Apr 2012
19th
Here are the recommended channels for receiving support:
hi
i have donate 30.38$ (with btc 0.0016 BTC) to activate the core definition but nothing happens after payment and the plugin is still locking the feature .
thanks
fixed , thanks.
Thanks for your patience. I still have to manually approve the Bitcoin donations until I can get the system to confirm the donation amount automatically, but it’s all good now. Thanks for your donation 
Great plugin! Has saved me countless hours. Carry on the great work sir
Hi. I cannot access wordpress as I am prompted with this message:
define(‘WP_CACHE’, true); define( ‘WPCACHEHOME’, ‘/home4/maltese1/public_html/wp-content/plugins/wp-super-cache/’ ); if (!in_array($_SERVER["REMOTE_ADDR"], array(“78.133.47.114″)) && file_exists(‘/home4/maltese1/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php’)) require_once(‘/home4/maltese1/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php’); // Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?>
Who can help me please?
This error was caused by your WP Super Cache plugin. When you installed that plugin and enabled caching it re-wrote the first line of code your wp-config.php file (which also happens to contain code for my plugin’s brute-force protection) and they somehow broke the syntax by removing the
The very first 5 characters in your wp-config.php file must be:
Can your plugin work on non-wordpress sites? If yes, how?
I sorry but this plugin will currently only work when installed under an existing WordPress installation. One option I have seen some people take is to install WordPress into a sub-directory of your site so that you can install my plugin and scan all the files on your site. You could also install it into another WordPress site on the same server and then create a symlink in the root directory of the the WP site that links to the folder with the other site’s files so that you can use the wp-admin on the WP site to scan any other site on that server that you have access to.
Trying to leave a message but keeps giving me SPAM ALERT: You comment has been marked as SPAM and will not be posted!
sites registered with h t t p stopped working when moved to h t t p s… when re-registering it does not connect to my account saying I have not donated, but have 4 donations.
Not sure how to proceed. Thank you!
It looks like you registered the new secure URL that uses HTTPS under a new email address which created a new account for you on my website. All you need to to is to click on the registration key in your wp-admin to open the pre-filled registration form and then simply change the default email address to match the original address that you used before and your new key will then be on the same account with your donations
For some reason, I can not get the plugin to register. Every time I hit submit it goes back to show that I need to register.
This key was successfully registered about an hour before you posted this support topic, and I see from your screenshot that you have the latest definition updates installed. So I suspect that this is just a caching issue on your end.
Try clearing you cache and refreshing your wp-admin and it will probably update that message to show that your site is actually already registered.
If not then you can also check the Console tab in your browser’s Inspector to see if there are any JavaScript errors on that page that might explain why the registration check is being blocked.
Hello I ve an error because of the french
document.getElementById(“Definition_Updates”).innerHTML = ‘Envoi de l’enregistrement…’;
Envoi de l’enregistrement..
Error on javascript …. how can I do ?
Thanks
Thank you for reporting this error. I have just release a new plugin update that fixes the JavaScript syntax error caused by this new French translation. Please update the plugin to version 4.19.69 and confirm that it works for you.
Thanks a lot !!!!!
I have been using your plugin for about four years. Today, I noticed on the settings page that my site was not registered. Then I read a post above about adding SSL to sites, so I unregistered my http:// site with the intent of reregistering the https:// site. However, I am unable to registered now. I even tried donating again, but that didn’t work either. Can you help me get things working again?
My bad. The key is registered under a different email address as my account. I deactivated, then reactivated, the plugin and it recognized the key under the correct email address. Thank you for a great plugin.
Hi there, I am installing SSL certificates on all my sites and since starting I am unable to register my domains and I get “Your Installation Key is not registered!”
works fine on http just not on https, I am also getting log errors saying the plugin is using depreciated code in php 7.4
Deprecated: Unparenthesized `a ? b : c ? d : e` is deprecated. Use either `(a ? b : c) ? d : e` or `a ? b : (c ? d : e)` in C:\web\vhosts\website\wp-content\plugins\gotmls\index.php on line 13
This PHP Warning should be fixed in my latest plugin release. Please update to version 4.19.68 and let me know if that doesn’t get rid of these Warnings.
