Here are the recommended channels for receiving support:

  • First Read the FAQs - These Frequently Asked Question may have answers that address your issue.
  • Forum Topics - There may already be a topic that relates to your problem, if not, you can create one.
  • WordPress Forum - If you prefer to use the forum on to get support.

451 Comments on "Support"

  • On December 2, 2020 at 7:50 am, burak cingiz said:

    i have donate 30.38$ (with btc 0.0016 BTC) to activate the core definition but nothing happens after payment and the plugin is still locking the feature .


    • On December 2, 2020 at 7:55 am, burak cingiz said:

      fixed , thanks.

      • On December 2, 2020 at 1:26 pm, Anti-Malware Admin said:

        Thanks for your patience. I still have to manually approve the Bitcoin donations until I can get the system to confirm the donation amount automatically, but it’s all good now. Thanks for your donation ;-)

  • On December 2, 2020 at 7:10 am, RAM KESHWALA said:

    Great plugin! Has saved me countless hours. Carry on the great work sir

  • On December 1, 2020 at 11:10 am, Christian Zammit said:

    Hi. I cannot access wordpress as I am prompted with this message:
    define(‘WP_CACHE’, true); define( ‘WPCACHEHOME’, ‘/home4/maltese1/public_html/wp-content/plugins/wp-super-cache/’ ); if (!in_array($_SERVER["REMOTE_ADDR"], array(“″)) && file_exists(‘/home4/maltese1/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php’)) require_once(‘/home4/maltese1/public_html/wp-content/plugins/gotmls/safe-load/wp-login.php’); // Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?>

    Who can help me please?

    • On December 1, 2020 at 11:52 am, Anti-Malware Admin said:

      This error was caused by your WP Super Cache plugin. When you installed that plugin and enabled caching it re-wrote the first line of code your wp-config.php file (which also happens to contain code for my plugin’s brute-force protection) and they somehow broke the syntax by removing the

      The very first 5 characters in your wp-config.php file must be:

  • On November 5, 2020 at 6:18 pm, Osman Safdar said:

    Can your plugin work on non-wordpress sites? If yes, how?

    • On November 9, 2020 at 3:45 pm, Anti-Malware Admin said:

      I sorry but this plugin will currently only work when installed under an existing WordPress installation. One option I have seen some people take is to install WordPress into a sub-directory of your site so that you can install my plugin and scan all the files on your site. You could also install it into another WordPress site on the same server and then create a symlink in the root directory of the the WP site that links to the folder with the other site’s files so that you can use the wp-admin on the WP site to scan any other site on that server that you have access to.

  • On October 16, 2020 at 6:43 pm, Stephen Pierce said:

    Trying to leave a message but keeps giving me SPAM ALERT: You comment has been marked as SPAM and will not be posted!

    sites registered with h t t p stopped working when moved to h t t p s… when re-registering it does not connect to my account saying I have not donated, but have 4 donations.

    Not sure how to proceed. Thank you!

    • On October 17, 2020 at 2:54 pm, Anti-Malware Admin said:

      It looks like you registered the new secure URL that uses HTTPS under a new email address which created a new account for you on my website. All you need to to is to click on the registration key in your wp-admin to open the pre-filled registration form and then simply change the default email address to match the original address that you used before and your new key will then be on the same account with your donations ;-)

  • On October 11, 2020 at 6:18 am, Dave Stevens said:

    For some reason, I can not get the plugin to register. Every time I hit submit it goes back to show that I need to register.

    • On October 11, 2020 at 9:56 am, Anti-Malware Admin said:

      This key was successfully registered about an hour before you posted this support topic, and I see from your screenshot that you have the latest definition updates installed. So I suspect that this is just a caching issue on your end.

      Try clearing you cache and refreshing your wp-admin and it will probably update that message to show that your site is actually already registered.

      If not then you can also check the Console tab in your browser’s Inspector to see if there are any JavaScript errors on that page that might explain why the registration check is being blocked.

  • On May 16, 2020 at 9:07 pm, Zaoui Jacques said:

    Hello I ve an error because of the french
    document.getElementById(“Definition_Updates”).innerHTML = ‘Envoi de l’enregistrement…’;

    Envoi de l’enregistrement..
    Error on javascript …. how can I do ?


    • On May 17, 2020 at 7:12 pm, Anti-Malware Admin said:

      Thank you for reporting this error. I have just release a new plugin update that fixes the JavaScript syntax error caused by this new French translation. Please update the plugin to version 4.19.69 and confirm that it works for you.

  • On May 16, 2020 at 11:18 am, Tom Tuell said:

    I have been using your plugin for about four years. Today, I noticed on the settings page that my site was not registered. Then I read a post above about adding SSL to sites, so I unregistered my http:// site with the intent of reregistering the https:// site. However, I am unable to registered now. I even tried donating again, but that didn’t work either. Can you help me get things working again?

