Here are the recommended channels for receiving support:
- First Read the FAQs - These Frequently Asked Question may have answers that address your issue.
- Forum Topics - There may already be a topic that relates to your problem, if not, you can create one.
- WordPress Forum - If you prefer to use the forum on wordpress.org to get support.
There is a file with an infection in the site folder [URL redacted for security reasons] and the check can’t find it.
Thank you for sending me this infected file that was not detected. I have added this new variant to my definition updates so that it can now be automatically fixed. Please download the latest definition updates and run the complete scan again to see if it finds any more like this one.
Hi,
My website is affected by malware and affected files are:
/home4/najlanco/public_html/backup/wp-includes/header.php: SL-PHP-FILEHACKER-iu.UNOFFICIAL FOUND
/home4/najlanco/public_html/wp-content/themes/skeleton-reworked/404.php: SL-PHP-FILEMANAGER-md5-gcy.UNOFFICIAL FOUND
/home4/najlanco/public_html/wp-content/themes/skeleton-reworked/functions.php: SL-PHP-FILEHACKER-iu.UNOFFICIAL FOUND
/home4/najlanco/public_html/wp-content/themes/joly/functions.php: SL-PHP-FILEHACKER-iu.UNOFFICIAL FOUND
/home4/najlanco/public_html/wp-content/plugins/trx_updater/assets/wp-load.php: SL-PHP-FILEMANAGER-md5-gcy.UNOFFICIAL FOUND
/home4/najlanco/public_html/wp-config.php: SL-PHP-FILEHACKER-dui.UNOFFICIAL FOUND
while using Anti-Malware it will detect all of these files but not sure how to fix that.
Can you please help me on that.
Thank you
Did you download the latest definition updates?
If you are scanning for all threat type with the latest definition updates (not just Potential Threats) then my plugin will offer to fix those Known Threats for you automatically.
I am a happy donor to the plugin with many sites using the plugin. I have 3 sites that ALWAYS get stuck at 99% and never progress to completion. I’m working with those sites now, trying full scans one more time. I’ll switch and try other levels of scanning, but I’d really like to be fully confident that EVERYTHING is getting checked and is clear of problems. Any suggestions or support on this would be very much appreciated.
I have just released a new plugin update (version 4.21.94). Please download the new update and let me know if that fixed the issue for you or not?
The latest version of the plugin is completing quickly! Thank you for the fix, and thank you for the great product and service!
How can i have a invoice ?
como puedo tener un recibo de la donación?
You can find your invoice on your Profile page. Just login to https://gotmls.net/members/ and click on the link under “Invoice Details”
Hello support, I found the Malware using your plugin – thank you very much. Hoever, now I do not know how to get rid of it? Can you tell me what to do from here, please. My host is Siteground.
I don’t see a Registration for your site so you must be running the basic scan which will only identify “Potential Threats”. Do you see all the warnings in Red telling you to download the latest definition updates?
Once you download the latest definitions then you can run the Complete Scan again to find any “Known Threats” which the plugin will offer an option to Automatically fix them for you.
My error log is spitting out multiple errors everyday:
[03-Jul-2023 19:46:28 UTC] PHP Warning: Undefined array key “detected_attacks” in /home/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php on line 63
can you fix this? Im using Version 4.21.92
Thanks for reporting this to me. I will have that fixed in my next plugin update which should be soon.
If you want to fix your copy now you can add these two lines of code to your plugins/gotmls/safe-load/wp-login.php file right after $GLOBALS["GOTMLS"] = array(); on line 10:
if (!isset($GLOBALS["GOTMLS"]["detected_attacks"]))
$GLOBALS["GOTMLS"]["detected_attacks"] = ”;
I think i already fixed the issue. Thank you so much for this great plugin! I donated $29
That’s great! I’m so glad you got it all clean, and thanks for the donation
Hi there my champion friend
Please send me a donation link, where ill donate some more cash for you.
Also, what is the brute force settings? Can i edit? What is the lockout parameter.
Steve
The Brute-Force Login Protection works by establishing a persistent session with the client’s browser. Failure to establish a a valid session or more than 3 login attempts on the same session will redirect the connection so that your WP Bootstrap doesn’t even load thus relieving your server of the burden of processing these attacks. This Feature can be enabled in the firewall options after a donation but it is not configurable without modifying the plugin’s source code.
