Here are the recommended channels for receiving support:

  • First Read the FAQs - These Frequently Asked Question may have answers that address your issue.
  • Forum Topics - There may already be a topic that relates to your problem, if not, you can create one.
  • WordPress Forum - If you prefer to use the forum on to get support.

451 Comments on "Support"

  • On November 18, 2017 at 5:32 pm, Edward Martin III said:


    Thank you kindly for writing such a damn useful plug-in!

    With the latest version of WordPress (4.9), I’m seeing read/write errors on the following files:


    This is across all my sites as of the WP update.

    These files have been changed in the update, but I’m not sure why they would fail a read/write.

    Is this a thing that needs updating in Anti-Malware, or is this a thing I should worry about?



    • On November 19, 2017 at 7:20 pm, Anti-Malware Admin said:

      Are all these sites on the same server? It could be something to do with the permissions or the memory_limit on your server.

      I have not seen this issue on any other sites running 4.9 or any of my test sites. When you hover over the read/write error what does it say in the popup (tool-tip)?

  • On November 6, 2017 at 7:07 am, Fabrizio Silvestri said:

    second scan, nothing found… But Sucuri SiteCheck (and also SiteGround) still report this:

    Known javascript malware.

    What can I do?

    • On November 6, 2017 at 7:29 am, Anti-Malware Admin said:

      Actually the first scan got them all and there was nothing found in the second scan because the site is now clean. Sucuri caches their scan results whereas my plugin’s scan are live in real time.

      See this note at the bottom of the Sucuri scan results page:
      *Cached results from the last 24 hrs.

      I clicked on the “Force a Re-scan” link to clear the cache and their new results also confirm that the site is now clean.

  • On September 24, 2017 at 6:53 pm, John-Paul Beeghly said:


    What lines does this plugin add to my htaccess file? Thx!


    • On September 24, 2017 at 7:14 pm, Anti-Malware Admin said:

      If you choose the Firewall option to “Block XMLRPC Access” then my plugin will add some lines to the top of your .htaccess file, starting with:

      and ending with:
      # END GOTMLS Patch to Block XMLRPC Access

  • On September 22, 2017 at 12:49 am, Ramón Frigge said:

    I get plenty of read error with the message ‘value to large for datatype’. All files seem to be 200k+ what can I do to scan these files as well?

    • On September 23, 2017 at 10:48 am, Anti-Malware Admin said:

      It sounds like you are getting this error because of a restriction of your php.ini file. Maybe you can increase the memory_limit or another value that is restricting how big of a file can be opened and read.

  • On August 9, 2017 at 8:32 am, peter said:

    Hello – my recent scan reveals no threats, however the vistor of the site has been warned of HEUR.Trojan.Win32.Generic malware. Ive also used other online scanners with no threats….recommendations? Thanks

    • On August 9, 2017 at 8:40 am, peter said:

      Please answer – this was identified and “fixed” wit the plugin – but not quarantined? Is this malware now neutralized?

      Known Threats


      • On August 9, 2017 at 10:00 am, Anti-Malware Admin said:

        If the plugin fixed the threat then it will be in the quarantine and your site should now be clean. If you are still seeing something fishy on your site then let me know what you see and I’ll take a look at it.

  • On May 6, 2017 at 7:32 pm, gino said:

    what do I do with the Potential Threats? I scan, get a list, but then what?

    • On May 6, 2017 at 10:06 pm, Anti-Malware Admin said:

      You need to download the latest definition updates. Then the scan will identify Known Threats and give you the option to Automatically Fix them.

  • On April 25, 2017 at 2:59 am, Yaakov Stoll said:

    Hi Eli

    Thanks for the great plugin

    When I run the program, although it all seems to work fine, I always get this warning generated:
    “Another Plugin or Theme is using ‘WordPressHTTPS_Module_Parser::parseHtml’ to handle output buffers.” …….etc

    Does this give you any clues as to where I can fix this?

    Many thanks.

    • On April 26, 2017 at 12:40 pm, Anti-Malware Admin said:

      It could be from a plugin like Gator Cache, but it might also be included in some malicious code that was added to your site. You could try searching the source code in your files for the class WordPressHTTPS_Module_Parser.

  • On April 2, 2017 at 2:28 am, Christopher Carnes said:

    My WP Login page was flagged by google as containing malware. I installed your plugin and donated but it is not finding the infection. What can I do to locate the infected files and clean them out? Any help would be greatly appreciated.

    Thank you so much.

    • On April 2, 2017 at 7:41 am, Anti-Malware Admin said:

      I see not infections on your site now and Google has no more infection warnings either. Did my plugin find and fix the threat for you?