    • On May 16, 2020 at 11:34 am, Tom Tuell said:

      My bad. The key is registered under a different email address as my account. I deactivated, then reactivated, the plugin and it recognized the key under the correct email address. Thank you for a great plugin.

  • On April 19, 2020 at 9:59 am, Rob Matthews said:

    Hi there, I am installing SSL certificates on all my sites and since starting I am unable to register my domains and I get “Your Installation Key is not registered!”

    works fine on http just not on https, I am also getting log errors saying the plugin is using depreciated code in php 7.4

    • On April 19, 2020 at 11:56 am, Rob Matthews said:

      Deprecated: Unparenthesized `a ? b : c ? d : e` is deprecated. Use either `(a ? b : c) ? d : e` or `a ? b : (c ? d : e)` in C:\web\vhosts\website\wp-content\plugins\gotmls\index.php on line 13

      • On April 29, 2020 at 9:49 am, Anti-Malware Admin said:

        This PHP Warning should be fixed in my latest plugin release. Please update to version 4.19.68 and let me know if that doesn’t get rid of these Warnings.

    • On April 20, 2020 at 10:06 am, Anti-Malware Admin said:

      Your HTTPS URLs will be assigned a new key but you should be able to register those new keys to the same email address as your unsecured HTTP site so that they are registered to the same account. If you are really unable to re-register these new HTTPS URLs then please send me a screenshot so that I can see what might be causing this error. There could be a JavaScript error or a caching issue in your browser.

      I wouldn’t worry about the deprecation warnings, those are just notices that the unparenthesized code will not work in some future release of PHP but it still works in v7.4 ;-)

  • On February 5, 2020 at 1:09 am, Lee Packman said:


    I have Litespeed cache plugin installed, in your plugin under “scan” I see a notice.

    Another Plugin or Theme is using ‘LiteSpeed_Cache::send_headers_force’ to handle output buffers.
    This prevents actively outputing the buffer on-the-fly and could severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).

    Does this simply mean performance may or will be degraded during a scan “only” or performance will always be degarded all of the time and needs to be resolved?

    I think it means to disable compression just during a scan but want to be sure.

    Thank you :)

    • On February 5, 2020 at 3:56 pm, Anti-Malware Admin said:

      This warning is to alert you to the fact that a custom output buffer was detected on the Anti-Malware page in your wp-admin. Any tampering with the output buffer on the scan results page could dramatically affect the efficiency and overall results of the scan. I put this warning there so that you can be aware of the fact that my plugin cannot be responsible for the output results if another plugin is controlling the output buffer. That about covers the scope of my responsibility in this matter but I have more opinions to offer on the subject of caching plugins.

      Caching, when implemented correctly can increase the performance of the static content on your site. That said, there are many situations where caching will not help your site, like with any dynamic page which includes most pages in your wp-admin (which is why my plugin was giving you that warning). There is really no reason for any caching plugin to be capturing the output buffer on dynamic admin pages as you would never want to see these pages cached, you will alway want to see the live content from your admin pages as it is dynamically generated each time you visit the page. Specifically, every time you want to run the live scan you will want to be seeing the live results of that scan, that is where the caching could interfere with the performance and the end results of the scan process.

      As for the performance of this or any other caching plugin, I would strongly encourage you to take some metrics with and without the caching plugin to see for yourself if there is any real gains in page speed / load time. is a great free site to measure the performance of your site.

  • On January 7, 2020 at 6:06 pm, Brian Fuller said:

    GOTMLS seems to miss the files in /plugins (these same files were flagged in other locations):

    • On January 15, 2020 at 8:57 am, Anti-Malware Admin said:

      Actually it looks to me like those files were cleaned but just not deleted. My plugin will remove the malicious contents from the files but it does not delete the files in case that were to cause an error on your site ;-)

  • On January 3, 2020 at 12:32 am, Daniel Couto said:

    I am getting this error: No response from server!
    I registered and donated for the new site the plugin is installed on. Can you help? Thanks.

    • On January 3, 2020 at 8:29 am, Anti-Malware Admin said:

      Check the Console tab in your browser’s Inspector to see if there are any JavaScript errors on that page. If you can send me a screenshot of the page with the “No response” (and the open Console tab) then I can see if I can help you further. You might also want to check the error_log files to see if there are any fatal errors reported there.

  • On November 22, 2019 at 2:46 pm, Ravi Jayagopal said:


    I’m the developer and one of my users who’s using your plugin as well as mine, is getting this message on the scan screen:

    “Another Plugin or Theme is using ‘callback’ to handle output buffers.
    This prevents actively outputing the buffer on-the-fly and could severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).”

    What can be done to resolve this?


    • On November 26, 2019 at 10:24 am, Anti-Malware Admin said:

      This is just a notice to the Admin that there is a third-party output buffer handler. This is not necessarily a problem but it is something to be aware of if the scan is not working or is taking a long time. In this case the output buffer handler is called ‘callback’ which sound a little suspicious because it’s so generic and non-descriptive. If you can figure out which plugin is using this OB code then it might be helpful to you but if it is not causing any issues directly then if might also be fine to leave it alone.

