Why should I register?

If you register on GOTMLS.NET you will have access to download definitions of New Threats and added features like automatic removal of “Known Threats” and patches for specific security issues like old versions of timthumb and brute-force attacks on wp-login.php. Otherwise, this plugin only scans for “Potential Threats” on your site, it would then be up to you to identify the good from the bad and remove them accordingly.

How do I patch the Revolution Slider vulnerability?

Easy, if you have installed and activated my this Anti-Malware plugin on your site then it will automatically block attempts to exploit the Revolution Slider vulnerability.

How do I patch the wp-login vulnerability?

The WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. This plugin can apply a patch that will block access to the WordPress Login page whenever this type of attack is detected. Just click the Install Patch button under Brute-force Protection on the Anti-Malware Setting page. For more information on this subject read my blog.

Why can’t I automatically remove the “Potential Threats” in yellow?

Many of these files may use eval and other powerful PHP function for perfectly legitimate reasons and removing that code from the files would likely cripple or even break your site so I have only enabled the Auto remove feature for “Know Threats”.

How do I know if any of the “Potential Threats” are dangerous?

Click on the linked filename to examine it, then click each numbered link above the file content box to highlight the suspicious code. If you cannot tell whether or not the code is malicious just leave it alone or ask someone else to look at it for you. If you find that it is malicious please send me a copy of the file so that I can add it to my definition update as a “Know Threat”, then it can be automatically removed.

What if the scan gets stuck part way through?

First just leave it for a while. If there are a lot of files on your server it could take quite a while and could sometimes appear to not be moving along at all even if it really is working. If it still seems stuck after a while then try running the scan again, be sure you try both the Complete Scan and the Quick scan.

How did I get hacked in the first place?

First, don’t take the attack personally. Lots of hackers routinely run automated script that crawl the internet looking for easy targets. Your site probably got hacked because you are unknowingly an easy target. This might be because you are running an older version of WordPress or have installed a Plugin or Theme with a backdoor or known security vulnerability. However, the most common type of infection I see is cross-contamination. This can happen when your site is on a shared server with other exploitable sites that got infected. In most shared hosting environments it’s possible for hackers to use an one infected site to infect other sites on the same server, sometimes even if the sites are on different accounts.

What can I do to prevent it from happening again?

There is no sure way to protect your site from every kind of hack attempt. That said, don’t be an easy target. Some basic steps should include: hardening your password, keeping all your sites up-to-date, and run regular scans with Anti-Malware software like GOTMLS.NET

Why does sucuri.net or the Google Safe Browsing Diagnostic page still say my site is infected after I have removed the malicious code?

sucuri.net caches their scan results and will not refresh the scan until you click the small link near the bottom of the page that says “Force a Re-scan” to clear the cache. Google also caches your infected pages and usually takes some time before crawling your site again, but you can speed up that process by Requesting a Review in the Malware or Security section of Google Webmaster Tools. It is a good idea to have a Webmaster Tools account for your site anyway as it can provide lots of other helpful information about your site.

How can I report security bugs?

You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. Report a security vulnerability.

236 Comments on "FAQs"

  • On June 22, 2024 at 6:52 am, Alexander S. said:

    Hey, I would like to donate! Do I have to make a donation per website or is one enough for 3 projects? Best regards

    • On June 22, 2024 at 4:04 pm, Anti-Malware Admin said:

      If you registered all three sites under the same email then one donation will work for all three ;-)

  • On March 29, 2024 at 7:27 am, Stu Gotz said:

    Is there a way to have the plugin run automatically every day at midnight, for example? Or is it ONLY run manually?

    • On March 29, 2024 at 3:19 pm, Anti-Malware Admin said:

      At this time there is no way to schedule a scan to run automatically. The Complete Scan currently requires an active connection from your browser to keep the scan process alive. I am working on a new method of scanning that could be scheduled but that will not be ready for a while yet. Once I have this new option available for testing I will let you know though ;-)

  • On February 22, 2024 at 10:08 am, Max said:

    Hello there, I am sure you’ve heard about the recent hack on bricks. Does your plugin clean that? Also, when other sites on the same cpanel are infected as well, can I solve the situation by just using your plugin on all sites?

    • On February 22, 2024 at 10:22 am, Anti-Malware Admin said:

      Yes, I’ve heard, and it isn’t something that needs to be cleaned by any other plugin. The vulnerability in that theme was patched only a few days after discovery and even before it was disclosed to the public, so the only thing you need to do to protect yourself against that exploit is to update the theme to the latest release.

      As for handling infections across multiple site, you should install and run my plugin on all the site on that server (even ones that may not seem to be infected), but know that it a great security risk to have many sites installed under the same account with open access to each other’s files. In this case it is all too easy for an exploit on one site to be used to infect them all, and even harder to get them all clean if they are being used to cross-contaminate each other.

