Donations keep this Plugin alive! If you value this Plugin I urge you to donate as much as can so that I can keep it up-to-date and make it better. The more money I get, the more time I can devote to it, the more you benefit.
Get instant updates to new definitions files as new threats are discovered.
*All fields are required and I will NOT share your information with anyone.
*All fields are required and I will NOT share your information with anyone.
Starting to look fairly definite that the dock.blahblahblah.ga malware thing come onto my site via the wordpress classic editor plugin. I’m not sure yet, but I had it uninstalled and deleted from the plugins folder, then ran several scans to clean up my site then again make sure it was clean. No problem. Then I reinstalled classic editor and began to work restoring my site, re-editing a couple of pages, and there the thing was again. Right now I’m scanning and rescanning, but thought to report what’s happening. Kind regards, Gil.
I’m not convinced that this issue actually has anything to do with the Classic Editor plugin. It most likely unrelated to that plugin as I would suspect that the same thing might have occurred even if you have not reinstalled the Classic Editor. This malware was most likely re-injected by almost any other vulnerability that your site might have or it could have be re-introduced by your browser when you were editing the site.
This type of threat usually tries to infect all your .JS files so I would suspect that it have come in through a back-door that you may not be aware of yet. Try running the Complete Scan again. Make sure that you have the latest definition updates and that you are scanning the whole public_html directory.
You can also look at the infection times in the Anti-Malware Quarantine and cross-reference those times with any suspicious activity in the raw access_log files on your server. This will tell you for sure where that malicious code is coming from.
Great thanks, cleared all browser caches and that worked, for a week or so. How do we scan the site using GOTMLS as a standalone scanner when the site is reinfected? Thanks again for all your help.
Unfortunately, this plugin cannot run as a stand-alone application, it is fully integrated with WordPress so you will need to be able to load your wp-admin to run the scan. Ask your hosting provider to help you address whatever issues are preventing you from accessing your wp-admin so that you can then run the malware scanner to clean up the rest of the site.
Hi! Great plugin. Is there a way to have the plugin automatically cleanup malware without me having to manually run a scan?
Thank you!
Unfortunately there is no way to schedule/automate the scan process in the current version on the plugin. The current design for the Complete Scan requires that a browser stay logged in and on the scan page to move the scan process forward. However, I am working on a new feature that will allow the scan process to be automated in a future release.
Under Block XMLRPC Access I’m getting the error: “Unable to read Apache Version, this patch may not work!”
Any ideas?
Your server may be running nginx instead of Apache, or your Apache server may be configure to conceal itself. Either way, it won’t hurt to enable this patch, but it also won’t add block access to you XMLRPC file if you are running nginx.
Thank you very much for your nice program, its works good en cleaned my website!
Thanks
Hi there,
first thanks for the great plugin!
I’m trying to speed up the performance of the website.
In the database ( wp_options) the table GOTMLS_definitions_blob (autoload:yes) ist big (0,34 MB). How can I reduce the size?
Thanks in advance
Stefan
Thanks for bringing up this question.
First, let me assure you that even though this might be one of the single largest values in your wp_options table, 340 KB (or 0.34 MB) is not very big at all, and because this value represents the definition list of all known threats in my database it cannot be reduced in size without losing potentially vital information and thus compromising the effectiveness of the Anti-Maware scans.
Additionally, if you are concerned about the speed of the site then I suggest that you investigate the execution time of the various WordPress Hooks that are called by all your plugins and theme functions rather than worry about the amount of memory used by the autoload feature of the wp_options. You could set the autoload column for any of the larger values in the wp_options table to “no”, but while that would save you a tiny amount of memory it would not measurably decrease the load time of the page. If fact, it would likely increase the overall load time for your site because any value that might be needed that is not set to autoload would then require an additional query to retrieve the value from the database and that would actually take notable amount of time to run the extra query when the value could and should have been included in autoload query with no notable impact on the page speed.