Your HTTPS URLs will be assigned a new key but you should be able to register those new keys to the same email address as your unsecured HTTP site so that they are registered to the same account. If you are really unable to re-register these new HTTPS URLs then please send me a screenshot so that I can see what might be causing this error. There could be a JavaScript error or a caching issue in your browser.
I wouldn’t worry about the deprecation warnings, those are just notices that the unparenthesized code will not work in some future release of PHP but it still works in v7.4
Hello,
I have Litespeed cache plugin installed, in your plugin under “scan” I see a notice.
Another Plugin or Theme is using ‘LiteSpeed_Cache::send_headers_force’ to handle output buffers.
This prevents actively outputing the buffer on-the-fly and could severely degrade the performance of this (and many other) Plugins.
Consider disabling caching and compression plugins (at least during the scanning process).
Does this simply mean performance may or will be degraded during a scan “only” or performance will always be degarded all of the time and needs to be resolved?
I think it means to disable compression just during a scan but want to be sure.
Thank you 
This warning is to alert you to the fact that a custom output buffer was detected on the Anti-Malware page in your wp-admin. Any tampering with the output buffer on the scan results page could dramatically affect the efficiency and overall results of the scan. I put this warning there so that you can be aware of the fact that my plugin cannot be responsible for the output results if another plugin is controlling the output buffer. That about covers the scope of my responsibility in this matter but I have more opinions to offer on the subject of caching plugins.
Caching, when implemented correctly can increase the performance of the static content on your site. That said, there are many situations where caching will not help your site, like with any dynamic page which includes most pages in your wp-admin (which is why my plugin was giving you that warning). There is really no reason for any caching plugin to be capturing the output buffer on dynamic admin pages as you would never want to see these pages cached, you will alway want to see the live content from your admin pages as it is dynamically generated each time you visit the page. Specifically, every time you want to run the live scan you will want to be seeing the live results of that scan, that is where the caching could interfere with the performance and the end results of the scan process.
As for the performance of this or any other caching plugin, I would strongly encourage you to take some metrics with and without the caching plugin to see for yourself if there is any real gains in page speed / load time. gtmetrix.com is a great free site to measure the performance of your site.
GOTMLS seems to miss the files in /plugins (these same files were flagged in other locations):
Actually it looks to me like those files were cleaned but just not deleted. My plugin will remove the malicious contents from the files but it does not delete the files in case that were to cause an error on your site
I am getting this error: No response from server!
I registered and donated for the new site the plugin is installed on. Can you help? Thanks.
Check the Console tab in your browser’s Inspector to see if there are any JavaScript errors on that page. If you can send me a screenshot of the page with the “No response” (and the open Console tab) then I can see if I can help you further. You might also want to check the error_log files to see if there are any fatal errors reported there.
Hi,
I’m the developer and one of my users who’s using your plugin as well as mine, is getting this message on the scan screen:
“Another Plugin or Theme is using ‘callback’ to handle output buffers.
This prevents actively outputing the buffer on-the-fly and could severely degrade the performance of this (and many other) Plugins.
Consider disabling caching and compression plugins (at least during the scanning process).”
What can be done to resolve this?
Thanks.
This is just a notice to the Admin that there is a third-party output buffer handler. This is not necessarily a problem but it is something to be aware of if the scan is not working or is taking a long time. In this case the output buffer handler is called ‘callback’ which sound a little suspicious because it’s so generic and non-descriptive. If you can figure out which plugin is using this OB code then it might be helpful to you but if it is not causing any issues directly then if might also be fine to leave it alone.
Hello I recently moved my wordpress directory and re-registered my site url. Unfortunately the changes do not reflect in my GOTMLS settings page in the wordpress dashboard and I get the red letter message: “Your Installation Key is not registered!” Can you help me update my registration?
Just register the new key for your new URL to the same email address that you use for your first registration and it will be on the same account
Hi, it doesn’t work for me either and I’m a paid member.
I would like to help you with this but I need more information. I see an account under your email address with one donation and over one hundred registered site. Which site are you having trouble registering?
Thanks for the fix. You’re the best.
