_start;\n\tsetTimeout(set_offset_id, 15673);\n}\nset_offset_id();”);

    • On October 21, 2016 at 11:00 am, Anti-Malware Admin said:

      There is no error on that line or in the code you copied here. However, I did notice that this code on that line was from an older version of my plugin. Please upgrade to the newest version and then, if you are still getting an error, please send me a screenshot of the error you are seeing so that I can find the true source of that error.

  • On October 17, 2016 at 4:01 am, Marathi Calendars said:

    Hello Support team,

    My site marathi-calendar.com redirects to redirectoffers.org and then some type of offers on mobile app.

    What should i do?


    • On October 17, 2016 at 7:51 pm, Anti-Malware Admin said:

      Install my plugin, then register your installation key and download the latest definition updates, then run the complete scan and my plugin can automatically remove any Known Threats it finds.

  • On September 17, 2016 at 6:01 am, Mike said:

    Getting the following message – Quick Scan of html started 12 hours ago and has not finish?

    The full scan timed out after about 10 seconds. I have over 1600 post, bunch of photos etc etc.. Any ideas?

    • On September 17, 2016 at 11:03 am, Anti-Malware Admin said:

      It does not matter how many posts or photos you have, that will not make it take longer. Besides, the problem you are having is not that it’s taking a long time but rather that the scan is not finishing (maybe ever).

      Quick Scans only take a few minutes. If it’s not finished in a few minutes it’s not going to finish.

      As for the Complete Scan, I’m not sure what you mean by “timed out after about 10 seconds”. Can you send me a screenshot of that?

      It ma also help to check the error_log files on your server to see what is actually causing these problems you are having.

    • On November 1, 2016 at 3:13 pm, Edward Abraham said:

      This could also be dependent on you hosting resources. jm2c

  • On September 13, 2016 at 5:11 am, Subesh Gupta said:

    Hi , Just download your plugin. I just found my malware script here. but how to remove it from my website it. Its been affected all of my .php files and published. So google gives me RED warning. Please HELP HELP HELP

    • On September 14, 2016 at 11:56 am, Anti-Malware Admin said:

      Make sure you have the latest definition updates, then you can simply click the Automatic Fix button to remove the malicious code from those files.

      After you have a clean site you will need to “Request a Review” from your Google Webmaster Tools account so that google will remove that warning.

  • On September 3, 2016 at 10:35 am, ano said:

    how can I revoke whitelisted items?

    • On September 3, 2016 at 5:37 pm, Anti-Malware Admin said:

      remove the “GOTMLS_definitions_array” row from the wp-options table and download the latest definition updates again.

      • On June 30, 2018 at 1:24 pm, Matts Norrgard said:

        First of all, thanks for a good plugin!

        My question is where I can find the “wp-options table”.
        Pls advice.

        • On July 1, 2018 at 1:47 pm, Anti-Malware Admin said:

          The wp_options table is in your database. There is no direct DB access built into WordPress so you would need to access the DB through your hosting control panel (or PhpMyAdmin).

  • On August 6, 2016 at 4:07 am, Andreas said:

    I used your plugin for a site that I was told has malware on. found it and removed it. I loved it right from there.

    I would love to install this on all my sites and clients site. is there a volume deal/lic I can buy so I can use

    • On August 8, 2016 at 2:30 pm, Anti-Malware Admin said:

      Just use the same email address when registering all the other sites and they will all be under the same account. Donate as much as you would like on site that is registered to that account and you donation will be reflected on all those sites ;-)

      • On August 10, 2016 at 5:44 am, Andreas Pastor said:

        OK all done. One last question. Is there any plans to have this run automatically and sent out an email if anything is found?

  • On August 4, 2016 at 8:37 am, Tom Thayer said:

    Just donated. Keep up the great work. :)

  • On July 9, 2016 at 4:43 am, kerry banz said:

    I just downloaded your plug. I ran the scan and a threat was identified in Read/Write Errors. There was no repair button with the link it identified when I hover over the link I get a message “failed to read this file! (readable? Eww-r–r-r–]). Since I am a novice at this (or anything that falls under IT/programing), I was wondering if you could let me know what I need to do next.
    My email has been spoofed and I am receiving up to 100 “undeliverable” email messages an hour. I was able to figure out that the spoofer used my shared server to get to me…and yes, I have now been educated on why not to use a shared server (and will be rectifying the issue as soon as I can get the “undeliverable” email notifications to STOP!!