  • On March 7, 2017 at 3:35 am, Matteo Raggi said:

    I think to have found some false positives, where should I send them?

    • On March 10, 2017 at 9:15 am, Anti-Malware Admin said:

      Thanks for sending me that file. I’m not sure if you got my reply so I am posting my response here too.

      I disagree with the developer about this being a false positive, they may not have intended the code to be malicious but it is in fact a very serious vulnerability. First of all, the script tag is out of place, there should never be anything between the and tags, that is not proper HTML. That script tag should be inside the header (between the and tag) or in the body. Secondly, this script is dynamically generated using multiple unfiltered _GET and _REQUEST variables which is a major XSS vulnerability. This vulnerability could allow hackers to manipulate this JavaScript in any way they choose which would allow them to compromise the site and also the user’s PC accessing the site (this hack could be triggered when the end user visiting another compromised site). I will not white-list this file and would suggest to the developer to look into this threat and make the necessary changes to secure their code.

  • On February 20, 2017 at 7:49 am, Shane McKenna said:

    Hello Eli,

    I am very impressed with your Plug-In. I have been an Web Developer and CTO of our company for 19 years. We are now an exclusive WP developer and along with many other services as a technology company. I want to make a donation to support you and to access the extra features. However with over 100 websites under my care I can’t afford to donate for every single site I will be registering and using this for. How does it work site bu site or will it open the extra features for all my websites?

    Thank you,
    Shane McKenna – CTO

    • On February 20, 2017 at 8:11 am, Anti-Malware Admin said:

      If you register each site under the same account (using the same email address) then they will all be unlocked when you donate. You may also login to any other accounts you may have and transfer those registrations to the main account.

  • On January 31, 2017 at 5:06 pm, Kaye said:

    Hello, is there a way to reset the key after registering with an email? I realised that I had registered a site with the wrong email (I’ve donated with another email)

    Deleting and reinstalling the plugin didn’t work.

    Thank you!

  • On January 20, 2017 at 12:47 am, Rachid ElSabah said:

    Would you please indicate how to activate core scan and how much minimum donation should for such activation?

    • On January 20, 2017 at 8:19 am, Anti-Malware Admin said:

      A donation of $29+ will allow you to enable the Automatic Update feature which will install the Core Files Definitions.

  • On October 23, 2016 at 3:37 pm, Keami Terrill said:

    I can’t log in my website because my website is hacked…so how do I use this plugin to get i if I can’t even log in my hacked site?? Please help!!!

    • On October 24, 2016 at 1:18 pm, Anti-Malware Admin said:

      In your case you will need to ask your hosting provider to turn off Mod_Security so that you can once again login to your site. They should also review their own Mod_Security setting so that they do not lock you out of your own site in the future. If they are not cooperative or helpful then you should move your site to another hosting provider and demand that they give you a refund for services not provided ;-)

  • On September 28, 2016 at 1:29 pm, wing said:

    I use this plugin “Knight Lab TimelineJS” in some of my sites as I like to time line features. It basically links to a spreadsheet which resides in a shared google drive or like to collaborate with peers. It seems to be created by a reputable university. However, when scanning with your plugin, it reports every time the plugin contains known threat back door script and ask for removal. I have contacted the support of this plugin, they are curious why the malware tool would report them as a threat. Could you comment?

    • On September 28, 2016 at 3:26 pm, Anti-Malware Admin said:

      I downloaded that plugin just now and checked it myself and there are no Known Threats or Back-door Scripts, so I suspect that the copy you have installed on your site has become infected with the malicious code that my plugin detected sometime after you installed it. If you send the so suspicious code to the plugin author I believe that they will confirm that the code you send them is not part of the plugin that is distributed by them.

      My plugin should be able to remove this malicious code that has been added to this plugin while leaving the good code in place so that the plugin will still function properly, however, it wouldn’t hurt to delete the plugin and reinstall it from a clean copy of the source.

      The bigger problem for you is to determine how you got infected in the first place so that this does not happen to you again.

  • On August 8, 2016 at 2:18 pm, Terry said:

    Hi GOTMLS,

    I just donated/downloaded the plug-in, but when I tried to register to get updates you show my email but when I type my password you won’t accept it (and also the password that I’m typing in is not my password because I was never given one! So what is my password so that I can finish registration and get new definition-updates ?????

    • On August 8, 2016 at 2:27 pm, Anti-Malware Admin said:

      You site is already registered and the password was automatically sent to the email address you registered the site under. I see your donation on that account too, thanks!