I had accidentally registered the same site twice, and need to get it registered under the correct licence number for the one I donated to. After I cleaned the site I migrated it to a new host. Once at the new host the license was inactive. When I tried to register it, it wouldn’t let me under the licence number I already donated to. How do I go about doing this so the active license is active on the domain i intended it for?
It doesn’t matter what your key is because your key changes when you change your URL (not when you change hosts). I your case your new URL uses HTTPS instead of HTTP and your new key was registered correctly to the same email address as your last key so they are both on the same account with your donation. If you are not seeing that in your wp-admin then you should email me a screenshot directly and I can help you determine what went wrong.
What is your email, i will send it to you.
I went back and looked, when I transferred the website I used a different email address because I forgot which one I used. Can we move it to this email?
As I said, both your URLs are registered to the same account already. I’m not sure where the confusion is but that screenshot will help me understand.
You can email me directly by replying to the notice from this reply or by clicking on the Email Eli link on the scan settings page:
eli AT gotmls DOT net
Looks like it’s working now – you must have fixed it. Thank you
How do I add more websites to my account?
Just let a free key for each new site and register that key using the same email address so that you new sites are on the same account
Hello Ellie, i registreded but i don,t recive a password on my e-mail (no mail)adres at this website field . i have tryed 6 times !
Greetings Dijkstra
You registered this new site to the same email address as your first site’s registration so you will not get another email. The password is still the same as it was when it was in the confirmation email from you first registration on the 16th.
Hello, That,s just it. I did not get a confirmation email on my e-mail. i did not recive anything !! so still not solved. i donate and register , love your plugin.
Maybe the email was sent to your spam folder. In any case you can always just reset your password using the standard “Forgot Password” link:
https://gotmls.net/wp-login.php?action=lostpassword
Hello eli scheetz, thank you for your answer. i went straight away to the spam and found my password. so i has been solved. aloha …..
Hi, my scan keeps stopping after 7 seconds? No matter how long I leave it it doesn’t progress any further.
Is it stopping in the same directory every time? Maybe there is a problem in that directory that causes the scan to crash, although it should still continue on to other directories after 60 seconds.
Can you send me a screenshot so that I can see what the problem might be?
Hello!
Thanks so much for your plug-in and hard work!
Is your plug-in compatible with PHP 7.3?
Thanks!
Thank you, and yes, it does work in PHP 7.3
I ran the scan for 17 hours. When it completed, I clicked on one of the issues to view the details. It got stuck, didn’t pull up, then locked up the page, so I had to refresh. Then the scan results were gone. Where do I find the results. I don’t want to scan for 17 hours again….only to have the same thing happen again.
For starters, the scan should not be taking that long. It generally takes only 30 minutes to finish the Complete Scan on a typical WordPress site. It shouldn’t take over an hour unless you have a lot of other sites installed in the scan path or unless you have tons of file cache stored in some sub-directory of the site. It is also possible that there is something attaching itself to the ajax calls that causes the scan to run very slow or that there is a very low memory_limit on your php.ini file which will cause the scan to fail and have to restart in smaller segments thus taking a very long time. If none of this helps you or you need more guidance with determining which of these possible causes might apply to your situation then I would be happy to help you further. Please email me directly with screenshots or any specific questions you may have.
Hi there!
Is your plugin compatible with WordPress Multisite?
Yes, it is. Please feel free to try it out and let me know if you have any more questions.
Hello, thanks for your plugin, it really worked to clear the malware. However I am not sure about the resource consumption required. I have a server with 3 CPUs with averaging use of up to 1 CPU. Ever since I installed your plugin, it keeps on fluctuating up to 2 CPUs anytime. Is that normal to exhaust my resource? Because this server is an app server, so it is sensitive if overclocking CPU will result in my sites to be down. Please advise.
My plugin only consumes CPU when it is running a scan. The Complete Scan was designed to run as quickly and efficiently as possible. It can consume up to 100% of the available CPU in short intervals, alternating and staggering short scan processes in a linear queue so as to allow for other processes to take their turn, thus minimizing the disruption or delay of other requests for system resources while maximizing the full potential of the server’s resources to complete the scan quickly.
I hope that helps you to understand the impact of the my plugin and the Complete Scan process. Please feel free to let me know if you have any more questions.