Please let me know if you have further input or question on any of this.
Hey, having an issue with Brute Force just spinning on “Checking sessions for compatibility”. Here’s what I get in the console:
Warning: Use of undefined constant WP_DEBUG – assumed ‘WP_DEBUG’ (this will throw an Error in a future version of PHP) in /home/xxxxx/public_html/wp-includes/wp-db.php on line 608
Warning: Use of undefined constant WP_DEBUG – assumed ‘WP_DEBUG’ (this will throw an Error in a future version of PHP) in /home/xxxxx/public_html/wp-includes/wp-db.php on line 1625
Warning: Cannot modify header information – headers already sent by (output started at /home/xxxxxx/public_html/wp-includes/wp-db.php:608) in /home/xxxxxx/public_html/wp-content/plugins/gotmls/images/index.php on line 613
/* GOTMLS SESSION TEST */
if(‘undefined’ != typeof stopCheckingSession && stopCheckingSession)
clearTimeout(stopCheckingSession);
stopCheckingSession = checkupdateserver(‘/wp-content/plugins/gotmls/images/gotmls.js?SESSION=1′, ‘GOTMLS_patch_searching’);
This is a configuration issue on your server. You can solve this two ways:
1. Add this line to your wp-config.php file:
define(‘WP_DEBUG’, false);
2. Disable displaying PHP Warnings in the php.ini file on your server (you may need to ask your hosting provider for help with this).
Worked, thanks!!! I did it from CPanel > MultiPHP INI Editor
Gracias, ya te donamos esperamos sea la solución para este pequeño virus que nos estgaba molestando. un gran saludo desde Argentina
Just updated my websites to the latest Plugin Version 4.19.68 and now all my sites say that Installation key is not registered. And even after i clear cache it shows the same . Your Installation Key is not registered!
I can see the key in the website showing is different from the key showing here in the list. It does not allow me to change the key in my website.
I see that you have issued SSL certificates on thee sites and started using the secured URLs starting with HTTPS instead of HTTP, so that is why each of those sites has been issued a new key (not because you upgraded to the new version). The key is automatically generated based on the Site URL so you cannot change that but it will change if you start using a different URL. All you need to do is to re-register each of those new key to the HTTPS sites using the same email address that you had registered all your old unsecured URLs to and then they will all be on the same account
how can we report new malware? as i did detected some malware that was not detected by the scanner?
Please email me directly with any malicious code you have found and I will get these new scripts added to my definition update ASAP
I have reinstall my wordpress. How to reinstall the plugin to my wordpress?
Simply install the plugin the same way you did the first time
When you get a key it should be the same one as before, so your site should still be registered.
Hi,
While registering its showing “Your Installation Key is not registered! ”
But the key is already there, i can see in the installation key list, pls help
I see multiple successful registrations on your account. Please try clearing your cache and refreshing your wp-admin to see the updated registration. If it still shows that you are not registered then please send me a screenshot so that I can see what might be causing this. You can also check your browser’s Console to see if there are any JavaScript error on the page that might explain why the registration check failed.
Hi,
I have the same issue here, the domain appears in my members listing and have cleared the browser cache, but still the Installation Key doesn’t stick and there are no errors in console either.
Thanks for any assistance.
Simon
Thanks for detailing the troubleshooting that you have done so far. Your description is very specific and it sounds like you have covered all the main points, however this sound a bit different from the caching issue that Rajiv was having. First, let me confirm that I see two keys registered for the domain in question (one for the unsecured HTTP URL and one for the secured HTTPS URL), so this is not an issue with t he registrations but rather some kind of issue with your site verifying that the registration is already there. Now let me ask you for clarification on what you mean by “the installation key doesn’t stick”… if you are saying that when you return to the Atni-Malware Setting page in your wp-admin after your registration looks as though you have no key at all, and there is a button that says ” Get FREE Key”, then this is not a caching issue but actually an issue with your WordPress installation not being able to store the registered key into the wp_table in the database on your server. This could be caused by a PRIMARY KEY issue or AUTO INCREMENT issue in that table or a permission issue causing the DB to be read-only.