  • On November 1, 2019 at 1:15 pm, Gabriel Diggs said:

    Hello I recently moved my wordpress directory and re-registered my site url. Unfortunately the changes do not reflect in my GOTMLS settings page in the wordpress dashboard and I get the red letter message: “Your Installation Key is not registered!” Can you help me update my registration?

    • On November 1, 2019 at 2:58 pm, Anti-Malware Admin said:

      Just register the new key for your new URL to the same email address that you use for your first registration and it will be on the same account ;)

  • On October 28, 2019 at 11:46 am, Mike Baker said:

    I had accidentally registered the same site twice, and need to get it registered under the correct licence number for the one I donated to. After I cleaned the site I migrated it to a new host. Once at the new host the license was inactive. When I tried to register it, it wouldn’t let me under the licence number I already donated to. How do I go about doing this so the active license is active on the domain i intended it for?

    • On October 29, 2019 at 3:27 pm, Anti-Malware Admin said:

      It doesn’t matter what your key is because your key changes when you change your URL (not when you change hosts). I your case your new URL uses HTTPS instead of HTTP and your new key was registered correctly to the same email address as your last key so they are both on the same account with your donation. If you are not seeing that in your wp-admin then you should email me a screenshot directly and I can help you determine what went wrong.

      • On October 29, 2019 at 6:30 pm, Mike Baker said:

        What is your email, i will send it to you.

        • On October 29, 2019 at 6:33 pm, Mike Baker said:

          I went back and looked, when I transferred the website I used a different email address because I forgot which one I used. Can we move it to this email?

          • On October 29, 2019 at 8:54 pm, Anti-Malware Admin said:

            As I said, both your URLs are registered to the same account already. I’m not sure where the confusion is but that screenshot will help me understand.

            You can email me directly by replying to the notice from this reply or by clicking on the Email Eli link on the scan settings page:
            eli AT gotmls DOT net

          • On October 30, 2019 at 4:44 am, Mike Baker said:

            Looks like it’s working now – you must have fixed it. Thank you :-)

      • On October 31, 2019 at 10:46 am, Jessie Frank said:

        How do I add more websites to my account?

        • On November 1, 2019 at 7:43 am, Anti-Malware Admin said:

          Just let a free key for each new site and register that key using the same email address so that you new sites are on the same account ;)

          • On November 21, 2019 at 9:10 am, Dijkstra said:

            Hello Ellie, i registreded but i don,t recive a password on my e-mail (no mail)adres at this website field . i have tryed 6 times !

            Greetings Dijkstra

          • On November 21, 2019 at 12:09 pm, Anti-Malware Admin said:

            You registered this new site to the same email address as your first site’s registration so you will not get another email. The password is still the same as it was when it was in the confirmation email from you first registration on the 16th.

          • On November 22, 2019 at 6:36 am, Dijkstra said:

            Hello, That,s just it. I did not get a confirmation email on my e-mail. i did not recive anything !! so still not solved. i donate and register , love your plugin.

          • On November 22, 2019 at 9:10 am, Anti-Malware Admin said:

            Maybe the email was sent to your spam folder. In any case you can always just reset your password using the standard “Forgot Password” link:

          • On November 24, 2019 at 5:29 am, Dijkstra said:

            Hello eli scheetz, thank you for your answer. i went straight away to the spam and found my password. so i has been solved. aloha …..

  • On October 13, 2019 at 9:57 am, Emma MACLEOD said:

    Hi, my scan keeps stopping after 7 seconds? No matter how long I leave it it doesn’t progress any further.

    • On October 13, 2019 at 10:19 am, Anti-Malware Admin said:

      Is it stopping in the same directory every time? Maybe there is a problem in that directory that causes the scan to crash, although it should still continue on to other directories after 60 seconds.

      Can you send me a screenshot so that I can see what the problem might be?

  • On September 12, 2019 at 8:59 am, Julie Davis said:

    Thanks so much for your plug-in and hard work!

    Is your plug-in compatible with PHP 7.3?


  • On August 12, 2019 at 12:13 pm, Kimberly Blaker said:

    I ran the scan for 17 hours. When it completed, I clicked on one of the issues to view the details. It got stuck, didn’t pull up, then locked up the page, so I had to refresh. Then the scan results were gone. Where do I find the results. I don’t want to scan for 17 hours again….only to have the same thing happen again.

    • On August 14, 2019 at 10:11 am, Anti-Malware Admin said:

      For starters, the scan should not be taking that long. It generally takes only 30 minutes to finish the Complete Scan on a typical WordPress site. It shouldn’t take over an hour unless you have a lot of other sites installed in the scan path or unless you have tons of file cache stored in some sub-directory of the site. It is also possible that there is something attaching itself to the ajax calls that causes the scan to run very slow or that there is a very low memory_limit on your php.ini file which will cause the scan to fail and have to restart in smaller segments thus taking a very long time. If none of this helps you or you need more guidance with determining which of these possible causes might apply to your situation then I would be happy to help you further. Please email me directly with screenshots or any specific questions you may have.