Hi
After scan and automatic fix sucuri is always finding Site is Blacklisted
What can I do?
Thanks
Guy
You should request a review with whatever organization has blacklisted your site and ask them to remove your site from that list now that your site is clean.
Hi,
in one of my sites the plugin is installed but deactivated. Sometimes, when I try to enter the admin I get a redirection to
safe-load.gotmls.net/report.php…………
The second time I try again I can regularly enter.
Do I have to remove the folder of the plugin?
Thanks!
This is a session time-out that causes the Brute-Force Login Protection to redirect you if you have stayed on your login page for too long before finally attempting to login. You can activate my plugin again and then disable the Brute-Force Login Protection in the Firewall Option if you don’t want to use it any more. Otherwise, yes, you could delete the plugin to remove this login protection too.
Hello,
I want to donate money in indian rupees, instead of dollars. Please suggest me how can i do this.
Best regards
That is one great thing about PayPal, just use the donation form on the Anti-Malware Setting page in your wp-admin and PayPal will automatically convert the donation from your currency into USD
I have ad popups appearing on my website as there is a dolohen injection. I have installed your anti-malware, registered and paid the donation. I ran the complete scan but it didn’t find anything at all. I also have Wordfence installed and paid for the premium and it didn’t find anything either.
I have had problems since January when someone had added an admin account and removed Wordfence and installed a lot of malware. I tried everything to harden my website and database I could think of, changed all my passwords on both the website and database, upgraded to php 7.2, updated everything and removed anything I wasn’t using. Last night someone created an admin account with the same name as was used in January, jaconda, and installed more malware which I swiftly remove. I blocked the ip address back in January but last nights attack had a very similar ip address. I know there’s a vulnerability in the code somewhere but I can’t find it.
Can you please help, even just to get rid of the popup adverts. Thanks
Are you using the “Related Post” plugin By Lenin Zapata?
I have just added a script like this to my definition update. Please make sure you have the latest definitions and and run the scan again. If it still does not find it then please send me a screenshot of the scan results so that I can look into this further.
My site has a redirect virus, keeps coming back regardless of what backup I restore. Ran your plugin but it has not found anything any help you can provide will be much appreciated.
I can see the malicious JavaScript in the HEAD of your HTML and this script matches 3 of my malware definitions but I think that malware is not coming from any infected file on your server but rather this Script is likely hiding in an obscure plugin option in your wp_options table. Is it that you are using a plugin called “Related Post” By Lenin Zapata? If so then the script was probably injected into the field in the Custom CSS section at the bottom of the Style Tab in the Related Post Settings. It will likely redirect you When you go to that page so you might want to just remove this Related Post plugin anyway, as it seems to be vulnerable to some kind of exploit that would allow someone to inject any code that they would want to put there.
If it turns out to be something else then please let me know and I will look for another solution.
This appears to have solved the issue. Thnaks ever so much i will be upgrading to the pro version. Appreciate what you do A+ Wonderful Support!
Hi Eli, i just added the plugin to my wordpress and tried to run a scan but i get the following error: “Invalid or expired Nonce Token! GOTMLS_mt !set”…what does this means? do I have to donate first to get the plugin work?
Thanks in advance for your help
This error means that the Nonce Token used to authorize your request to start the scan was not received. Maybe you just need to refresh the Scan Settings page to regenerate an authentic Nonce Token, and then try the scan again. Try the Complete Scan and also one of the Quick Scans to see if there is any difference. If the error persists then you either have a plugin or some other code on your site that filtering out the necessary $_REQUEST variables or else there is something wrong with your database and it is unable to store a Nonce Token.
first of all thank you for your amazing Plugin
i have an issue with the donation
i have donate 29$ to activate the core definition but nothing happens after payment and the plugin is still locking the feature .
I had an old account (tamerfarkouh) that i have transferred to this account (farkouh2000)
what can i do? Please advise ASAP
Just enable the Automatic Updates and click the Save button and it will install the Core Files definitions for you.
Hello sir I am a scanning my website your tool is really good but as I am checking if not detected some viruses code like this my website is fully infected around thousands of files are infected by this code but they are different different codes but all are same like this sample code I submitted in this URL you can look that that is not detected by your tool.