  • On January 7, 2024 at 5:59 am, Joshua Price said:

    I am trying to mass remove/clear the quarantine list? is there any way to remove all

    • On January 7, 2024 at 3:17 pm, Anti-Malware Admin said:

      First, let me say that it is not advisable to delete records from your Quarantine. The Quarantine record contain valuable information about your past infections and the forensic data stored in the quarantine could help a skill professional to discover how your site was hacked in the first place. The quarantine can also make it easier for you to re-clean any of those same files if they were to get reinfected in the future.

      That said, if you still want to delete then all at once and there are a lot more than 200 (which is the maximum number of records that will show up on one page by default) then you can pass the posts_per_page variable in the query_string when you are on the Quarantine page. For example, if you wanted to display 5000 records at a time and thereby enable the deletion of that many at once your URL might look like this: /wp-admin/admin.php?page=GOTMLS_View_Quarantine&posts_per_page=5000

      Keep in mind that the default limit of 2000 was set because it might be hard for your server to select a great many of these records form your database with one query, so you server might not be able to handle 5000 at once. You may need to experiment some to find the best number that your server can handle.

  • On October 19, 2023 at 2:26 am, Tony Furman said:


    I have ran your software and it’s great, found a lot of issues but there are 4 unreadable files and after all the files have been cleaned and quarantined that were known issues, my antivirus is still throwing a red flag for a Trojan JS/Agent.PHC. I’ve been trying to wipe this and get back to square one. I’m not sure where to find it but I believe it resides in on of these files. Any ideas on where to go from here?

    • On October 19, 2023 at 2:55 pm, Anti-Malware Admin said:

      Make sure to delete any cache files on the server that might still be presenting the malware payload even after the malware source code was removed.

      Also, run the Complete Scan again to make sure that everything was removed successfully the first time, and to be sure that the malware hasn’t just come right back from wherever it got in before.

      If you have other sites on the same shared hosting account then you will need to scan all the other sites too. All those sites can share the malware back an forth with each other very easily and no firewall can stop it if it’s already inside your server.

  • On July 31, 2023 at 12:48 pm, Mel said:

    Can I delete the files from the quarantine with

    Delete selected quarantine records

    without the malicious code breaking out?

    Because there is malicious code still not fixed in the quarants, but a new scan finds nothing! However, my site will continue to be infected!

    • On August 4, 2023 at 7:29 am, Anti-Malware Admin said:

      You can delete the Quarantine records but that won’t help and I advise against it. The quarantine is simply a record of the past infections that have already been fixed.

      The malicious code that was found in those files has already been removed from those files. So leaving the quarantine records there will serve as a record of what was once infected but was then fixed. This record can be very helpful to keep in case these same files get reinfected again.

      If your site continues to be reinfected then it is most likely caused by an outside breach (probably the same breach that led to your site being infected the first time). You will need to find that particular security vulnerability and patch it so that your site stops getting reinfected. The Quarantine records can provide invaluable forensic data which can help a security professional pin down the source of the infection, so I strongly advise that you not delete the Quarantine records.

      If you are on a typical shared hosting server then that could be your whole problem. It is far too easy for cross contamination to infect your site when any of the other sites on the same server have been compromised. What hosting plan are you currently on and how many sites do you have?

    • On August 16, 2023 at 6:09 pm, Mel said:

      Okay, thx for the answer. The Plugin is the best malware remover and Scanner !!

  • On March 5, 2023 at 11:15 pm, Miquel said:

    Does the donation activate the premium plugin to multiple websites or just one?
    Thank you

    • On March 6, 2023 at 4:01 am, Anti-Malware Admin said:

      A donation of $29 or more will activate the current premium features on all sites/keys that are registered under the same account/email address.

  • On February 1, 2023 at 5:14 pm, Raaj Menon said:

    Hi there,
    I have one main server that hosts many sites with their own cpanels. How does the donation work? Will it support all the sites I have on the server? If so how would that work? I have a few emails I have used. Do I change the emails in WP so I can register it under this email or can you explain how this will work?

    • On February 2, 2023 at 10:34 am, Anti-Malware Admin said:

      You must register each separate key for each individual site, but if you enter the same email address in the registration form then every site will be registered to the same account. Any donation you make to any site on that account will unlock all the current premium features on every site on that account. If you have already registered some of your sites under other email addresses then you can always click on the key in your wp-admin to re-open the pre-filled registration form and change the email address, then submit that data to re-register that site under the new account.