  • On July 30, 2019 at 2:28 am, Roxana said:

    Hi there!
    Is your plugin compatible with WordPress Multisite?

    • On July 30, 2019 at 2:35 pm, Anti-Malware Admin said:

      Yes, it is. Please feel free to try it out and let me know if you have any more questions.

  • On July 28, 2019 at 7:02 pm, Adrian Cheng said:

    Hello, thanks for your plugin, it really worked to clear the malware. However I am not sure about the resource consumption required. I have a server with 3 CPUs with averaging use of up to 1 CPU. Ever since I installed your plugin, it keeps on fluctuating up to 2 CPUs anytime. Is that normal to exhaust my resource? Because this server is an app server, so it is sensitive if overclocking CPU will result in my sites to be down. Please advise.

    • On July 28, 2019 at 10:07 pm, Anti-Malware Admin said:

      My plugin only consumes CPU when it is running a scan. The Complete Scan was designed to run as quickly and efficiently as possible. It can consume up to 100% of the available CPU in short intervals, alternating and staggering short scan processes in a linear queue so as to allow for other processes to take their turn, thus minimizing the disruption or delay of other requests for system resources while maximizing the full potential of the server’s resources to complete the scan quickly.

      I hope that helps you to understand the impact of the my plugin and the Complete Scan process. Please feel free to let me know if you have any more questions.

  • On June 18, 2019 at 1:18 am, guy kayser said:


    After scan and automatic fix sucuri is always finding Site is Blacklisted
    What can I do?

    • On June 19, 2019 at 2:05 pm, Anti-Malware Admin said:

      You should request a review with whatever organization has blacklisted your site and ask them to remove your site from that list now that your site is clean.

  • On June 6, 2019 at 6:20 pm, Silvano Ambrosini said:

    in one of my sites the plugin is installed but deactivated. Sometimes, when I try to enter the admin I get a redirection to…………
    The second time I try again I can regularly enter.
    Do I have to remove the folder of the plugin?

    • On June 6, 2019 at 7:04 pm, Anti-Malware Admin said:

      This is a session time-out that causes the Brute-Force Login Protection to redirect you if you have stayed on your login page for too long before finally attempting to login. You can activate my plugin again and then disable the Brute-Force Login Protection in the Firewall Option if you don’t want to use it any more. Otherwise, yes, you could delete the plugin to remove this login protection too.

  • On May 2, 2019 at 4:47 am, Madhavi said:

    I want to donate money in indian rupees, instead of dollars. Please suggest me how can i do this.
    Best regards

    • On May 4, 2019 at 1:45 pm, Anti-Malware Admin said:

      That is one great thing about PayPal, just use the donation form on the Anti-Malware Setting page in your wp-admin and PayPal will automatically convert the donation from your currency into USD ;-)

  • On April 15, 2019 at 12:39 am, Sarah Hatton said:

    I have ad popups appearing on my website as there is a dolohen injection. I have installed your anti-malware, registered and paid the donation. I ran the complete scan but it didn’t find anything at all. I also have Wordfence installed and paid for the premium and it didn’t find anything either.
    I have had problems since January when someone had added an admin account and removed Wordfence and installed a lot of malware. I tried everything to harden my website and database I could think of, changed all my passwords on both the website and database, upgraded to php 7.2, updated everything and removed anything I wasn’t using. Last night someone created an admin account with the same name as was used in January, jaconda, and installed more malware which I swiftly remove. I blocked the ip address back in January but last nights attack had a very similar ip address. I know there’s a vulnerability in the code somewhere but I can’t find it.
    Can you please help, even just to get rid of the popup adverts. Thanks

    • On April 15, 2019 at 11:05 am, Anti-Malware Admin said:

      Are you using the “Related Post” plugin By Lenin Zapata?

      I have just added a script like this to my definition update. Please make sure you have the latest definitions and and run the scan again. If it still does not find it then please send me a screenshot of the scan results so that I can look into this further.

  • On April 11, 2019 at 11:27 am, Andrew Marriott said:

    My site has a redirect virus, keeps coming back regardless of what backup I restore. Ran your plugin but it has not found anything any help you can provide will be much appreciated.

    • On April 11, 2019 at 7:24 pm, Anti-Malware Admin said:

      I can see the malicious JavaScript in the HEAD of your HTML and this script matches 3 of my malware definitions but I think that malware is not coming from any infected file on your server but rather this Script is likely hiding in an obscure plugin option in your wp_options table. Is it that you are using a plugin called “Related Post” By Lenin Zapata? If so then the script was probably injected into the field in the Custom CSS section at the bottom of the Style Tab in the Related Post Settings. It will likely redirect you When you go to that page so you might want to just remove this Related Post plugin anyway, as it seems to be vulnerable to some kind of exploit that would allow someone to inject any code that they would want to put there.