      All you need to do now is go back to the Anti-Malware Settings page in your wp-admin, check the box that says “Automatically Update Definitions”, and click Save ;-)

  • On August 4, 2016 at 9:28 am, eileen smith said:

    Thank you so much for making this plugin available (I just donated). My blog was hacked a few days ago and I was notified by Dreamhost. I’m not a tech person at all but I figured your plugin was a good place to start. The scan seemed to get rid of the suspected threat files yet there are still 2 lines of text visible at the top of my blog and my dashboard. When I click on the links they fail to download and read “access denied.” Not sure what to do! Any advice would be much appreciated.

    • On August 4, 2016 at 9:51 pm, Anti-Malware Admin said:

      It looks like you have some permission errors with some of your theme files. Maybe you need to delete and reinstall your theme.

  • On May 5, 2016 at 12:16 am, Panduranga Reddy said:

    Taking this from WordPress support forum…

    My question:
    I getting “No response from server!” message for Brute-force Protection, thanks for the support.

    your answer:
    This error means that either your server cannot create a persistent session or your mod_rewrite in your .htaccess file is not working, so the patch will not work unless those are fixed. I am working on a workaround for a future release but it’s not ready yet.

    can you please elaborate to understand better… thank you.

    • On May 5, 2016 at 8:25 am, Anti-Malware Admin said:

      My patch and the built-in test that is returning the “No response from server” message relies on an active session that must be able to be created on your server and also rewrite rules in must work on your server to perform this test. If either of those are broken or not working right on your server then this Brute-force Patch will not work for you and there is nothing my plugin can do about that. This is something you would need to take up with your host to figure out why these things are not working and they would need to configure your server to restore this functionality if you are going to be able to enable this patch on that site.

  • On March 23, 2016 at 2:23 pm, juan sanchez said:

    Hi, first of all congratulations, your plugin has cleaned more than 1000 infected files in 10 wordpress installations on my server, and you saved me life. I have donated for sure.

    I have 2 joomla installations also infected, do you have anything for this CMS, or can you recommend me about this? Best regards and great job. Juan.

    • On March 23, 2016 at 7:09 pm, Anti-Malware Admin said:

      Thank you! I’m glad my plugin was so helpful to you with your WordPress sites.

      I don’t currently have a joomla version of this plugin but if you put the files from your joomloa site in a subdirectory within one of your WordPress sites then you can use the WordPress plugin to scan those files too ;-)

  • On March 17, 2016 at 7:16 am, Dawn DeBruyn said:

    Hi, I donated $29 but the donation doesn’t show when I log in, or on the plugin’s setting screen. Is there a waiting period?

    • On March 17, 2016 at 8:32 am, Anti-Malware Admin said:

      If you had donated from the form on the Anti-Malware Settings page in your wp-admin then it would have matched your donation to your registration key instantly. Since you did not, and you donated from an email address that was not the one you registered the site/key to, and the name on the PayPal account is different from your name, and you didn’t enter your domain name in the notes field when you made the donation, there was no way to match donation to your registration.

      I have just found your registration and assigned your donation to it, so it should show up for you now ;-)

  • On March 14, 2016 at 9:22 am, eliza said:


    A lot of my readers complain that they can’t leave a message on my blog because they are seen as SPAMMER. How can I resolve this? Other readers do manage to leave a message behind…

  • On February 10, 2016 at 3:29 am, M said:

    Hi, I have using this plugin to clean my infected files. I got files in the quarantine and it says, “The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.”

    Do I need to delete them? Are they safe to leave? What happens if I delete them?

    I also run several WordPress sites. If I donate, can I use them all or do I need to donate for each site?

    • On February 10, 2016 at 10:58 am, Anti-Malware Admin said:

      No, you don’t need to delete them.
      Yes, they are safe in the Quarantine.
      The Quarantine is just a record of the files that were fixed, the old code that was removed from the files is now encoded in your database as a backup. If you delete the Quarantine then you will not have any record of the original content of those files.

      If you register all your sites under the same email address then your donation will count for all of them ;-)

  • On January 24, 2016 at 5:28 pm, Alison Withers said:


    I’ve just made a second donation to make up the total price of unlocking the core wp scanner, how do I activate it? It still shows up with a red line for it and is disabled. Thanks.

  • On January 23, 2016 at 7:05 pm, Mark said:


    This looks like a nice program. I noticed that the description mentions
    Premium Features, but I do not see any pricing for them…

    Is there a Premium Version and if so what is the cost?