/*b01fd*/
@include “\57ho\\155e4\57lo\\166eb\\165c1\57pu\\142li\\143_h\\164ml\57th\\145we\\142in\\141rw\\141y.\\143om\57bi\\147th\\141nk\\163/d\\141ve\\146or\\141n/\\154eg\\141l/\56ef\6751\60c4\56ic\\157″;
/*b01fd*/
So I hope so you will update your definition of plugin I really needed this
This malware is already in my definitions and has been since September of last year. When I put this code into a file on my test server it found it right away and removed it just fine. If you are still having an issue detecting this threat on your server with my plugin then there must be something else going on. Can you send me a screenshot of your scan results and confirm that the files you know to contain this threat are in the scan path where the plugin is looking?
Let me explain with example all the files not having same code they have different different codes but all are look like that as I sent you above like for example
/*b01fd*/
Another file has
/*451fd*/
Another file has
/*b047d*/
So that is not detected meet each and every file has different different codes but all are look like same
I do actually understand and it does not matter what string of numbers and letters are in that comment tag, my plugin should detect this code as the all as the same threat. If it is not being detected then it is because of some other interference, or because the code you are looking at is not in the files that are even being scanned, or because of some other reason that I cannot foresee without more specific information about your exact circumstances. Can you PLEASE send me a screenshot of your scan results with the scan settings showing so that I can see if there is some other obvious reason that it is missing these infected files?
Also, it would be helpful if you could send me one of these infected files as an attachment in a direct email so that I could verify that it can be detected by my plugin.
When running the PHP Compatibility Checker plugin, it reports:
Name: Anti-Malware Security and Brute-Force Firewall
FILE: /…/wp-content/plugins/gotmls/safe-load/wp-settings.php
———————————————————————————————
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
———————————————————————————————
35 | WARNING | INI directive ‘mbstring.func_overload’ is deprecated since PHP 7.2
———————————————————————————————
Are you aware of this?
Thanks for your concerned interest. Maybe that handy PHP Compatibility Checker plugin should check the core files too because the code you are referncing in my plugin is there as a failsafe fore some WP Core features and that code is an exact replica of the code you will fine in the current WP Core release, here:
https://core.trac.wordpress.org/browser/tags/5.0.3/src/wp-includes/functions.php#L5524
So, until the WP Core addresses this issue I will be leaving this code in my plugin. Rest assured though that this code is rarely ever needed and thus rarely ever used so it will not cause any issues to ignore this warning.
… On closer inspection this was a bit of waste of both our times. That PHP Compatibility Checker is a poorly written plugin, IMHO. The scan is not even looking at how the code is being used, example:
the code in question is an evaluative statement that uses ini_get( ‘mbstring.func_overload’ ) to see if the “mbstring.func_overload” directive is in use. This is not at all making use of the deprecated directive but rather it is checking the directive. Thus, my code (and by extension the WP Core), is not even using the deprecated directive at all.
Also, I would check the reviews of any plugin before relying on it. It looks like almost as many people hate this plugin as those that love it:
https://wordpress.org/support/plugin/php-compatibility-checker/reviews/?filter=1
I found the solution from your forum. Problem is solved now.
Great, thanks for letting me know. Please feel free to contact me again if you need more help.
Hi there, tried sending you the wp-login.php file as a follow-up to our email, but wasn’t able to because apparently your MX server has an issue and all the emails bounced back (The response was:
DNS Error: 8862415 DNS type ‘mx’ lookup of gotmls.net responded with code SERVFAIL)
I found your email in my spam folder so I guess it eventually went through. I have just added this new threat to my definition updates. Please download the latest definition updates and then run the Complete Scan again, and please let me know if it finds and fixes this threat completely this time.
Hi
Your plugin scan and move all the files, but sucuri.net still find the same injections.
Known javascript malware: malware.injection?35.5
Malware entry: malware.injection
Description: Malicious injections to web pages and resource files (.js, .css) made by hackers targeted at the site visitors. They typically include
iframe injections
external script injections
inline script injections
Actually sucuri says your site is clean now. After you ran the Complete Scan with my plugin and it found and fixed all the issues you just needed to click the “re-scan” link at the bottom of the sucuri results page to clear their scan cache. Otherwise sucuri will just show you the same cached results from the first scan every time you refresh that page
My website already blocked/de-activated.