  • On September 20, 2021 at 12:45 pm, Gregory Dziedzic said:

    Hello, the brute force protection breaks reverse proxy caching such as Varnish. It keeps an active PHP session open, which as a side-effect has all page include this in their headers:
    cache-control: no-store, no-cache, must-revalidate

    So because I want my Varnish cache to work I’ve had to deactivate the brute force protection. Any suggestion?

    • On September 24, 2021 at 4:01 am, Anti-Malware Admin said:

      I know that external caching like Varnish could provoke false positive brute-force attacks if you were caching every page but surely you are not caching the wp-admin paths on your site. Can you help me understand how the session check is overlapping with the cached pages?
      Are you caching the login page, or do you have a login form in the sidebar of some other prominent widget area on every page?

      • On September 24, 2021 at 4:47 am, Gregory Dziedzic said:

        Hello, I’m afraid I’m not knowledgeable enough to answer your question. All I know is the following :
        - my hosting (simple hosting on gandi.com) uses Varnish reverse proxy, with preconfigured settings I guess. Meaning that only unlogged users are served the cached static pages or elements.
        - checking ressource usage of the website, I noticed that the CPU consumption of my instance skyrocketed at some point
        - tech support from gandi.com told me that page headers had “cache-control: no-store, no-cache, must-revalidate” which was keeping them from being cached. To be fair I haven’t tested pages individually, but trusted the results of a “curl -I https://www.mywebsite.com” command.
        - I disabled all plugging, switched to a vanilla theme and emptied all possible caches, but no dice, the no-cache line in the header was still there
        - after some digging on the net, I realized it was linked to the “PHP session opened” error message I had in my WP site health page (as I understand, an open PHP session mandates the no-cache line in the page header)
        - so I looked for a session_start line in the php code of my install
        - I found it I can’t remember where and realized it was linked to the brute force attack protection
        - so I deactivated your brute force attack protection and now all is well
        - I am still using your plugin except for brute force attack protection for which I’m using Wordfence

        Sorry, I realize I haven’t answered your question, so here’s some quick info about the website:
        - twenty seventeen child page
        - wpml all the way (8 languages per page)
        - no jetpack
        - Gutenberg désigne pages
        - a code snippet somewhere for RGPD cookies (you know, the EU thing) – I now feel this could be the culprit
        - otherwise pretty basic

        As I said I disabled all plugins and reverted to basic themes to no avail until I realized that the brute force protection was writing something somewhere.

        I’m not a developper (yet) so there might be some gibberish and misunderstood things in my thought process, but basically everything is alright in my install at the moment and I just wanted to let you know in case my finding makes any sense. :)

        Come to think of it, could be the RGPD code snippets in the footer widgets indeed…

        • On October 24, 2021 at 3:41 am, Anti-Malware Admin said:

          I have just released a new plugin update that should fix this issue for you. Please download the new plugin version 4.20.92 and let me know if you are still having any issues.

          • On October 24, 2021 at 1:22 pm, Gregory Dziedzic said:

            Hi Eli,
            it’s working perfectly now as far as I can tell. I’m impressed by your dedication. Thanks a lot for that.

  • On September 14, 2021 at 7:05 am, Brett said:

    How can I install and activate and run this plugin to cleanup malware if I can’t login to my admin panel on WordPress as it’s being redirected?

    • On September 19, 2021 at 9:39 am, Anti-Malware Admin said:

      Unfortunately you cannot use this or any plugin in WordPress unless you can access the site. You will need to disable or block the redirect script before you can use this plugin to remove the malicious code that is causing this redirect.

  • On August 10, 2021 at 8:03 am, Ro said:

    My hosting has blacklisted my hacked site and I have my own IP whitelisted by them so I can access my WP dashboard. Could you also provide an IP that can be whitelisted by them in order for the scan to work as currently the scans do not work without them authorising access.

    • On August 10, 2021 at 5:32 pm, Anti-Malware Admin said:

      You don’t need to whitelist any IPs of mine as the Complete Scans are always run from your IP. If you have any trouble with the scan then please send me a screenshot so that I can see what it’s doing.

  • On May 19, 2021 at 5:27 am, marcello lemos said:

    virus hack Monit.Php

    já removi todos os arquivos encontrados no wordpresse e no banco de dados e mesmo assim o google ads informa que tem virus em meu site gostária muito de fazer uma doação mais o virus ainda esta em meu site

    • On May 20, 2021 at 6:07 am, Anti-Malware Admin said:

      I’m sorry, I don’t speak Portuguese, but it sounds like you are having an issue with getting Google to approve your ads even after the malware was removed. Unfortunately, this is all too common and it is completely normal for Google to take a long time to finally accept that your site is actually clean. The main problem is that their scanner relies on data that is cached by their indexing bots. These indexes are often old and do not reflect the recent changes to your site. Even after you request a review their initial responses may be made using the information that they have already cached. The best thing to do is to submit a current sitemap to re-index the clean site and then demand that they give you the details of each infected page that they see so that you can check it and confirm that the code they are referring to is actually already gone. Then you can tell them that those URLs are in-fact clean and ask them to refresh their cache indexes of those pages.