    Also, just to check, if we have a site that is having issues (hacked),
    running this plugin will remove and fix the issues? or will it just tell
    us what is wrong and we then need to make changes manually?

    Thank You!

    • On January 23, 2016 at 9:32 pm, Anti-Malware Admin said:

      My plugin can remove any Known Threats from infected files that it finds when you run a scan.

      Currently you can get access to the Core Files Definitions through the use of the Automatic Update feature if you donate at least $29 and you can use the Brute-Force Protection if your donation is at least $14.

  • On January 22, 2016 at 5:33 am, Dar said:

    Hi Eli,
    I was thrilled to discover your plugin! It cleaned my malware on the first crack and got me off the Google blacklist so many thanks to you for that!! Problem is that my site continually keeps getting reinfected and after I run a scan with your plugin, Google gives me a green light and a promise that I will be removed from their blacklist but hours later I’m right back on it! It’s the same damn script that keeps going back on….I’ve been through each and every page of script on my site and can’t find it to delete it so maybe it’s hidden in javascript? I’m at my wits end!

    • On January 22, 2016 at 9:49 am, Anti-Malware Admin said:

      If the same file(s) keeps getting re-infected on your site then you need to figure out how the hacker(s) are getting write-access to your filesystem. Check the Anti-Malware Quarantine page to get the Infected Time(s) of these files and then look through your access_log files to see what scripts/URLs are called at that exact time, that may indicate the vulnerability that is being repeatedly exploited on your site. If not than you site may be getting crossover contamination from another site on that shared hosting server, in which case it might be best if you move you hosting to a more secure server.

  • On December 9, 2015 at 8:15 am, Strawberry Girl Designs said:

    I have a site that I cannot get past the Brute Force re-direct. Is there a way to remotely reset that, or a file I can get to via ftp that I should update? I have tried multiple days as well as changing the password via the wordpress login page, but so far nothing is working.

    • On December 9, 2015 at 8:52 am, Anti-Malware Admin said:

      Maybe your browser is blocking the JavaScript on your login page or there is something else blocking you because the code on your login page is working fine in my browser. Can you send me a screenshot of the error you are getting?

      If you want to try disabling the login protection you can edit your wp-config.php file and just add // right after the first Reply

      • On December 9, 2015 at 12:52 pm, Strawberry Girl Designs said:

        Got in! There must have been a conflict with the alora theme. I was able to get in and change the theme remotely and was then able to sign in. Thanks for all your help working through it, I really do appreciate it!!

        • On December 9, 2015 at 1:59 pm, Anti-Malware Admin said:

          Thanks for posting your solution. Were you able to tell from the error_log files what the conflict was?

  • On November 24, 2015 at 7:56 am, Eugene McGrath said:

    Hi Eli,

    Do you not reply to your support tickets
    I sent you a support ticket 9 days ago :(
    No reply


    • On November 24, 2015 at 11:35 am, Anti-Malware Admin said:

      I do, actually. Sometimes I don’t get a notification so it takes me longer to notice a post but I just looked and I don’t see any posts from you on either the WordPress forum or on My Own Support Forum. Can you please send me a link to this post of your’s so that I can reply to it?

  • On November 23, 2015 at 8:54 am, sunny tewathia said:

    Hii Eli,

    Something i am facing something very unsual. My site is hacked, but not a single plugin inlcuding your is telling me that.

    Only way i found it is by, visiting my website manually from Opera and internet explorer.

    Chrome never shows it, but other browsers are showing. I see a pop-up every 3rd or 4th time when i am visiting my website from Google using some search query for my site, it redirect the webpage to somehere else.

    I am not seeing this problem on chrome.

    My site url :

    • On November 23, 2015 at 9:48 am, Anti-Malware Admin said:

      I do not see any malicious redirect on your site in any browser. Maybe it is your own PC that is infected and it is your browsers that are causing the redirect. Try another computer or see if anyone else can reproduce this redirect on your site.

  • On November 21, 2015 at 5:38 am, David Hild said:

    Hi Eli, fantastic plugin! Used it to fix a non-writable htaccess file issue that was driving me nuts. Your plugin found and cleaned up a half dozen backdoor threats and other garbage I had no idea were lurking.

    Everything was mean and clean until this morning when I thought to tighten everything up by changing my database password (then was going to do same with my user account). I changed my DB password on GoDaddy and also in wp-config. But my site was now down:

    “Fatal error: Call to undefined function phpdefine() in /home/content/37/7902137/html/wp-config.php on line 1″.