However, based on your installation instruction. I have transfered the unzip Gotmls folder into /wp-content/plugins/ as instructed via ftp.
Since, i cannot activate the plugin via my wordpress admin, can i do it via cPanel. I can only access cPanel at the moment.
Hope to find a solution to my current predicament. Thankyou.
No, I’m sorry to say that you will need access to your wp-admin to activate the plugin and run the scans.
Maybe you can move your site onto another server where you can then clean it up and where it can be protected from further infections.
Hello,
I downloaded and donated for your plugin, unfortunately securi site scanner still finds issues after running your tool.
Site issue
Infected URL: …/wp-content/themes/Divi/js/html5.js
I also noticed something listed as a cron php or something.
Any help would be very much appreciated.
Kind regards,
Lee
If you look again at that Sucuri report you will see that it says that JS file is missing not infected. If you have the install files for the Divi theme then you can check to see if it is in there and then reinstall that missing file.
Hi! I installed the plugin almost 3 days ago.It does not say how long it will take or show a progress bar. The only thing I see is “Complete Scan of html started 2 days ago and has not finish.” How long does this usually take? Should there be a progress bar? I am worried I am waiting for something that is not working properly. Thanks!
Yes, that is not how it works. This plugin engages in an active scan only when you are on the Scan Results page, if you leave that page in the middle of a scan then it will not finish. You must start a new scan and then you will see the progress bar within seconds and it will actively move through the scan fairly quickly (depending on the speed of your server and the size of the directory path that is being scanned). Stay on that page until the scan is finished and fix any Known Threats that are found immediately. Anything you fix on that page will be stored in the Quarantine for later review if needed.
Three concerns:
One: When I log in to a wordpress site, I have a user: wp.service.controller.blahblah. I deleted them of course. Guessing this is part of the login hack.
Two: You mention a login patch. I didn’t see that anywhere. Is it autmatically installed when I run the Scan Now?
Lastly, when running SCAN, I see the section that says skip these files. Is this correct, if so I noticed they skip a bunch file .exe’s etc. Heres what I show:
png,jpg,jpeg,gif,bmp,tif,tiff,psd,svg,ico,doc,docx,ttf,fla,flv,mov,mp3,pdf,css,pot,po,mo,so,exe,zip,7z,gz,rar
1. Yes, sounds like an SQL Injection attack on your wp_users table (could be a direct insert call to your DB server). Change your DB_PASSWORD and update your wp-config.php to match new password.
2. The Brute-Force Login Patch is on the Firewall Options page under the Anti-Malware menu (it is optional, not automatic, and requires a donation).
3. Yes, that is the correct default setting. Those files type cannot be executed on the server directly (exe files are Windows executables and are not executed remotely when accessed on webserver via HTTP or FTP or an other publicly accessible protocol).
hi
i did full scan and got this:
” Core File Changes”
what can I do?
thanks
inbal
If these are not files that you have knowingly modified for some specific reason then you should click the Automatic Fix button to revert those files to the WP Core version.
Please add the following shell detection to your database, it wasn’t being detected.
[code not usable in this format]
I cannot use the code that you submitted in this comment because the format breaks the syntax. Please email me directly with the infected file attached: eli AT gotmls DOT net
Hi, can you please delete my account from your website as there is no option available in the account settings.
You have 6 sites registered to your account so you need to transfer those registrations to another account first, or you can unregister those sites and then you will have the option to delete your account. You can do all this from the Members page.
Hi there,
I installed your plugin and it was able to remove 94 threats on my website. Google is still marking my site as malicious content and it seems to be coming from these links:
[LINKS REMOVED]
I’m not sure how to remove this content as I can’t seem to find it in any folders.
Please help.
It looks like this content was already removed by my plugin. All those links that you sent me only resolved to your 404 Page (Page not found), which is the appropriate response for your site to be giving when these links are requested. That means the malicious content that could no long be found was in fact removed
Now your lingering issue is that Google caches their indexes and will be slow to update their cache to reflect that this issue is already resolved. You can encourage them to expedite this process by Requesting a Review in the Malware/Security section of your Google Webmaster Tools account. You can also upload a sitemap there to help Google index all the important URLs on your site more efficiently.