  • On March 7, 2021 at 1:38 pm, Nikhil Pampatwar said:

    Hi Eli,
    Thanks for one time cost plugin. It identified 2 files as infected & quarantined, but can’t clean it. I’m getting error as below:
    Fixing \pdhsxdlw.php … Failed: file not writable!
    Fixing \temp.php … Failed: file not writable!

    Please advise, how can I fix it?


    • On March 12, 2021 at 5:50 pm, Anti-Malware Admin said:

      “Failed: file not writable” means that there is some kind of restriction on the server that is preventing the PHP code in my plugin from writing to that file so my plugin is unable to remove the malicious code or make any modifications to that file. It might be a permission issue or maybe those files were put into read-only mode or there could be some other restrictions on all PHP processes to not allow file changes. If you are not sure why those files are not changeable then see if your hosting provider can shed some light on this or help you to make them writable again so that they can be fixed.

  • On February 19, 2021 at 1:56 pm, George Hane said:

    I would like to know how to turn off GOTMLS while in a “Localhost” mode developing my website on a laptop. When I use the Akeeba Kickstart to restore my website to my laptop and I try to log in the back end after the restore, I get the error “14322473: NO_SESSION”. I need to be able to login to the backend to test plugin’s etc.


  • On December 2, 2020 at 1:19 pm, Taylor said:

    Can you help me understand the meaning of this notice I see inside of the plugin at the top?

    Another Plugin or Theme is using 'New Relic auto-RUM' to handle output buffers.
    This prevents actively outputing the buffer on-the-fly and could severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).

    • On December 2, 2020 at 3:16 pm, Anti-Malware Admin said:

      This OB handler is probably installed by some caching plugin, maybe W3TC. You should not have any OB handlers in the wp-admin, IMHO, and certainly not imposed on the admin page for a plugin like mine by some other developer (that’s stepping on someone else’s toes in my book ; – )

      You should probably delete all the cache files before running the Complete Scan anyway to speed up the scan and avoid storing any potential threats in your cached content. You can also try deactivating your caching plugins while the scan is running and then re-activate them after so that they can rebuild clean cache files.

  • On October 16, 2020 at 4:55 am, Site Admin said:


    I donated today via PayPal and received my confirmation of payment but the plugin still shows that I haven’t donated. I am guessing a step got missed somewhere – how do I fix this?


    • On October 16, 2020 at 10:15 am, Anti-Malware Admin said:

      Thank you for your donation. I can see for my end that your donation was assigned to your account so maybe it’s just a caching issue on your end. Try clearing your cache and refreshing the Anti-Malware Settings page in your wp-admin and the donation should then show up on your end too.

  • On September 6, 2020 at 8:50 am, LM said:

    Hello. I have several sites on my public_html folder. I’ve used GOTMLS many times to clean my complete public_html folder but I think the infection has gone to the account folder above public_html. Since I have many sites on the account directory they have all been infected and its basically a cycle. clean, everything works, then infected again even worse. How can I scan other folders above public_html or is there a way to scan a local backup on PC?

    • On September 7, 2020 at 9:23 am, Anti-Malware Admin said:

      Since the plugin can only run within the WordPress architecture you would need to place a WordPress installation into the directory that you want to scan. You could probably also trick your site into believing that you site root is up in the account directory so that you could start the scan there put you would need an intimate understanding of the server’s directory structure and permissions to fool it into working from a false root path.

      This plugin could be run on a local copy of your site if you have PHP and a webs-server installed on the local machine but I would caution you that this poses more of a threat to your local machine then any benefit that you might get from running the scan there. You don’t want to accidentally activate the malicious code on your local backup server and infect more of your local machine and local network.

      It sounds like what you really need is a hosting environment that isolates and secures each site’s filesystem so that you don’t have to deal with all the cross-site contamination. Then you could simply clean each site once and they would all stay clean, except for the site with the vulnerability that allowed this breach in the first place, on that site you would still have to find the breach and seal it up, but at least all your other sites wouldn’t suffer from one site’s weakness.

  • On December 3, 2019 at 1:23 pm, Steve Longo said:

    Since the previous administrator has left the organization, I am unable to register myself with same key that previous admin used, so how do we get it to reset or delete that user?