    (I believe I saw a reference to that file after a scan, but my site ran fine anyway)

    I have all options turned on within the plugin so maybe the login hack lockout was triggered? I’m pretty good at troubleshooting and have tried resetting my DB password back, messing with the top of wp-config, etc. Here is the top of wp-config:

    <?phpdefine('WP_CACHE', true); // Added by WP Rocket /**

    Of course I can't get into my WP admin panel either. Website is:

    Please advise! I have a feeling this is something pretty easy to take care of just editing .php files on FTP.



    • On November 21, 2015 at 8:59 am, Anti-Malware Admin said:

      It sounds like you removed some blank space between “php” and “define” at the top of your wp-config.php file, or maybe WP Rocket messed that up.

      You file should start with
      /*Then a blank line here, and then*/
      define(‘WP_CACHE’, true);

      • On November 21, 2015 at 9:15 am, David Hild said:

        All set. I stripped out everything at the top of wp-config. That got me to a WP screen that advised checking DB name and password. I changed my DB password again and in wp-config and got back into WP. THANK YOU again for this amazing plugin!

  • On November 13, 2015 at 3:30 am, Tom Davidson said:

    Hi. I keep getting an error message that the there is no Nonce token. I am a paid user if that makes any difference. What do I need to do to run a scan? Thanks!

    • On November 13, 2015 at 4:11 pm, Anti-Malware Admin said:

      My new release fixes this issue. Please download version 4.15.45 and let me know if you have any more problems.

  • On November 12, 2015 at 2:21 pm, AMU A said:

    Hello Eli,

    Thank you very much for your vey efficient help. All is ok now !!

    Best regards,


  • On November 11, 2015 at 10:28 am, Ari Waknine said:

    I have installed your plugin, registered and gave a donation, but I have not received an email from you yet with my password. I have 2 other websites that I would like to add your plugin as well as give a donation for each upload, but do I need to register with different emails with my other sites?

    But my main concern is why I haven’t received an email with my password. Does it usually take long to receive an email after registering?

    • On November 11, 2015 at 10:44 am, Anti-Malware Admin said:

      Your registrations email was sent out 45 minutes ago. Maybe it’s in your spam folder?

      At any rate you don’t need your password to register more site under the same account, just use the same email address when you register the other sites.

  • On November 10, 2015 at 10:10 am, Dayne said:

    I just tried to install GOTMLS on one of my WP sites, and when I go to “settings” on it, I get: “You do not have sufficient permissions to access this page.”

    It’s worked fine on my other WP sites. Any thoughts on this?

    It’s also not showing up in my left sidebar like it did on my other WP sites.

    Thanks! Great plugin!

  • On October 26, 2015 at 10:56 am, Robin said:

    What does this page mean this page when I try to log into my site. How do I access my site adminnow.


    You have been redirected here from which is protected against brute-force attacks by GOTMLS.NET

    • On October 26, 2015 at 8:40 pm, Anti-Malware Admin said:

      That Error Code refers to a JavaScript error on your login page. I just checked it and the JavaScript seemed to work fine for me. I did notice you were using a CAPTCHA plugin on the login page too, perhaps that was interfering. If you refresh the login page and there are no JavaScript errors then it should work for you.

  • On October 21, 2015 at 1:52 pm, Sam Gridley said:

    Hi, are you still considering adding a scheduled scan feature?


  • On October 7, 2015 at 2:45 pm, Allison Bowlus said:


    Love your app. Thanks so much for it.

    I am trying to update definitions on two DreamHost sites, and get this error on a white screen of death for both sites:


    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    I am able to update definitions on other sites that are hosted elsewhere just fine and don’t get this error, so it seems to be DreamHost specific. I tried to contact DreamHost and they told me to contact you.

    Thanks so much in advance!

    • On October 7, 2015 at 3:35 pm, Anti-Malware Admin said:

      I think Dreamhost must be blocking the JavaScript Update method. You should try the Automatic Update method, that works fine on any server even if the manual update method fails.

      Let me know if that works for you.

  • On September 13, 2015 at 1:45 pm, Hannah said:

    Hi Eli,
    Thank you so much for your plugin. I just downloaded new definitions on my own art blog and did a complete scan of my site. It does not appear to be picking up 5 500 server errors that Sucuri is reporting, but I’m not sure if what I’m looking at is malware or not. Here’s what Sucuri says:
    Internal Server Error 500-error?v1

    What do you advise?

    • On September 14, 2015 at 11:16 am, Anti-Malware Admin said:

      My plugin does not look for 500 errors, it scans the contents of the files on your server looking for malicious code.