You site is also blacklisted by McAfee so you will need to request a review from their SiteAdvisor as well:
http://www.siteadvisor.com/sitereport.html
(enter your site in the top-right search box on that page to see your report)
Its worked! Thank you so much!
Hi there,
We used the plugin to scan whole public_html, it seems like not scanning.
It stops when it shows “Preparing …/public_html/wp-includes/widgets” with 0% 0 Folders Checked.
There is an error when we inspect the site: Uncaught SyntaxError: Too many arguments in function call only.
May we know what is happening?
Thank you.
This sound like there is an error while the plugin is trying to index the files in that widgets directory. The thing is, there should only be about 19 files in that folder and there shouldn’t be any problems reading them. Can you confirm that it always stops in that same directory while preparing the scan?
If so, can you verify what files are in that folder?
Hi, thank you for your reply. Ya, I tried today and it always stopped in that same directory while preparing the scan. I checked there is exactly 19 files in the widgets folder.
Check the error_log file after each attempt to scan, if the error is recorded there then it should be consistent (and it should not be a syntax error, that would be something else).
Also, you could try skipping that folder just to see if the scan will continue if it is omitted. Just add the word “widgets” (without the quotes) to the field under “Skip directories with the following names:” then run the Complete Scan again and see how far it gets.
Hello – One of my previously registered sites reports an invalid token:
“Nonce ErrorInvalid or expired Nonce Token!4cb07f6fee49ab50be9d875deab83a7f !found”
I unregistered the site from my account page on GOTMLS. I then tried to re-register from the plugin, – same error message.
Next I uninstalled and re-installed the plugin. – same error message
The web site is snowsaw.com
The plugin key it is trying to register – 825b8f1cfa9176a638a7df9a0d3fd9ad
I see that your key is registered and the plugin is installed correctly. The token “4cb07f6fee49ab50be9d875deab83a7f” is old and was probably already deleted from your DB as it is expired. Maybe you were using a bookmark or a cached link from an older rendering of the Anti-Malware page in your wp-admin. Please try clearing your cache and reloading the admin page. Then go to the Anti-Malware Setting page in your wp-admin through the admin menu (not from your history or any saved links you might have). Then try running the scan and see if you still get that token error.
Thank You Eli, problem solved.
Hi,
I just experienced the same NONCE TOKEN error
I was able to fix error by deactivating the W3 TOTAL CACHE plugin I had installed on my site.
Hi !
thank you so much for this great plugin
the answer may be evident but I wonder how to delete the malicious code found as Threats ? Your plugin found 30 threats but I dont know if I should delete them manually or if your plugin fix it automattically.
thank you very much,
If my plugin finds Known Threats (in Red) then you should let it fix them automatically. If you manually delete files then you might break WordPress.
H there,
I have a problem with my page. I have 7 reading issues but I do not know how to clean it up. Can you help me with that?
Read write errors just mean that those files could not be scanned for some reason, not necessarily that they are malicious. If you wan to send me those files as email attachments then I will check them for you just to be sure that they are alright. You could also try increasing the memory_limit in the php.ini file on your server (ask your hosting provider if you are not sure where that is).
Hello, Eli, fine.
I have a website and the same is connected to your plugin with email that I no longer use, how do I disconnect this email and enter the plugin with another email?
Thanks for listening!
July
If you have the latest version of the plugin and your definitions are up-to-date then you should see a green checkbox by the registration information in the upper-right side of the Anti-Malware Settings page in your wp-admin. Click on the green checkbox and you will see the registration for, then you can set the email to what you want it to be and re-register to update the registered email address.
Many thanks Eli!
I just installed and activated this plugin and it found 19 Known Threats – how do I know if I should fix them automatically, without it changing my site?
You should almost certainly fix them to get rid of the malicious code in those files. With any success it WILL change your site (in a good way) by removing all the threats
Thank you very much for this tool. However, after the analysis there were 713 threats detected and fixed but the site is still being redirected to a malicious webpage. Any suggestions, so we don’t have to build the site from scratch as there was no backup done. Thank you!