    • On December 4, 2019 at 7:21 pm, Anti-Malware Admin said:

      Just click on the key on the Anti-Malware Settings page in your wp-admin to open the registration form, then enter your name and email address on that form and click “Register Now!”

  • On November 19, 2019 at 7:17 am, Nadine said:

    Hi Eli,

    Thanks for the nice plugin (and I’m super impressed by your level of support). I ran a scan on my entire user directory, but I clicked away from the page before examining the results. Now I see that the scan has completed, but I can’t figure out how to view the results…

    1. Is there a way to view the *detailed results* of a past scan?

    2. The option to run a scan on my entire user directory has now disappeared — is this something that will reappear after a certain period? Or…?

    3. It would be nice to provide info on what the “Automatically fix…” button does (does it just move the files? does it try to edit out the bad content? …)


    • On November 20, 2019 at 6:43 pm, Anti-Malware Admin said:

      I sorry to say that the scan results will be lost if you leave the page before running the Automatic Fix on the threats that were found. It is designed to by an active scan process with no caching but I am working on more logging and review options, including a scheduled scan which will have the option to view the stored results.

      If you install WordPress into a sub-directly of your main site then you should have the option to scan the web_root, otherwise you can install the plugin on the WordPress site that is installed in the root directory and it will then include all the sub-directories within that root path.

      The Automatic Fix function removes the malicious code from the files, leaving the safe/original contents of the file intact and preserving a record of the malicious code in the Anti-Malware Quarantine.

  • On October 28, 2019 at 7:14 am, Stephen Heaton said:

    Hi, your scan detects over 250 rogue scripts and fixes them which is brilliant. However, a few days later the scripts just re appear. I have made the $29 donation and also registered my key which I can see in my profile of this site. However, on the back end of the site it states I have not donated and that my key is not registered, please help. Steve

    • On October 28, 2019 at 7:24 am, Stephen Heaton said:

      apologies,. I have refreshed the site and can now see my registered key and donation, However, how do i stop the scripts re appearing?

      • On October 29, 2019 at 3:33 pm, Anti-Malware Admin said:

        I’m guessing your having issue with cache, and that’s why you didn’t see the registration on your end until later.

        If this script is still getting repeatedly injected into your database then I would suggest that you change your DB Password and update the wp-config.php file to match the new credentials. Also check for additional users that might have access to this site. If you change all your passwords and still get hit with a new threat after that then you most likely need to move your site to a different, more secure hosting provider.

  • On September 11, 2019 at 11:49 am, Nagui Bihelek said:

    I have 5 personal sites – is there a donation level that covers all of these, or do I need to donate from each and every site separately?
    If so, does the $15 on each site allow full functionality?

    Thanks in advance.

  • On March 24, 2019 at 12:41 pm, baba said:

    Hello, I read in one of the comments that this plugin has been translated into French, but the French is not specified in the description of your plugin on the site of worpress. Is there any translation into French?
    Here are some more questions before getting started with your plugin:
    - Does the plugin work directly with subdomains (ex: blog.mysite.com, which are not in public_html) or do you have to specify them before you make a donation?
    - I noticed that we can scan “public_html”: part of my website will be external to wordpress, will your plugin also scan these files and folders? (I do not know yet if these files will be or not in public_html)
    - If your plugin scans the external part to wordpress, will it normally parse them with a clear answer, or will it delete them?
    Thank you for your reply.

    • On March 25, 2019 at 12:34 pm, Anti-Malware Admin said:

      You can see that someone has submitted French translations for 449 phrases in my plugin on the Translating WordPress page:
      However, they are all still in the “Waiting/Fussy” column because no volunteers on the Language Teams have yet validated those translation, but I have downloaded them myself and have manually included these translations the mo/po files of my own release.

      My plugin is fully functional for the purposes of scanning and removing known threat, even without a donation, and you can register as many site (including sub-domains) as you want at no charge. So I suggest that you go ahead and try it out risk free, then let me know if you still have any more questions ;-)

  • On January 6, 2019 at 12:23 am, Jarek said:

    After scanning the site, I received 14 threats. When I click on any of them, the window does not open, continuous loading. I’ve tried several times. I changed the browser, uninstalled the plugin, reinstalled and still nothing. What can I do?

    • On January 6, 2019 at 1:26 pm, Anti-Malware Admin said:

      First, you can click that button right in the middle of that loading window that says “If this is taking to long, click here”. Then you might see how far the Automatic fix got, or you might see an error message. You can also check your browser’s Console for JavaScript errors and you can look in the error_log files on your server for PHP errors that might explain why the Automatic Fix page isn’t loading.

      • On January 6, 2019 at 1:30 pm, Jarek said:

        Of course, I checked the button in the middle, but nothing is displayed after clicking. How can you make a PHP error?