      If it doesn’t find any known threats then this could be something new or it could be a server configuration error. You should check the error_log files on your server to see what is causing this error.

  • On September 13, 2015 at 8:23 am, Frank said:

    I installed your plugin the other day, but it’s blocking one plugin. WassUp Real Time Analytics. Any way to unblock it?

    • On September 14, 2015 at 11:27 am, Anti-Malware Admin said:

      I don’t understand how my plugin would be blocking your analytics. Are you sure it’s not another plugin you installed?

      How can you tell your analytics is being blocked? If you deactivate my plugin is it still blocked?

  • On July 31, 2015 at 7:20 am, Ross Barbieri said:

    Is there a way to completely uninstall the gotmls plugin. I believe I have corrupted settings, but deactivating and reactivating doesn’t help. I want to remove completely and do a clean install.

    • On July 31, 2015 at 7:47 am, Anti-Malware Admin said:

      If you want to just wipe out all the settings and definitions you can delete all the records in the wp_options table where the option_name field starts with GOTMLS_ but that should not be necessary. I don’t see how the setting would have gotten corrupt in the first place but they would be corrected automatically whenever you save anything or run a scan. It is more likely that there is something else interfering. What are the symptoms you are experiencing?

  • On July 7, 2015 at 2:31 am, Alicia said:

    I didn’t have any issues with the plugin earlier, but now I get the following error when trying to update the definitions manually. What could the problem be? Thanks in advance for the help.


    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    • On July 7, 2015 at 6:21 am, Anti-Malware Admin said:

      This error indicates that the definition updates have been block by a firewall of some kind. If you have installed a firewall please try whitelisting your own IP address or even temporarily disabling the firewall to do the update. You could also check your error_log to see if there is anything indicating the reason for the error or ask your hosting provider why it’s being block and if there is a way around it. Otherwise, you could just just the automatic update feature, that should work for you in the situation.

  • On July 6, 2015 at 12:47 am, Victor said:

    Hi, I get this error when I log to wp dashboard:
    “Warning: unlink(/home/whitepea/public_html/wp-content/uploads/quarantine/.htaccess): Permission denied in /home/whitepea/public_html/wp-content/plugins/gotmls/index.php on line 659

    Warning: unlink(/home/whitepea/public_html/wp-content/uploads/quarantine/index.php): Permission denied in /home/whitepea/public_html/wp-content/plugins/gotmls/index.php on line 659

    Warning: rmdir(/home/whitepea/public_html/wp-content/uploads/quarantine): Directory not empty in /home/whitepea/public_html/wp-content/plugins/gotmls/index.php on line 664

    Warning: Cannot modify header information – headers already sent by (output started at /home/whitepea/public_html/wp-content/plugins/gotmls/index.php:659) in /home/whitepea/public_html/wp-includes/option.php on line 748

    Warning: Cannot modify header information – headers already sent by (output started at /home/whitepea/public_html/wp-content/plugins/gotmls/index.php:659) in /home/whitepea/public_html/wp-includes/option.php on line 749″

    I can’t delete files from ftp, because owner is 99.

    WordPress: 4.1.5
    Plugin: 4.15.28

    also, when I try to make a simple folder scan, I get into a loop “… Loading, Please Wait …”.
    How can I fix it? Thanks.

    • On July 6, 2015 at 12:51 am, Victor said:

      Also, I find this in error file:
      “PHP Warning: chmod(): Operation not permitted in /home/whitepea/public_html/change.php on line 34″

      • On July 7, 2015 at 6:12 am, Anti-Malware Admin said:

        This chmod warning is caused by that change.php file which could be malicious. I would like to look at the contents of this file if you are willing the grant me access.

    • On July 7, 2015 at 6:09 am, Anti-Malware Admin said:

      These warnings stem from the need to delete the old quarantine folder that was created by an older version of my plugin. The newer version of my plugin no longer needs this folder and is trying to get rid of it. I’m not sure why the permissions would have been changed on those two files in that directory, they were created by my plugin so they should be able to be removed by it too. You should be able to delete those files within the FileManager provided by your hosting control panel if not via FTP.

      I’m not sure why the scan would get stuck in a loop as you describe, I can look into this if you are willing to send me your WP Admin login.

      • On July 8, 2015 at 12:26 am, Victor said:

        Thanks for you answer.
        I try to delete this files with php script, with ftp and with cpanel, but still can’t delete them. As I see, the owner of folder and files are nobody (99). I think the scan get stuck in a loop because of this error. How can I delete them?
        Also, that file, change.php, no more exist on server.