      If it turns out to be something else then please let me know and I will look for another solution.

      • On April 18, 2019 at 9:00 am, Andrew Marriott said:

        This appears to have solved the issue. Thnaks ever so much i will be upgrading to the pro version. Appreciate what you do A+ Wonderful Support!

  • On March 6, 2019 at 10:16 am, Ruben González said:

    Hi Eli, i just added the plugin to my wordpress and tried to run a scan but i get the following error: “Invalid or expired Nonce Token! GOTMLS_mt !set”…what does this means? do I have to donate first to get the plugin work?

    Thanks in advance for your help

    • On March 6, 2019 at 12:54 pm, Anti-Malware Admin said:

      This error means that the Nonce Token used to authorize your request to start the scan was not received. Maybe you just need to refresh the Scan Settings page to regenerate an authentic Nonce Token, and then try the scan again. Try the Complete Scan and also one of the Quick Scans to see if there is any difference. If the error persists then you either have a plugin or some other code on your site that filtering out the necessary $_REQUEST variables or else there is something wrong with your database and it is unable to store a Nonce Token.

  • On February 20, 2019 at 1:29 pm, Tamer Farkouh said:

    first of all thank you for your amazing Plugin
    i have an issue with the donation
    i have donate 29$ to activate the core definition but nothing happens after payment and the plugin is still locking the feature .

    I had an old account (tamerfarkouh) that i have transferred to this account (farkouh2000)

    what can i do? Please advise ASAP

    • On February 20, 2019 at 11:10 pm, Anti-Malware Admin said:

      Just enable the Automatic Updates and click the Save button and it will install the Core Files definitions for you.

  • On January 21, 2019 at 7:12 am, ankit said:

    Hello sir I am a scanning my website your tool is really good but as I am checking if not detected some viruses code like this my website is fully infected around thousands of files are infected by this code but they are different different codes but all are same like this sample code I submitted in this URL you can look that that is not detected by your tool.


    @include “\57ho\\155e4\57lo\\166eb\\165c1\57pu\\142li\\143_h\\164ml\57th\\145we\\142in\\141rw\\141y.\\143om\57bi\\147th\\141nk\\163/d\\141ve\\146or\\141n/\\154eg\\141l/\56ef\6751\60c4\56ic\\157″;


    • On January 21, 2019 at 7:15 am, ankit said:

      So I hope so you will update your definition of plugin I really needed this

      • On January 22, 2019 at 3:30 pm, Anti-Malware Admin said:

        This malware is already in my definitions and has been since September of last year. When I put this code into a file on my test server it found it right away and removed it just fine. If you are still having an issue detecting this threat on your server with my plugin then there must be something else going on. Can you send me a screenshot of your scan results and confirm that the files you know to contain this threat are in the scan path where the plugin is looking?

        • On January 24, 2019 at 12:02 am, ankit said:

          Let me explain with example all the files not having same code they have different different codes but all are look like that as I sent you above like for example

          Another file has
          Another file has

          So that is not detected meet each and every file has different different codes but all are look like same

          • On January 26, 2019 at 4:53 pm, Anti-Malware Admin said:

            I do actually understand and it does not matter what string of numbers and letters are in that comment tag, my plugin should detect this code as the all as the same threat. If it is not being detected then it is because of some other interference, or because the code you are looking at is not in the files that are even being scanned, or because of some other reason that I cannot foresee without more specific information about your exact circumstances. Can you PLEASE send me a screenshot of your scan results with the scan settings showing so that I can see if there is some other obvious reason that it is missing these infected files?

            Also, it would be helpful if you could send me one of these infected files as an attachment in a direct email so that I could verify that it can be detected by my plugin.

  • On January 9, 2019 at 6:15 am, Wayne said:

    When running the PHP Compatibility Checker plugin, it reports:
    Name: Anti-Malware Security and Brute-Force Firewall

    FILE: /…/wp-content/plugins/gotmls/safe-load/wp-settings.php
    35 | WARNING | INI directive ‘mbstring.func_overload’ is deprecated since PHP 7.2

    Are you aware of this?

    • On January 15, 2019 at 1:34 pm, Anti-Malware Admin said:

      Thanks for your concerned interest. Maybe that handy PHP Compatibility Checker plugin should check the core files too because the code you are referncing in my plugin is there as a failsafe fore some WP Core features and that code is an exact replica of the code you will fine in the current WP Core release, here:

      So, until the WP Core addresses this issue I will be leaving this code in my plugin. Rest assured though that this code is rarely ever needed and thus rarely ever used so it will not cause any issues to ignore this warning.