Hi,
After plugin install there is index.php file in all subdirectories. I know that this is for security reasons as this disable directory browsing.
Is there any option to disable it? Or disable it for specific directory. Problem is that in another subdirectory is additional site which uses Wordfence which see this file as a threat.
Best regards,
Miha
These new index.php files have nothing to do with my plugin. My Anti-Malware plugin does not create index.php files in every directory. Wordfence is probably correct in reporting that these files are a threat, but just to be sure, can you please email me a few of these files so that I can confirm that they are a known threat?
Hi Anti-Malware Admin
can you whitelist this lines please
:
DirectoryIndex index.php Default.htm index.html home.html welcome.html default.html index.htm home.htm welcome.htm default.htm index.php3 index.shtml home.shtml index.cgi home.cgi home.wml index.wml index.php4 home.php4 index.php5 index.php6 baustelle.html Index.html Index.htm
… I get everytime a heartattack ^^ (Whitelist File is not a option, because it´s in the .htaccess File)
best regards
serdar
Absolutely! I see that is a legitimate use of an alternative DirectoryIndex list and not at all malicious, so thanks for pointing it out. I have just updated my definition to exclude this usage from the list of known .htaccess threats. Please download the latest definition updates and let me know if that fixes it for you.
You are AWESOME
it works now without heartattack XD
so i can continue to tell my friends that your plugin is the best virus scanner for WP
Hi, I get in WordPress the following message: Your Installation Key is not registered!
But when I look in my profile I see the installation key and website as registered.
This is usually caused by some kind of caching which prevents your wp-admin page from properly refreshing to show you the current registration info. Sometime the registration check in your wp-admin can also be blocked by your browser’s security setting or some kind of script blocker add-on. Check the Console tab in your browser’s Inspector for any security warnings or JavaScript errors, and/or try disabling any caching plugins. This might also clear up automatically given enough time, if it is a caching issue.
i get attacked permanently and it is very intense to clean it every time … but these codes was not flagged as shady code Oh …
please update the plugin, i´m not sure that i find everything -.-
Thanks for sending me the Dropbox link with those files. I have added all three of these new variants to my malware definitions. Please download the latest definition updates and run the Complete Scan again to see if there are any more. Please let me know if you find anything else.
Hello,
My sites keep getting infected with “Redirect” malware. I remove them with your plugin every day but next day the malwares keep coming back
Do you have any suggestions for me please?
There is clearly still some vulnerable exploit on your server that is letting hackers reinfect these same files over and over again.
The best way to find and fix this security whole is to start by getting the exact time of the infect. If you have already cleaned this infection at least once then there will be a record of the infection times on the Anti-Malware Quarantine page in your wp-admin. Once you have the exact times of these infections then you can simply cross-reference those times in the raw access_log files on your server. This will tell you what scripts or URLs were called to infect those files, and that will point you to the file that is vulnerable to this exploit.
Ask your hosting provider is your not sure where the log files are kept on your server.
Hola estimado,
tengo problemas para eliminar un archivo que según el diagnóstico es un Error de exploración/lectura.
Este archivo está terminado en php.
No me aparece la opción de eliminar.
Un error de exploración/lectura no es un virus, por eso no hay opción de eliminación.
Este tipo de error solo significa que el escáner no pudo leer el archivo. Por lo tanto, no hay forma de saber si el archivo contiene un virus o no.
Can you solve those Japanese words attract issue if I buy your plugin?
There is nothing inherently wrong with Japanese words. Many Japanese website contain mostly Japanese words and those are predominately ok to visit if you can read Japanese
Now, if you have malware or maliciously inserted ads, that happen to be in Japanese, my plugin should be able to remove the scripts that inserted this malicious content, regardless of what language it’s in.
If you have already installed my plugin and downloaded the latest definition update and it is not finding any known threats on your site then please email me directly with screenshots of the offending content for further support.
Hello Eli… thank you for creating this tool and very happy to make the donation for your work. I have problems of unsolicited redirection of my web page and I already run the plugin without results. Can you help me see what is happening please?
Thank you Eli.. your tool finally solved my problem with the website.. thank you very much and I’m glad I found you to have my site protected and safe from malware. We sailors say Bravo-Zulu which means very well done…!!