        • On July 8, 2015 at 8:08 am, Anti-Malware Admin said:

          You may need to have your host delete those files as root. You should also ask them how the permission would have gotten so messed up that you can’t delete them yourself.

  • On May 13, 2015 at 11:11 am, Carlos C said:

    Your plugin is great, but i cant help me get rid of this:

    …/wp-includes/nav-menu.php is infected with malicious code at line 465. Your plugin detected, clean, but the next day nav-menu.php is changed again. Any clues?

    (im a donator for you plugin in several sites)

    • On May 13, 2015 at 11:51 am, Anti-Malware Admin said:

      So my plugin is removing the malicious code from that nav-menu.php file but the hack keeps coming back, right?

      You need to look for the vulnerability that is allowing the hacker to reinfect this site. You should look in the raw access_log file for any suspicious entries that coincide with the timestamp on the infected file. Look in the Anti-Malware Quarantine for the original infected time of that file and cross reference that time in the acccess_log file to see how it might have been hacked.

      • On May 13, 2015 at 12:01 pm, Carlos C said:

        Where can i see the raw access_log file?

        • On May 13, 2015 at 1:56 pm, Anti-Malware Admin said:

          That depends on your hosting. If your host provides a control panel then you might find it there. Otherwise you would need to ask your hosting company.

  • On May 7, 2015 at 12:33 pm, george said:

    I have a question, please.
    If i install your plugin on a single wordpress website, can i protect with your plugin all wordpress websites hosted on the same dedicated server?
    Do i have to change some settings on a single installation of your plugin to protect all wordpress websites hosted on a dedicated server?
    Or your plugin can protect only a single wordpress website?
    Thank you.

    • On May 8, 2015 at 6:22 pm, Anti-Malware Admin said:

      It is possible for my plugin to scan and fix threats on multiple sub-site installed on the same server, but the protection features only work on the domain that you have installed the plugin on.

  • On May 2, 2015 at 6:38 am, Carlos C said:

    Hi, i make a 29 donation but my plugin doesnt update definitions, it tells me that the key is not registered…

    • On May 2, 2015 at 6:55 am, Carlos C said:

      I see i use an incorrect site URL, can this be the reason?

      • On May 2, 2015 at 7:53 am, Anti-Malware Admin said:

        I see your registration and your donation is correctly linked to it. Maybe you just need to click the button in the sidebar that says “Check for new Definitions” and then you can download the new definitions.

  • On April 30, 2015 at 8:50 am, Mike Sennikov said:

    This is great plugin but after few days of using it i noticed an issue
    How could it be fixed?

    Headers already sent in /var/www/u0053080/public_html/ on line 98.
    This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.
    Check the code in the above mentioned file to fix this problem.

    Cannot send session cache limiter – headers already sent (output started at /var/www/u0053080/public_html/ in /var/www/u0053080/public_html/ on line 496

    • On April 30, 2015 at 9:27 am, Anti-Malware Admin said:

      There is nothing on line 98 of that file that would generate output. I suspect that my plugin may have been altered on your site and this alteration is causing that error. If you can send me the copy of that index.php file in /plugins/gotmls/images/ then I can tell you what the problem is. If you delete my plugin and re-install a fresh copy then you will not get that error.

  • On April 28, 2015 at 12:34 am, Jaime said:


    I have activated your plugin and now I have a blank plugins page. I have try to rename the folder “gotmls” to “gotmls_old” but I still can´t access to the plugins page.

    Can you help me to fix it?


    • On April 28, 2015 at 7:06 am, Anti-Malware Admin said:

      If you renamed my plugin folder and that did not fix it then my plugin is not the source of your problem.

      You can check the error_log to see if there are any clues as to what is causing the white screen.

      Please let give me more info if you need more help.

  • On April 19, 2015 at 6:11 am, Edward Alexander said:

    I installed your plugin. Now I cant log in with my own password. I get this error:

    You have been redirected here from a site that is protected against brute-force attacks by GOTMLS.NET

    Whats going on and how do I fix this??

    • On April 19, 2015 at 6:22 am, Edward Alexander said:

      Never mind – suddenly I am able to log in when I tried again after a few minutes. Is login blocked for a specific time if entering the wrong password? Could that be the reason for the message above, if I first entered wrong password by misspelling it or so? The strange thing is that the message above came on first attempt at logging in – next time now that I managed it, I first wrote wrong password and got a normal wordpress message saying the password was wrong and asked me to try again, and I entered in with my correct password…

      • On April 20, 2015 at 3:07 pm, Anti-Malware Admin said:

        My protection loads before the WordPress bootstrap so it has nothing to do with getting the password wrong. Too many attempts or a session timeout will trigger the redirect though. In your first post you left out the error number that would have told me what problem was with your first failed attempt, but I would guess it was a session timeout.