    Thank you,

    • On July 9, 2016 at 9:55 am, Anti-Malware Admin said:

      Read/Write errors, by definition, cannot be fixed automatically. Those are files that my plugin could not read or write to, therefore my plugin cannot fix them for you. It does not mean that those files are malicious but you will need to investigate and fix the permissions manually (with escalated permission because anything running under PHP, like my plugin, will not have the necessary access).

  • On June 23, 2016 at 11:56 am, Darko Zoric said:

    I recommended this plugin to all wordpress admins.. I installed this plugin and find malware scripts in Potential Threats .. My malwares is for sending automatic emails and all scripts is with extension .php … So i suggest you all to open files in Potential Threats and check all.. Again, great plugin, Thanks

    • On June 23, 2016 at 3:59 pm, Anti-Malware Admin said:

      Thanks for great recommendation!

      Also, if you will send me those Potential Threats that you found malicious code in then I can add them to the Known Threats in my next definition update so that they can be automatically removed.

  • On June 23, 2016 at 6:38 am, Primoz Kvaternik said:

    I have a serious problem. I am under constant attack for 2 of my blogs where I have installed your plugin. The point is that today Google blacklisted both of my blogs because of malware… I’ve got the following message “Warning – visiting this website may harm your computer!” and from Google search you simply cannot access these sites.

    I am asking you do you have any solution for that, because as soon as I clean the site using your plugin at once after some time, maybe even hours it is affected again. As Google needs 24 hours to put site back again it will be again affected and it is practically dead.

    • On June 23, 2016 at 7:30 am, Anti-Malware Admin said:

      Your sites are clearly not safe on the server you are current hosting them on. In order to keep them from getting reinfected by this same exploit you may need to move them to a more secure hosting environment. I do offer Super Secure Hosting for situation such as this. You can sign-up for my hosting here if you need a place to host your sites that is safe from these hacks:

  • On June 3, 2016 at 4:12 pm, RK1 said:

    Hi – great plugin. I’m getting this message in the admin window. Can you please tell me what this means?

    “Another Plugin or Theme is using ‘Bot_ContentGenerator::addLinks’ to handle output buffers.
    This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).”

    • On June 8, 2016 at 5:23 pm, Anti-Malware Admin said:

      That message means that there is some code on your site that is invoking an output buffer handler which can alter the content that is displayed on your site. It is difficult to detect exactly where that code is included but my plugin should find it if you run Complete Scan with the latest definition updates installed.

  • On May 31, 2016 at 4:24 am, JK said:

    Question: This plugin is simply great and cleaned up all malicious codes. How do we prevent future attacks from happening? Let me know.


  • On May 6, 2016 at 5:31 am, Kenneth Black ken@socialsaleshq.com said:

    What do we do with Potential threats ? How do we delete these and get rid of these threats ?

    • On May 6, 2016 at 11:47 am, Anti-Malware Admin said:

      As the notice on those results states: Those files are likely not malicious at all. So you don’t need to do anything with them. That’s why my plugin does not automatically fix them. However, if your site is still infected and there are no Known Threats (in red), then you may want to have a professional take a look at those files first to see it the infection might be in those somewhere.

  • On May 3, 2016 at 2:52 am, Panduranga Reddy said:

    Excellent work!

  • On April 28, 2016 at 3:17 am, daniel said:


    I want know if possible run the script in other CMS , Drupal for example or only php web sites.

    Thanks a lot for your hard work !

    • On May 9, 2016 at 1:18 pm, Anti-Malware Admin said:

      I’m sorry but this is only a WordPress plugin at the moment. I am working on a Command-Line version but it is not ready for release yet.

      • On December 22, 2016 at 2:59 pm, Matteo said:

        Great! I wait for the day that it will be ready! Yours is the best anti-malaware that I ever seen in my life, wow! Webservers should use it too, not mcafee for example..

  • On April 27, 2016 at 8:31 am, Brian Dean said:

    So for $29 donation you think your plugin should find and clean SEO Malware as well as HTML: HideMe-l [Trj]?
    These seem to be the two I’m having issues removing.

    Let me know and I’ll pay now.

    • On April 27, 2016 at 1:19 pm, Anti-Malware Admin said:

      My plugin should find and clean all those malware infections if you have the latest definition updates, even if you do not donate. However, if you do donate at the $29+ level then you can use the Automatic Updates to install the Core Files definitions and that should make the scan and fix process faster, more accurate, and more effective overall.

      Please feel free to contact me directly with more specific info about your site and your infection if my plugin is not finding it for you.


Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>