      … On closer inspection this was a bit of waste of both our times. That PHP Compatibility Checker is a poorly written plugin, IMHO. The scan is not even looking at how the code is being used, example:
      the code in question is an evaluative statement that uses ini_get( ‘mbstring.func_overload’ ) to see if the “mbstring.func_overload” directive is in use. This is not at all making use of the deprecated directive but rather it is checking the directive. Thus, my code (and by extension the WP Core), is not even using the deprecated directive at all.

      Also, I would check the reviews of any plugin before relying on it. It looks like almost as many people hate this plugin as those that love it:

  • On December 10, 2018 at 3:19 am, Aaron Wan said:

    I found the solution from your forum. Problem is solved now.

  • On December 3, 2018 at 5:39 am, Alan said:

    Hi there, tried sending you the wp-login.php file as a follow-up to our email, but wasn’t able to because apparently your MX server has an issue and all the emails bounced back (The response was:
    DNS Error: 8862415 DNS type ‘mx’ lookup of responded with code SERVFAIL)

    • On December 3, 2018 at 8:19 am, Anti-Malware Admin said:

      I found your email in my spam folder so I guess it eventually went through. I have just added this new threat to my definition updates. Please download the latest definition updates and then run the Complete Scan again, and please let me know if it finds and fixes this threat completely this time.

  • On December 2, 2018 at 4:55 am, Hoai Nguyen said:


    Your plugin scan and move all the files, but still find the same injections.

    Known javascript malware: malware.injection?35.5

    Malware entry: malware.injection
    Description: Malicious injections to web pages and resource files (.js, .css) made by hackers targeted at the site visitors. They typically include
    iframe injections
    external script injections
    inline script injections

    • On December 3, 2018 at 8:29 am, Anti-Malware Admin said:

      Actually sucuri says your site is clean now. After you ran the Complete Scan with my plugin and it found and fixed all the issues you just needed to click the “re-scan” link at the bottom of the sucuri results page to clear their scan cache. Otherwise sucuri will just show you the same cached results from the first scan every time you refresh that page ;-)

  • On November 15, 2018 at 9:39 pm, Aman said:

    My website already blocked/de-activated.
    However, based on your installation instruction. I have transfered the unzip Gotmls folder into /wp-content/plugins/ as instructed via ftp.

    Since, i cannot activate the plugin via my wordpress admin, can i do it via cPanel. I can only access cPanel at the moment.

    Hope to find a solution to my current predicament. Thankyou.

    • On November 17, 2018 at 12:53 pm, Anti-Malware Admin said:

      No, I’m sorry to say that you will need access to your wp-admin to activate the plugin and run the scans.

      Maybe you can move your site onto another server where you can then clean it up and where it can be protected from further infections.

  • On October 28, 2018 at 11:41 pm, Lee Packman said:

    I downloaded and donated for your plugin, unfortunately securi site scanner still finds issues after running your tool.
    Site issue
    Infected URL: …/wp-content/themes/Divi/js/html5.js
    I also noticed something listed as a cron php or something.
    Any help would be very much appreciated.
    Kind regards,

    • On October 29, 2018 at 9:56 am, Anti-Malware Admin said:

      If you look again at that Sucuri report you will see that it says that JS file is missing not infected. If you have the install files for the Divi theme then you can check to see if it is in there and then reinstall that missing file.

  • On October 26, 2018 at 7:39 am, Leslie said:

    Hi! I installed the plugin almost 3 days ago.It does not say how long it will take or show a progress bar. The only thing I see is “Complete Scan of html started 2 days ago and has not finish.” How long does this usually take? Should there be a progress bar? I am worried I am waiting for something that is not working properly. Thanks!

    • On October 27, 2018 at 12:53 pm, Anti-Malware Admin said:

      Yes, that is not how it works. This plugin engages in an active scan only when you are on the Scan Results page, if you leave that page in the middle of a scan then it will not finish. You must start a new scan and then you will see the progress bar within seconds and it will actively move through the scan fairly quickly (depending on the speed of your server and the size of the directory path that is being scanned). Stay on that page until the scan is finished and fix any Known Threats that are found immediately. Anything you fix on that page will be stored in the Quarantine for later review if needed.

  • On October 18, 2018 at 7:38 am, Paul Canales said:

    Three concerns:
    One: When I log in to a wordpress site, I have a user: wp.service.controller.blahblah. I deleted them of course. Guessing this is part of the login hack.

    Two: You mention a login patch. I didn’t see that anywhere. Is it autmatically installed when I run the Scan Now?

    Lastly, when running SCAN, I see the section that says skip these files. Is this correct, if so I noticed they skip a bunch file .exe’s etc. Heres what I show:


    • On October 18, 2018 at 4:13 pm, Anti-Malware Admin said:

      1. Yes, sounds like an SQL Injection attack on your wp_users table (could be a direct insert call to your DB server). Change your DB_PASSWORD and update your wp-config.php to match new password.

      2. The Brute-Force Login Patch is on the Firewall Options page under the Anti-Malware menu (it is optional, not automatic, and requires a donation).