If this does not help you to find a solution for the issue that you are experiencing then I would need you to send me more info with screenshots of that table structure and a screenshot of the Atni-Malware Setting page in your wp-admin directly to my email so that I can see what might be causing this.
Can this plugin be used at the same time as Wordfence or will that cause an issue?
It should work fine in conjunction with Wordfence.
Great plugin! I had already cleaned this particular site but I just couldn’t be 100% sure I had completely nailed it. I now have peace of mind that the work I have done has sorted out the issue. Thank You!
I tried to register a site: I see in the list it is registered, but in WordPress plugin I get:
Your Installation Key is not registered!
Get instant access to definition updates.
I see that your new domain was registered to your account successfully. In most cases the reason that you might not see this updated information in your wp-admin is because of some kind of caching issue on your end.
Try clearing your cache in your browser and in any caching plugin that you might have installed on your site. Then do a hard refresh (Shift + F5) and see if it shows your registration then. You can also check the Console tab in your browser’s Inspector to see if there are any JavaScript error on that page. It is possible that there is some kind of pop-up blocker or script blocking settings that are preventing the registration check.
I’ve donated $29. I understand a donation will give me automatic definition updates. Does the one donation cover me for only one site or for multiple sites? If the latter, how do enable automatic updates for other sites?
If you register all your sites to the same email address then you can enable the automatic updates on all of them. I see four sites registered to the account that you donated on. If there are any other sites that you may have registered under a different email address then you can click on the Key in your wp-admin and re-register those sites under the right account
I have donated three times at the $29 level on this account, and I think I may have even donated on another account. Thanks for your hard work and efforts with this plugin that I find invaluable. I will be donating again and again, because I use the plugin on multiple sites and think it’s only fair to do so.
Thank you. Your support is greatly appreciated!
THANK YOU!!! I LOVE YOUR PLUGIN! WORKS VERY WELL!!!! CAN I KISS YOU.
Hi, this is the first time I´m using your plugin, my Host says that my site it´s getting to much CPU usage and I dont found the issue; y ran a scan but its been almost 24 hour now and still havent finished (almost done). So far havent found malwarebut it found 115 read/write errorsm a lot to check one by one. Does that might be the problem?
It is not normal for the scan to take that long. If it take more that 30 then there are some abnormalities on your server that are slowing it down. The high CPU usage is to be expected but not for that long of a scan.There must be some kind of conflict that is causing all those Read Errors. You can check the error_log on your server to see if it has any clues as to what might be causing this conflict. You might also see if there are any JavaScript Errors in your browser’s Console that would explain why the scan is taking so long.
Hi,
I have multiple sites infected, your plugin works great although it removes it and the sites get re-infected. Anyway I want to make a donation, but can I do this as a whole for all the sites with the plugin installed?
Also I have no idea what happened to my profile name…..
Thanks
Grant
Yes, if you make a donation then the premium features will be unlocked on all the site that are registered under your account
P.S. I have fixed your profile name for you
HI, i just installed your Plugin and must say it is working, only thing i need to ask is how it removes the malware files ? it listed some 50 files but didnt fix or repaired it.
Please let me know
Thank you
Mujeeb
Are those file listed as Potential Threats? If so then you need to download the latest definition updates and then run the Complete Scan again to detect Known Threats. When Known Threats are found you can click the Automatic Fix button and my plugin will remove the malicious code from all those files.
Is it possible to run a scan without java script turned on in my browser? My site is redirecting – even from wp admin – so the only way I can stay in the admin screen is by turning it off :/
No, not at this time. I am working on a Scheduled Scan feature though, and that will not require JavaScript or your browser
Hi!