I cant update:
No response from the server!
Please help me
The error “No response from the server” refers to the fact your server is not responding when prompted to check for updates or registration status. This is usually caused by a too strict CSP on your server or a popup/script blocker on your browser. Try clearing your cache and then open the Console tab in your browser’s Inspector and refresh the page to see if there are any JavaScript error to indicate what might be causing this issue in your case. If you need more help then please contact me directly with your specific circumstances.
I downloaded your plugin and received the key. I then did a scan and everything worked fine. A couple of weeks later, I went to my installed plugins but your plugin was not there. Can I install the plugin again and use the original key?
Once you have registered your site key will stay the same even if you uninstall and reinstall the plugin
I install the plugin
in my profile it show as register, but plugin in wp show as not register.
could any body help me?
br
This is usually caused by a caching issue or a JavaScript error on the client side. Please try clearing all cache and refreshing you wp-admin, then check your browser’s Console for errors if it still does not show the registration on your end.
Send me a screenshot if you can’t figure out what’s wrong.
Hi – I’m very interested in Gotmis. Is your firewall DNS, with DDoS protection and CDN? Does it feature an SSL-secured firewall and block unauthorized IP addresses? And if not, could I use your plugin along with another plugin or related product (such as GoDaddy’s security software) with the above features, without interference? Or does Gotmis cover those bases in a different way?
Only your nameservers can provider DNS level firewall protection, I recommend using CloudFlare DNS for that. My Brute-Force login protection was specifically designed to thwart the DoS and DDoS affects that are common from brute-force attacks on the wp-login page. I do not employ any method of blocking IP addresses specifically because most attacks are from dynamic sources and blocking users by IP usually ends up with too many false positives. The main focus of my firewall is to block known exploits that are prevalent in WordPress sites and you should be able to use any other firewall in conjunction my plugin to enhance or augment your site’s security.
Hi – I’m very interested in your plugin, etc., and truly appreciate your labor and thoughtfulness in creating this plugin and making it so easily available. I will probably download & install it soon – though I hope to receive a reply from you first.
Although perhaps my concern is misplaced – considering the quality of your reviews! – I’d be a bit more comfortable if your home page were secure (https) before entering my info. (including my alternate email address) to request instant updates. RSVP – Thank you!
Thanks for your interest. All the pages on my site are avail as both secured URLs (using HTTPS) and unsecured URLs (using only HTTP), this is for better compatibility and integration with links that only use HTTP. However, you can simply add an S to the HTTP at the beginning of any URL on my site and the HTTPS URL makes the page secure
Your donate link is dead?
https://gotmls.net/donate/
That page works fine for me and I can find nothing wrong there. You do need to enter your key or login to see the donation options on that page though. If you cannot get it to work then please send me a screenshot so that I can see what you are having trouble with.
Works for me too now
I just donated and wanted to change the user name (personal email) to reflect in plugin on my site, Do I need to remove and reinstall with my donated user name? I do note see a way to change user names.
Thanks for 5 great years of keeping my sites healthy.
The best way to fix this is to login to your wp-admin and click on the key in the top-right of the Anti-Malware Settings page to open the pre-filled registration form. Then make sure to submit the right email on that form and it will re-register the key for that site under your correct email. Then any other sites registered under that email address will also reflect your donation.
Hello, we have a licence but the data base definitions never auto update, we have to do it manually, is there a way to fix that? thanks in advance and congrats for the great work!
Sorry for the lateness of my reply, your comment went to my spam folder and I almost missed it. I recently had another report about this same thing happening to someone else too. I think that this might be a caching issue in which the updates are taking place in the background but just not showing up immediately in your wp-admin. If this happens again can you please try simply clearing your cache and refreshing the page to see if it then shows that your definitions are up-to-date? If not then please send me a screenshot and include your registration key so that I can look into this further on my end.
Just moved web site to new host. How do I transfer registration?
Just register your new key to the same email address and your registration will be on the same account.
hi, scan details disappears if i click auto fix or refresh page eg.. i have to scan again to get the infected files again and takes long time. and auto fix seem not to work even when click button taking to long time. any ideas?