        • On January 6, 2019 at 4:14 pm, Anti-Malware Admin said:

          The error_log files are on your server. You should ask you hosting provider where to find those because every server is different.

  • On November 28, 2018 at 7:38 am, Isaac said:

    Hi, thank you for your amazing plugin. Whenever we try to run the full scan, it loads for a while and return the “Error 524 a timeout occurred”. I dont really know what this means but when time it happened I just went back and saw in the scan logs that “a Complete Scan of my site ran 10 minutes ago and has not finish”

    I decided to go to bed and leave it, even though I did not see any progress bar indicating a scan ( I just thought it was running in the background). I woke up this morning 8 hours has passed and I don’t know if I should leave it or start another scan.

    Why is it not showing a progress bar like the tutorial videos I saw on Youtube?

    Thank you so much for your help.

    • On November 28, 2018 at 7:47 am, Isaac said:

      I also get this error when trying to use the quick scan – “The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.”

      • On November 28, 2018 at 8:01 am, Anti-Malware Admin said:

        I am sorry that your server does not have enough resources to run the Quick Scan, but like the message says you should just use the Complete Scan instead.

    • On November 28, 2018 at 8:04 am, Anti-Malware Admin said:

      The Scan does not run in the background. If you leave the page and the Scan Log says that a prior scan has not finished then it will never finish. You need to restart the Complete Scan and stay on the page until the scan is done and you have resolved any issues that were found.

      I don’t know why you would have gotten a timeout error. If you can send me a screenshot of that then I may be able to help you further.

  • On October 11, 2018 at 12:21 pm, Arnaldo Martinez said:

    Plese HELP ME ! I donated the U$S 15 but the program did not detect the malware “www.thegoodplan.ovh” among others that is corrupting the links of my page. My page is htpps://arnimartinez.com and the malware/spam is making my clients runaway from my page. Please help me! God bless you!

    • On October 11, 2018 at 6:23 pm, Anti-Malware Admin said:

      It looks like this redirect link is gone now. Did you find it?

      Let me know if you still need help with this.

  • On March 20, 2018 at 1:29 pm, Luigi said:

    After updating the plugin to version 4.17.58 I always get the following error: “Invalid or expired Nonce Token! GOTMLS_mt! Set”
    I can not update the definitions and I can not scan.

    • On March 24, 2018 at 10:38 am, Anti-Malware Admin said:

      This sounds like a caching issue or else the token is being stripped by a firewall. Try disabling any caching or firewall plugins that you have and let me know if you find the culprit or need still more help.

  • On August 17, 2017 at 6:14 am, gia khang said:

    How to delete this folder /wflogs in WP. Do I have to be infected?

    • On August 19, 2017 at 3:27 pm, Anti-Malware Admin said:

      That wflogs folder is created by Wordfence and has nothing to do with my plugin. You should post your questions about that folder on the Wordfence support forums.

  • On May 21, 2017 at 6:33 pm, David Steenkamp said:

    Hey Eli,

    I realize it would probably be exceptionally difficult to do – but is there any chance that in the future you could add a ‘schedule’ feature to the plugin? What would it take in order to accomplish that? I am not sure about everyone else, but I would happily pay an additional fee for that feature. I use iThemes Security already for my client sites, but your plugin is by far the best for scanning for malware and the like. I like to automate as much of business as possible, and if your plugin had the ability to run on a schedule (daily / weekly / monthly / etc…) that would be amazing. Again, let me know what it would take to make this happen as I think it is a feature a lot of us would be willing to pay for :)


    - David.

    • On May 21, 2017 at 7:27 pm, Anti-Malware Admin said:

      This is a feature that I have been working on for a while, unfortunately it is taking a lot of work and I have to re-engineer the Quick Scan to make any future scanning compatible with a scheduler. I will certainly let you know when this feature is ready for testing.

  • On April 26, 2017 at 12:10 pm, Jeremy said:

    My site was hacked and I am trying to update definitions, and when I click the button in order to do so I get this error:

    You were looking for something that wasn’t there… Try this instead:

    I have disabled all plugins temporarily and got the same error so I don’t think it is a firewall issue.

    • On April 26, 2017 at 12:13 pm, Jeremy said:

      I should add I am using a very old version, wordpress 3.4 which I want to update after I do the scan

      • On April 26, 2017 at 12:34 pm, Anti-Malware Admin said:

        I don’t think that the older version of WordPress is the cause of this issue, but you could try upgrading it first to see if that makes a difference.