I currently have 2 sites registered under the same email address: but I am handing over responsibility for one site to someone else and want to assign this to their email address, whilst keeping the other registration on my existing address. How do I do this?
You can login to http://gotmls.net/members/ and then “un-register” that site so that they will have to re-register it themselves, or you can simply re-register the site to them directly by clicking on the key on the Anti-Malware Setting page in their wp-admin and entering their email address into the registration form.
Hi, After donating i want to run your plugin on my 5 sites , what process i will have to follow for the same? Currently my one website is registered with plugin from a different email id, i need to transfer/ bring all websites under my official email id, how i will achieve that can you please guide?
If you have already registered multiple sites/keys under different email accounts then you can login to http://gotmls.net/members/ under your other email accounts and transfer those registrations to your main account.
Hi,
I just donate usd29 and would like to use the new Key also to those 2 domains that were previously unregistered. So, how I can remove the unregistered Key (issued to a different user tht has installed your plugin few days ago to those domains)? thanks a lot. Raf
Each site must be registered to it’s own unique Key but they can all be on the same account if you register all your keys under the same email address. If you have already registered some of your sites under other email addresses then simply login to the members page with the password sent to those other email addresses and transfer those registrations to your main account
Hi Eli, thanks a lot for your advice….now I can see the keys under 1 account. Thanks. Ciao, Raf
Hi Eli, i have a website placed in godaddy, which has no free virus scan option in cpanel. My site was hacked by a wordpress plugin bug last friday (probably 20k sites, too). The hack was a malware redirecting site. The plugin owners gave us a solution which fixed the URL hacks. I checked online malware&virus scan sites to see how clean my site is before the fix and after the fix. Now they say there is still malware infection, but i tried the malware scan plugins and also your plugin and all of them says it is fine and clean. Is this because your plugin is not updated for this problem I have not donated yet, can this be a problem to get an answer from you? Thank you
I don’t see any malware infection on your site. Can you please send me what you are seeing that says that your site is still infected?
if i pay 29.22 dollar, can i use it for multiple sites
Yes, you can use my plugin on as many site as you want to.
Donated 29.22, thank you Eli for this awesome plugin
Can you add a feature to the plugin that allows you to auto-schedule a scan [ about 2 to 3 times a day] and email the site owner reports about the scan?
Thanks for your interest in this. I have been working on such a feature for some time now and I hope to have it done soon. I will certainly let you know when I have this new feature ready for testing.
Hi Eli,
I love your plugin! I had a question. If I want to install this plugin on 3 additional sites and want to get the automatic updates, do I have to donate $29 per site? Thanks!
If you register all your sites using the same email address then they will all be under the same account and that one donation will unlock the automatic update feature on all of them. Once you enable to automatic updates and click save the core file definitions will be installed automatically on each one.
Hello… I have read a few times that there is a button to click that will remove to malware… I have donated, re ran scans… but do not see a “fix” what am I missing… scanning and knowing is nice… but pointless unless there way to fix the issue.
Please advise…
Thank you!
If the scan find any Known Threats then there will be a button to Automatically fix the selected threats. Make sure that you have downloaded the latest definition updates and if you still don’t see this button then you can send me a screenshot of the scan results and I can help you further.
HI
two days ago i sent an email to you and still have not got the reply. can you please check and tell me.
thanks
Pasan
Your email was yesterday (23 hours ago) and I just replied to it. I am extremely busy but I would like to help you so please send the files you mentioned as a zip attachment directly to my email address so that I can update the definitions with a fix for you.
donated 52USD
life saver plugin you made here !
Very happy with it !
keep up the great work
Sir. Two words to express my feelings on this plugin (which I found via a help article on WordPress.com): Bacon, Saved!!!
Thank you for a great plugin.