If you refresh the scan results page then the scan will start all over so don’t do that until you’re done or want to rerun the scan. The automatic fix should popup a new window without leaving the scan results and if it’s taking too long then there is a button you can push to see if there are any error messages that might explain why it’s not finishing as expected. If the complete scan is taking a veryl ong time anyway then there might be something wrong on your server that is slowing everything down. You can check the error_log files on your server to see if there is any indication as to what might be causing that problem. If you can email me some screenshots of the scan results and the auto-fix and any error messages you might find then I can help you more.
the error message is just number: 1
here is a screenshoot https://ibb.co/7ktc0rG
That number 1 is not coming from my plugin. It looks like there is some other plugin that is intercepting the call to admin-ajax.php or maybe there is some other script that is injecting an additional action into the HTML output of my Auto-Fix form so that the auto-fix action is being hijacked and diverted to another action hook.
You can try deactivating other security plugins or any other plugin that might be interfering to see if the auto-fix works without interference, or you could use the element inspector in your browser to look for additional hidden fields with the name “action” in the auto-fix form that might have been added.
Hi,
Keep getting this message:
‘Your Installation Key is not registered!’
Also console errors:
Uncaught ReferenceError: WebFont is not defined
at admin.php?page=GOTMLS-settings:939
and
Refused to display ‘https://gotmls.net/’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’.
I just release a new version of the plugin that does not use an iframe for the registration form, so if you update the plugin then you should be able to register.
that other error about the WebFont has nothing to do with my plugin (I don’t use any WebFonts in my code) so that must be caused by some other plugin that is trying to use a WebFont in your wp-admin.
Hi Eli,
longtime since we last chatted. I am getting the following error:
Invalid or expired Nonce Token! (0161b6df4fcd5827b89547020f7c2ff4 !found)Refresh and try again?
any advice would be appreciated.
David
Thanks for asking about this issue. Usually this is caused by leaving your browser open on the Scan Setting page for a long time before starting the scan (and by then the token really has expires). Just refresh the page and try to start the scan again and it should work fine.
If you are still getting this message after a hard refresh then there may be something wrong with your site. Either there is some plugin or caching software that is caching your wp-admin pages (never a good idea) or maybe your DB is broken and my plugin is not able to save new records to the wp_options table. Test those two possibilities and let me know if you still have any more problems with that error.
Hi,
I have the same problem with the invalid or expired token too.
any refresh of page took me back the first step to a get free key. when I click to get the key it finds my correct key but when I want to start scanning or save the page it says it is invalid….
I have cleared the cache, changed the browser, also checked whit a new device but still not successful.
Is this issue raised for guys with 1 donate for many websites?
This issue has nothing to do with your donation. Your sites are registered and the keys are saved on my end.
The invalid nonce token issue you are having, combined with your site’s inability to save the registration key on your end, suggests that your server is not able to save records to the wp_options table in your database. This is usually caused a missing or incorrect AUTO_INCREMENT setting in your table, or it could be that your whole database is read-only (either because of a permission issue or no space left on the partition.
Try manually adding a record to your wp_options table and see what the AUTO_INCREMENT Id value is. You can also email me directly if you need more support.
Hi, I have several websites that have the WP-VCD malware.
I have used your plugin and it deletes infected files. but then a day or so later its back?
Any ideas please?
There must still be a vulnerability on your server that is letting this hacker replace those malicious files on your site just as they did the first time. If your site is clean but the vulnerability is on the server side then you may need to move your site to a more secure hosting environment. You could also ask your hosting provider what they can do to stop these repeated infections but many time the hosting support is not that helpful in these types of situations.
Hello Eli,
I had 4 registrations using your plugin, donated 4 times and I wanted to reinstall the plugin on my website after I moved it to a new server. I clicked unregister thinking that will allow me to do that … but it deleted the key all together. Can you please help. I cannot figure out how to register my new installation.
Mahmoud
Just click “Get FREE Key” and register that new key under the same email address and it will show your donation. Be sure to refresh you wp-admin if it doesn’t show up right after you re-register, and you might need to clear your cache if you browser does not show any changes on your Anti-Malware Setting page.
If i donate and upgrade my account, i will be able to use in multiple websites or just in one website?
One donation will unlock the current premium features on all sites that are registered under the same email account