      3. Yes, that is the correct default setting. Those files type cannot be executed on the server directly (exe files are Windows executables and are not executed remotely when accessed on webserver via HTTP or FTP or an other publicly accessible protocol).

  • On October 4, 2018 at 11:00 pm, inbal MESHULAM said:


    i did full scan and got this:
    ” Core File Changes”
    what can I do?


    • On October 5, 2018 at 7:45 am, Anti-Malware Admin said:

      If these are not files that you have knowingly modified for some specific reason then you should click the Automatic Fix button to revert those files to the WP Core version.

  • On September 2, 2018 at 9:05 am, Talha said:

    Please add the following shell detection to your database, it wasn’t being detected.

    [code not usable in this format]

    • On September 2, 2018 at 6:15 pm, Anti-Malware Admin said:

      I cannot use the code that you submitted in this comment because the format breaks the syntax. Please email me directly with the infected file attached: eli AT gotmls DOT net

  • On July 29, 2018 at 2:28 am, Johnny said:

    Hi, can you please delete my account from your website as there is no option available in the account settings.

    • On July 29, 2018 at 2:45 pm, Anti-Malware Admin said:

      You have 6 sites registered to your account so you need to transfer those registrations to another account first, or you can unregister those sites and then you will have the option to delete your account. You can do all this from the Members page.

  • On July 24, 2018 at 3:48 am, Erickah Furr said:

    Hi there,

    I installed your plugin and it was able to remove 94 threats on my website. Google is still marking my site as malicious content and it seems to be coming from these links:

    I’m not sure how to remove this content as I can’t seem to find it in any folders.

    Please help.

    • On July 24, 2018 at 10:08 am, Anti-Malware Admin said:

      It looks like this content was already removed by my plugin. All those links that you sent me only resolved to your 404 Page (Page not found), which is the appropriate response for your site to be giving when these links are requested. That means the malicious content that could no long be found was in fact removed ;-)

      Now your lingering issue is that Google caches their indexes and will be slow to update their cache to reflect that this issue is already resolved. You can encourage them to expedite this process by Requesting a Review in the Malware/Security section of your Google Webmaster Tools account. You can also upload a sitemap there to help Google index all the important URLs on your site more efficiently.

      You site is also blacklisted by McAfee so you will need to request a review from their SiteAdvisor as well:
      (enter your site in the top-right search box on that page to see your report)

  • On July 16, 2018 at 11:12 pm, Xiao Yun said:

    Hi there,
    We used the plugin to scan whole public_html, it seems like not scanning.
    It stops when it shows “Preparing …/public_html/wp-includes/widgets” with 0% 0 Folders Checked.
    There is an error when we inspect the site: Uncaught SyntaxError: Too many arguments in function call only.
    May we know what is happening?
    Thank you.

    • On July 17, 2018 at 12:34 pm, Anti-Malware Admin said:

      This sound like there is an error while the plugin is trying to index the files in that widgets directory. The thing is, there should only be about 19 files in that folder and there shouldn’t be any problems reading them. Can you confirm that it always stops in that same directory while preparing the scan?

      If so, can you verify what files are in that folder?

      • On July 18, 2018 at 12:39 am, Xiao Yun said:

        Hi, thank you for your reply. Ya, I tried today and it always stopped in that same directory while preparing the scan. I checked there is exactly 19 files in the widgets folder.

        • On July 18, 2018 at 9:31 am, Anti-Malware Admin said:

          Check the error_log file after each attempt to scan, if the error is recorded there then it should be consistent (and it should not be a syntax error, that would be something else).

          Also, you could try skipping that folder just to see if the scan will continue if it is omitted. Just add the word “widgets” (without the quotes) to the field under “Skip directories with the following names:” then run the Complete Scan again and see how far it gets.

  • On June 30, 2018 at 2:48 pm, Paul Wayne said:

    Hello – One of my previously registered sites reports an invalid token:
    “Nonce ErrorInvalid or expired Nonce Token!4cb07f6fee49ab50be9d875deab83a7f !found”
    I unregistered the site from my account page on GOTMLS. I then tried to re-register from the plugin, – same error message.
    Next I uninstalled and re-installed the plugin. – same error message
    The web site is
    The plugin key it is trying to register – 825b8f1cfa9176a638a7df9a0d3fd9ad

    • On July 1, 2018 at 1:45 pm, Anti-Malware Admin said:

      I see that your key is registered and the plugin is installed correctly. The token “4cb07f6fee49ab50be9d875deab83a7f” is old and was probably already deleted from your DB as it is expired. Maybe you were using a bookmark or a cached link from an older rendering of the Anti-Malware page in your wp-admin. Please try clearing your cache and reloading the admin page. Then go to the Anti-Malware Setting page in your wp-admin through the admin menu (not from your history or any saved links you might have). Then try running the scan and see if you still get that token error.