I have a new site running the plugin. It is now reporting –
Quick Scan of News started 24 days ago and has not finished
It never started with the normal screen showing the progress of the scan. How do I kill this and have it start correctly
First of all, you don’t need to kill any processes. Just because it did not finish does not mean that it is still running, it just means that it was not able to get to the end of the scan before failing. If you had stayed on the scan page for more that 120 seconds then the process would have ended one way or another. Either it will finish with some type of scan results or there will be an error message, or maybe it will fail without loading the page (errors or no errors). Regardless, there is no action needed to stop the process and you can attempt another scan at any time. If the Quick scan continues to produce no noticeable results after 120 seconds you can assume that it was unsuccessful and just run the Complete Scan instead. The Complete Scan is more appropriate and the Quick Scan is only useful and effective in certain circumstances anyway.
Made my first donation but I won’t stop here. Your plugin has been such a great help and I am going to continue to donate from time to time and do all I can to support your great work! Thank you so much Eli!
Thanks you
Hi Eli,
Your product is wonderful. It has helped our development work and kept our sites clean.
Thank you! Please accept a small donation US$29
“NO_HTTP_REFERER” …has locked me out (logging into WP) using my usual control panel through my host. I’m sure this can be fixed with FTP. I’m sure this is a side effect of the Brute Force setting.
Just wanted to say, besides this hiccup, your product worked great! What this plugin wasn’t able to fix/delete – I was able to easily find with FTP and plugin as guide.
THANKS!
…now …help?
First, there should always be an HTTP_REFERER when you are submitting a form, that is why it is one of the things that my Brute-Force Protection checks for. If you are going to your wp-login.php page and then submitting the login for and you are getting this message then you must have some kind of privacy/anonymity or security modification to your browser that is concealing the HTTP_REFERER (this would make you look like a hacker). Otherwise, it could be that you are logging into your site from an external page or there could be something very wrong on your server so that it does not see the HTTP_REFERER.
Now, if you are unable the fix the real problem that is cuasing this then you can simply disable the brute-force protection. If you cannot login to get to those firewall settings then you just need to comment-out or delete the first line in your wp-config.php file, right after the opening PHP bracket “
Hi Eli,
I have been using your excellent tool to get rid of some malware on my website, but it keeps coming back. The only error that seems to always come up after scanning and cleaning is a read/write error with
/public_html/wp-includes/js/jquery-migrate.min.js
is this possibly where the bad code is hiding?
It is not likely that any JS file is spreading this kind of threat on your site, and that file is probably only getting the Read Error because it is rather large and the memory_limit in the php.ini file on your server is set too low. If your site is on a shared hosting account itt is more likely that it is getting reinfected by another infected site on that server. You can check the raw acceess_log files on your host (ask your hosting provider if you are not sure where to find these logs) to see what scripts are being call at the exact times that the reinfection occurs (see the Anti-Malware Quarantine for infection times). If there is nothing there then you should probably move your site to a more secure hosting environment.
P.S. I also provide Super Secure Hosting if you are interested
please how can i remove rogueads.unwanted_ads from my website? really need help
Known javascript malware. Details: http://labs.sucuri.net/db/malware/rogueads.unwanted_ads?1
Yes, my plugin will get rid of that threat. Make sure you have downloaded the latest definition updates.
Hello, please how many websites can i secure with a single donation of $15. Thanks
One donation of $15 will unlock the Brute-force protection feature on as many sites as you register to the account using the same email address. Furthermore, if you donate $29 or more than it will also unlock the Automatic Update feature which you can use to install the Core Files Definitions on all those same sites
Hello, I restored an older version of the website. Now the gotmls plugin won’t download the updates and the key does not ‘want’ to register. How can I solve this?
The key for the secured URL of your site is already registered to you, so you do not need to register it again. Just make sure you are on the HTTPS site (the one you already registered) and you should be able to download the latest definition updates.
If you still have issues with your registration or the updates then please email me directly with a screenshot of the issue you are having.
its skipping alot of files
It is designed to skip binary file types by default that could not directly execute code on the server and empty files. This saves a lot of time when running your initial scan but you can always change those defaults in the scan setting if you really feel it is necessary.
i tried it with the skipped files, did not deal with the problem.
i removed all those file exceptions and it looked like it would take all day to scan.
i suppose i will try again.