        There could be a FireWall on your server that is stopping the POST values that would manually update the definitions, or a PHP limit that restricts the whole initial update based on the POST size. You could use the Auto-Update (premium feature) for a donation of $29+ and that would bypass the posting of any updates automatically fetch the latest updates for you…

        • On April 27, 2017 at 1:35 am, Jeremy said:

          Thank you, I donated and it worked, I was able to completely run the scan. I am currently running it again and it seems to be finding the same threats, so it does not seem to be getting to the root of the problem. Any advice on what I should do?

          • On April 28, 2017 at 11:28 am, Anti-Malware Admin said:

            My plugin can only scan your site on your own hosting account. If you have a shared hosting account then your site is likely susceptible to cross-over infections from other site on the same server, even if they are in another account. I all your sites are clean but they are getting repeatedly reinfected every hour then it is likely that the root cause is somewhere else on the server. You may need to find a more secure hosting environment for your sites.

  • On March 13, 2017 at 11:54 am, Robert said:

    After running and repairing files, the Revolution Slider no longer works or even shows that it is installed (required by the theme). When I try to re-install, it won’t allow me to saying it is already installed. Any suggestions?

    • On March 13, 2017 at 12:39 pm, Anti-Malware Admin said:

      Try deleting the revslider folder in your plugins directory and then reinstall the plugin again. If the scan finds any more threats in those files can you send them to me so that I can inspect them?

  • On January 4, 2017 at 7:10 am, Mike Semanoff said:

    When I do a full scan have a lot of skipped files. Is there a way for force them to be scanned.

    • On January 4, 2017 at 12:57 pm, Anti-Malware Admin said:

      Yes, you can clear the field that list the file extensions to be skipped, but that is not recommended, those files are skipped for a good reason, and it will just take a whole lot longer to scan them all.

  • On October 20, 2016 at 10:40 pm, Harendra said:

    Is there any way to see previous or last scan results, if page reload during the scan.

    • On October 21, 2016 at 7:56 am, Anti-Malware Admin said:

      Not at this time, sorry. You need to stay on the the scan results page until you have dealt with the known threat and then you should run the scan again to be sure it’s all clean. I don’t cache the scan results because they are not relevant after the fix, I am working on a Last Scan Recovery feature though, that should be out by the end of the year.

  • On September 20, 2016 at 11:26 am, Troy Vayanos said:


    Yesterday when I scanned the plugin automatically put the into quarantine.

    However, today when I scanned it shows all the threats and when I click ‘automatically fix selected files now’ it sits and waits for a long time and nothing happens.

    When I click on the button that says ‘it this is taking too long, click here’ it says “The gateway did not receive a timely response from the upstream server or application.”

    Not sure what do as I’m guessing the infected files are still there and haven’t been fixed or quarantined?


    • On September 21, 2016 at 9:42 am, Anti-Malware Admin said:

      A Gateway error indicates a problem on your server. There may be something that is interfering with the results coming back with a “timely response”.

      I would try continuing to click the Automatic fix button to see if you eventually get a response. Even though the results of the fix are not being displayed it may be cleaning some of those files. If you don’t get anything different after a few tries then run the scan again to see if there are less malicious files detected.

      Let me know how that goes…

  • On August 11, 2016 at 6:59 am, Holly Powell said:

    A few of my clients have securi firewall installed – they asked me if we are using your plugin is there still a need for securi firewall. I didn’t know how to answer that. Please advise.

    • On August 14, 2016 at 9:59 am, Anti-Malware Admin said:

      Every “Firewall” is different and should not conflict with another, but all are as affective or cross-compatible as they should be. New threats are always emerging so you need security software that is top notch and up-to-date. Read the reviews and check the support forums to gauge the quality of each product.

  • On June 18, 2016 at 9:05 am, KENNETH DIVINE said:

    I have identified potential threats on my website.
    How do i get it fixed, as there is no option for me to do this

    • On June 18, 2016 at 2:17 pm, Anti-Malware Admin said:

      The answer to your question is on my FAQ page where you posted this comment:
      Why can’t I automatically remove the “Potential Threats” in yellow?
      Many of these files may use eval and other powerful PHP function for perfectly legitimate reasons and removing that code from the files would likely cripple or even break your site so I have only enabled the Auto remove feature for “Know Threats”.

      How do I know if any of the “Potential Threats” are dangerous?
      Click on the linked filename to examine it, then click each numbered link above the file content box to highlight the suspicious code. If you cannot tell whether or not the code is malicious just leave it alone or ask someone else to look at it for you. If you find that it is malicious please send me a copy of the file so that I can add it to my definition update as a “Know Threat”, then it can be automatically removed.