Your site looks clean now. It was probably just cache. Let me know if you see any evidence of a continued infection and I’ll check it out.
Hi,
I installed the plugin on one of my sites, and it reports a Known Threat for one of the php files of my plugin.
It shows the threat in these lines of code for example:
$( document ).ready(function() {
console.log( “document loaded” );
});
$( window ).on( “load”, function() {
console.log( “window loaded” );
});
How is having a script on the php file identified as a threat?
Please give some insights on this.
I see that you posted this same question on wordpress.org also, but with a different code snippet. Neither the code you posted here nor the code you posted on the WordPress forum have anything malicious in them. To answer your question directly: having a script in a PHP file is not a threat.
It might have helped to have a little bit more information about the surrounding code or where these snippets of benign code were found but I think I can make a guess that could be a little more helpful. Is it possible that this JavaScript was not placed inside of the BODY or HEAD tags?
Because it is common for hackers to inject JavaScript into the wrong places in your HTML, and it is improper to place a SCRIPT tag outside or even between the HEAD and BODY tags.
Please feel free to post a reply with more details or you can contact me directly if you have any sensitive information that you don’t want posted publicly.
Hi Eli,
It was a great relief to have discovered your awesome plugin when an attack on my hosting account happened, and the only regret I have is not finding and using it earlier. I have just made my humble $29 donation, with definitely more on the way.
I host multiple sites and unfortunately my VPS account was attacked by malware. Installed your plugin on a few websites and made some clean up over a few days. I was happy as I thought I could finally remove those infected files, even though each scan and clean-up session can last overnight when I do a few sites concurrently.
While I was continuing with 2 other sites, I realized I couldn’t load nor login to my WordPress admin, with a Authentication and authorization required message from my host. Upon checking, I was shocked to hear from my web host that they have SUSPENDED my account and I will not be able to access all my WordPress admin and websites. However, I can still access my cPanel through. My host send me a long list of all infected files, and they included those that I have scanned and cleaned up with your plugin. They have also advised me to delete my entire public_html files as there’s too many files affected. I have since deleted majority of the files of less important sites but kept those I worry will not be restored with clean files after deleting. (My host said I can restore them after deleting but I am worried about that)
I downloaded the .zip file of your plugin and uploaded to wp-content/plugin from cPanel for the few remaining sites. But without access to the WordPress dashboard, I am unable to register nor activate and use your plugin.
Can you please kindly take a look and advise what I can do? If required, I can email you my cPanel access credentials to investigate further. (Please provide or email me)
Pardon my long message here.
Thank you for your great work and help.
I’m sorry that your hosting provider is making it hard for you by suspending your account, that is unfortunately a very common response from most hosts. You will need access to your wp-admin to update the registration and run the scan. You need to convince your hosting provider to allow you access to your own sites so that you can use my plugin to clean them.
Hi,
I am getting this error at the top of the page when on your plugin page.
Another Plugin or Theme is using ‘N2Wordpress::platformRenderEnd’ to handle output buffers.
This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
Consider disabling caching and compression plugins (at least during the scanning process).
Is this anything of concern?
I have not had any personal experience with “N2Wordpress::platformRenderEnd” but a quick search shows that it is probably related to the PHP Class “The_Neverending_Home_Page”, jetpack Code. You could try deactivating Jetpack to see if that message goes away and then at least you would know what plugin is invoking this output buffer handler.
Hi,
Just used your brilliant plugin, mostly fine but got a read/write error on:
./public_html/wp-content/plugins/wordpress-popup/vendor/aweber/aweber/tests/data/empty.json
I’ve had a look at the file as maybe thought it was a file size issue but it’s only 1 byte. The permissions are 0644.
Anything to worry about?
Thanks
Sam
1 byte? and the permissions look good, are you 100% sure that you are looking at the same file (in the same site_root) as the file with the R/W Error?
If the file is really only 1 byte then it shouldn’t be anything to worry about, but you have piqued my curiosity, I would be interested in seeing this file and the binary value of the 1 byte that it contains. If possible could you email me that file as an attachment?