        • On April 23, 2015 at 2:01 pm, Jade said:

          I have the same issue now, I went to log in to a client’s website today and I’m getting this same error, the number is 2709137.

          What causes this problem?

          I’m going to delete the plugin for now so I can log in.


          • On April 23, 2015 at 2:15 pm, Anti-Malware Admin said:

            In your case this error number refers to a session timeout. Did you try just going back to the wp-login page and attempting to login again?

            I see that you also have Wordfence login security. I don’t think that would cause any conflict but maybe you could try just using one or the other and not both, just to see if that makes a difference.

            If you ever get the NO_SESSION error in the future just try refreshing the wp-login page before you try to login again and it should work fine.

  • On March 28, 2015 at 7:28 am, Suzanne Black said:

    When I click “Install Patch”, it doesn’t do anything. Why? Thank you

    • On March 30, 2015 at 9:26 am, Anti-Malware Admin said:

      Thanks for sending me your login so that I could look into this, it gave me the opportunity to see a rare error caused by the unusual permissions on your wp-config.php file. I was able to find a workaround and I patched my plugin on your site so that it would be able to access that file to make the necessary additions. I will be incorporating this change into my next plugin update.

      Thanks again for allowing me into your site to have a first-hand look at this issue.

  • On March 26, 2015 at 3:18 am, Gabe said:

    Hi there,
    Your plugin is awesome!! I always recommend to my clients, and they love it.
    I never had any problem with it.
    But one of my clients website seems to bad :( This msg i got after scan:

    fixing /home/neriumchina/public_html/wp-content/themes/swell/layouts/option.php …
    Warning: fileperms(): stat failed for /home/sanyi77ua/public_html/wp-content/uploads in /home/neriumchina/public_html/wp-content/plugins/gotmls/images/index.php on line 410

    Also 1 read and write error. It can not repair any infected files :(

    Please give me an advise where to start.


    • On March 27, 2015 at 11:23 am, Anti-Malware Admin said:

      I just released an update that fixes that PHP Warning you got and also gives more descriptive reason for why it might have failed to fix that file.

      Please download the plugin update version 4.14.65 and let me know what results you get after that. If I had to guess, I would say that your uploads directory inside wp-content is not writable and a quarantine folder could not be created. You must have a valid/writable quarantine folder before my plugin will fix any infections. Check the permissions on the upload directory and let me know if I can be of any further assistance.

  • On January 31, 2015 at 6:26 am, Laura Brijde said:

    Help! I’m panicking!

    I activated the 2-authentic identification tool out of precaution for my website. Now when I clicked on ‘save’ button it logged me out of WordPress. I tried to log in again with my correct password and received the message ‘Login is protected by 2-factor authentication. If your login details were correct, you will have received an email to complete the login process.’ Now the thing is, I’m not receiving ANY email! This means I’m not able to log in to my account!

    Please help me, this is very urgent! The only e-mail I’m receiving is from Sucuri ‘Failed login attempt’, which is obviously me.

    • On January 31, 2015 at 7:22 am, Anti-Malware Admin said:

      This is GOTMLS.NET not … my Anti-Malware plugin does not have a “2-factor authentication” feature to lock you out of your own site.

      It sounds to me like you need to contact Sucuri directly.

  • On January 29, 2015 at 1:48 pm, Tina Granzo said:

    Two of my clients can’t log-in to their WordPress dashboard anymore. They are on an in-house network, so they both appear to the web to have the same IP address. I am 3000 miles away from them and can log-in as both of them with no problem. I tried whitelisting their IP address in our firewall plug-in, but that didn’t help. The message they see when they try to log-in is:


    You have been redirected here from [domain name] which is protected against brute-force attacks by GOTMLS.NET

    Can you tell me what I need to do so that they don’t register as potential brute force attackers?

    • On January 30, 2015 at 3:26 pm, Anti-Malware Admin said:

      That error code you sent me (857255) corresponds to a combination of all four of the following errors:
      These error are exactly the kind of errors you would get if a hacker was brute-forcing the login and spoofing the server variables. It makes sense that they might get a lot of the same kind of errors if they were trying to connect internally so this type of protection my not be the right solution for this type of situation. Since you can login from your location you should go into the admin and Disable the Brute-Force Protection on the Anti-Malware Settings page so they can login.

      Please let me know if there is anything else I can do to help.


Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>