      • On October 29, 2016 at 4:39 am, Frans Kemper said:

        Hello Eli,
        I got several potential threats in a fresh wp installation. I can safely assume that these are not infections. If I white list them, will they still be scanned and pop up again if there is any change?
        And also, what other security plug in will complement best with GOTMLS?
        Thank you,

        • On October 29, 2016 at 12:11 pm, Anti-Malware Admin said:

          Yes, there may be some core files that use suspicious functions like eval and base64_decode but they are not used in malicious ways (that is why they are not “Known Threats”. If you use the use the Core Files Definitions that is available to premium supporters then these will not be marked as suspicious because their unchanged status can be validated. Likewise, if you white-list these files them they will not come up again unless they are ever modified.

          As for other security plugin, I don’t keep track or make any specific recommendation, but I do my best to make sure that my plugin is compatible and does not conflict with any other plugin ;-)

  • On May 28, 2016 at 12:27 pm, wojciech said:

    Hi there!
    I just downloaded your plugin because some of my sites got hacked lately.
    I’m trying complete scan instead of quick scan for a better ressult but it seems to get stuck at 0% and no working at all on both of my sites.

    I hope you can help me out with this issue.

    • On May 29, 2016 at 3:18 am, Anti-Malware Admin said:

      It was getting stuck on wflogs so I put that on the list of directory to exclude (along with the cache folder) and it is running the Complete Scan now. I strongly recommend you deactivate any caching plugins and delete all cache files as these temp files will take a very long time to scan and they can also cause your site to remain infected even after the threats are removed.

  • On May 8, 2016 at 3:46 pm, Jim said:

    Hi – I’ve downloaded the plugin and placed it into my directory as directed, but I’m unable to activate it because Google has locked the site for suspected Malware. Is there a way around this?

    • On May 8, 2016 at 5:20 pm, Anti-Malware Admin said:

      You have to be able to login to your wp-admin to activate my plugin and run any scans. Bu t Google cannot lock your site it can only display warnings about the suspected malware. You can bypass those warnings and access your site anyway. You can also use another browser like Firefox or Opera. Google might own Chrome but they don’t own the whole Internet yet ;-)

  • On April 27, 2016 at 5:17 am, William Rufino said:

    Hello there, If I make a donation, can I use the beta features on more than 1 website or just one?

    • On April 27, 2016 at 1:13 pm, Anti-Malware Admin said:

      Yes, If you register all your sites under the same email then your donation will count for all of them ;-)

  • On April 12, 2016 at 10:13 am, Ted said:


    I was wondering if I can install your “Anti-Malware Security and Brute-Force Firewall” AND Wordfence, and keep BOTH enabled? I currently do NOT have any malware problems on my website. Would using your “Anti-Malware Security and Brute-Force Firewall” program conflict with the FREE version of Wordfence?


    • On April 12, 2016 at 11:16 am, Anti-Malware Admin said:

      There are no conflict with My plugin and Wordfence that I am aware of. Please feel free to use both and let me know if you have any problems.

  • On March 11, 2016 at 11:29 am, Mario said:


    Excellent plugin, absolutely love it, however one thing that is annoying and I want to know if there is a way to bypass it.

    When clicking ‘automatically fix files’ it only runs for about 100-200 files and a popup displays and you have to click ok, and restart the ‘automatically fix files’ once again.

    This is a bit annoying when there are 3000+ files that need to be cleaned. Is there a way to bypass this and let it just run?

    Message : “Changed 90 files, failed to change the rest, try again to change more.”

    Happy to donate if it bypasses this constantly popping up, this tool is fantastic!

    • On March 14, 2016 at 9:47 am, Anti-Malware Admin said:

      Thanks, however this is not a limitation inherent in my plugin but rather a limitation of your server. That pop-up warning is a notification that the fixing process running on your server ran out of memory before it could complete, so you have to click the fix button again (maybe multiple times) to finish the process. You could try increasing the memory limit in your php.ini file but some hosts don’t give you enough memory or access to those configuration option to make that effective. You could also move your site(s) to a more powerful server ;-)

      • On March 14, 2016 at 11:13 am, Mario said:

        Interesting, i’ll have to see next time, the server is huge, (its my server) i have total control over it, and the process went from processing 100-200 down to 10-20 files at a time, but resources looked fine.

        Thanks for the reply.

        • On March 17, 2016 at 9:04 am, Anti-Malware Admin said:

          It’s not so much the amount of physical memory in the machine as it is the amount of memory allocated to PHP for a single process. That is why my plugin allows you to run the fix in multiple segments until all threats are fixed if there is not enough memory to fix them all at once.

          Check the memory_limit in your php.ini file and try increasing that value to see if it will allow you to fix more threats at once.

  • On February 21, 2016 at 6:23 am, Avner said:

    Great job.
    If I donate, would I get the extra features for all my domains?


Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>