That is why I have set those files to be skipped by default. You can contact me directly with your specific findings and a screenshot of any problems that you find so that I can better help you get the the source of this issue.
is this supposed to remove the malware?
Yes it is, if you have the latest definition updates installed.
i do have the latest.
Hi Eli,
Is there any requirement on the version of revslider to have the vulnerability plugged? My site keeps being hacked thorough there
I don’t remember what version was vulnerable but the newest version should be patched. The firewall in my plugin should also stop the common exploit of revslider if it is active.
Hi, How do I re-register a key. I clicked on “unregister” on this website by mistake and now it says I have to registered keys. I can’t find anything that will allow me to re-register a key again.
Just go back to your wp-admin and use the registration form on the right-hand side of your Anti-Malware Settings page.
Hi Eli,
Do I need to donate for every website I use the plugin on?
Ely
Not if your name is Ely
No, but really, if you register all your sites under the same email address then they will all be on the same account and you only need to donate once
Great, thanks
If I install the plugin on the main domain of my hosting account it will scan everything – including WP installations on add-on domains (installed in folders). Will it also protect them or do I need to install on every site?
It can scan all the sub-directories inside the root of the main site (including any other sites installed there), but it cannot add any protection to each sub-site or detect the proper version of the core files on each site unless it is installed on each of those sites specifically.
Hi,
What mean Read/write errors? the files cannot fix? please advise.
A Read/Write Error means that the file could not be scanned, usually because of the permissions on that file or a restriction of your PHP server. Basically, if a PHP process running on your web-server cannot access the file then my plugin cannot scan it.
Hey Eli, got this error when logging in to a site today. 23991525: NO_SESSION anything to worry about?
If it was a one-time occurrence then I wouldn’t worry about it. Your browsere was probably left on the login page for too long and your session expired. If it happens consistently then you may have a problem on your server that is preventing sessions from being created at all.
Esse plugin realmente é muito bom, recomendo a todos que tiverem problemas com vírus em seu site no wordpress.
How can I enable plugins to my site?
Just click on “Add New” under the Plugins menu item in your WP Admin menu.
Hi Eli,
I can’t register your plugin on my other site. When I click on Free Key I get: No response from server!
All my other previously registered sites work good. Why is that?
I have fixed this error on my server and you should now be able to register.
Wish I could donate to this awesome plugin, and use it in full way.
In IRAN, we don’t have permission to access paypal.com
I am sorry but PayPal is currently my only way to receive donations. I could look into another method if I know it would be easy to integrate and more people could use it. What online payment options do you have in IRAN? What would you recommend I look into?
Greetings. I finally was able to donate under my main Email address. It seems that I have some registrations under an alternate Email address. Is it possible to merge the two? If not, how do I uninstall the plug in completely in order to reregister under my actual email address? I am unable to find the directions here in this forum. I did find the /members area, but that only gave me the option to choose one email or the other. Thanks.
Yes, you can combine your registrations into one account. no, re-insalling the plugin does not change your registrations. You found the /members area, yay. All you need to do is transfer those registration under one email into your account with another email. It does not matter which email you combine them into, as long as all the registrations are under one account.
Okay, thank you. Was worried about losing the paid account, but it appears to have worked perfectly. There are only a few plugins that I use consistently and yours is at the top of that list. So glad we could start sending you support. Thank you.
After the scan is complete and I select Automatically fix, I get Examine Results and the message about clicking here if taking too long. When I click that, I then get a 504 error.
Any advice, please?
A 504 is a Gateway Error, which would seem to indicate a problem on the server or issue with your site that is causing many pages to fail intermittently. I suspect you got this error when attempting to fix because of a simultaneous load issue on your site or some other server interruption.