    • On July 8, 2018 at 7:32 am, Jed Weaver said:


      I just experienced the same NONCE TOKEN error

      I was able to fix error by deactivating the W3 TOTAL CACHE plugin I had installed on my site.

  • On May 14, 2018 at 9:56 pm, Sarah Mey said:

    Hi !

    thank you so much for this great plugin :)
    the answer may be evident but I wonder how to delete the malicious code found as Threats ? Your plugin found 30 threats but I dont know if I should delete them manually or if your plugin fix it automattically.

    thank you very much,

    • On May 16, 2018 at 5:43 pm, Anti-Malware Admin said:

      If my plugin finds Known Threats (in Red) then you should let it fix them automatically. If you manually delete files then you might break WordPress.

  • On March 14, 2018 at 8:14 am, CRISTOBAL PACHECO said:

    H there,

    I have a problem with my page. I have 7 reading issues but I do not know how to clean it up. Can you help me with that?

    • On March 20, 2018 at 7:51 am, Anti-Malware Admin said:

      Read write errors just mean that those files could not be scanned for some reason, not necessarily that they are malicious. If you wan to send me those files as email attachments then I will check them for you just to be sure that they are alright. You could also try increasing the memory_limit in the php.ini file on your server (ask your hosting provider if you are not sure where that is).

  • On March 12, 2018 at 3:31 am, Julio Cesar said:

    Hello, Eli, fine.
    I have a website and the same is connected to your plugin with email that I no longer use, how do I disconnect this email and enter the plugin with another email?

    Thanks for listening!


    • On March 12, 2018 at 8:07 pm, Anti-Malware Admin said:

      If you have the latest version of the plugin and your definitions are up-to-date then you should see a green checkbox by the registration information in the upper-right side of the Anti-Malware Settings page in your wp-admin. Click on the green checkbox and you will see the registration for, then you can set the email to what you want it to be and re-register to update the registered email address.

  • On February 15, 2018 at 4:45 am, Vicki said:

    I just installed and activated this plugin and it found 19 Known Threats – how do I know if I should fix them automatically, without it changing my site?

    • On February 15, 2018 at 11:20 am, Anti-Malware Admin said:

      You should almost certainly fix them to get rid of the malicious code in those files. With any success it WILL change your site (in a good way) by removing all the threats ;-)

      • On March 2, 2018 at 4:31 pm, Maria Dietrich said:

        Thank you very much for this tool. However, after the analysis there were 713 threats detected and fixed but the site is still being redirected to a malicious webpage. Any suggestions, so we don’t have to build the site from scratch as there was no backup done. Thank you!

        • On March 2, 2018 at 8:53 pm, Anti-Malware Admin said:

          Your site looks clean now. It was probably just cache. Let me know if you see any evidence of a continued infection and I’ll check it out.

  • On January 23, 2018 at 9:13 pm, Gayathri S said:


    I installed the plugin on one of my sites, and it reports a Known Threat for one of the php files of my plugin.

    It shows the threat in these lines of code for example:

    $( document ).ready(function() {
    console.log( “document loaded” );

    $( window ).on( “load”, function() {
    console.log( “window loaded” );

    How is having a script on the php file identified as a threat?

    Please give some insights on this.

    • On January 24, 2018 at 7:55 am, Anti-Malware Admin said:

      I see that you posted this same question on also, but with a different code snippet. Neither the code you posted here nor the code you posted on the WordPress forum have anything malicious in them. To answer your question directly: having a script in a PHP file is not a threat.

      It might have helped to have a little bit more information about the surrounding code or where these snippets of benign code were found but I think I can make a guess that could be a little more helpful. Is it possible that this JavaScript was not placed inside of the BODY or HEAD tags?

      Because it is common for hackers to inject JavaScript into the wrong places in your HTML, and it is improper to place a SCRIPT tag outside or even between the HEAD and BODY tags.

      Please feel free to post a reply with more details or you can contact me directly if you have any sensitive information that you don’t want posted publicly.

  • On January 19, 2018 at 12:22 pm, N W Ding said:

    Hi Eli,

    It was a great relief to have discovered your awesome plugin when an attack on my hosting account happened, and the only regret I have is not finding and using it earlier. I have just made my humble $29 donation, with definitely more on the way.

    I host multiple sites and unfortunately my VPS account was attacked by malware. Installed your plugin on a few websites and made some clean up over a few days. I was happy as I thought I could finally remove those infected files, even though each scan and clean-up session can last overnight when I do a few sites concurrently.

    While I was continuing with 2 other sites, I realized I couldn’t load nor login to my WordPress admin, with a Authentication and authorization required message from my host. Upon checking, I was shocked to hear from my web host that they have SUSPENDED my account and I will not be able to access all my WordPress admin and websites. However, I can still access my cPanel through. My host send me a long list of all infected files, and they included those that I have scanned and cleaned up with your plugin. They have also advised me to delete my entire public_html files as there’s too many files affected. I have since deleted majority of the files of less important sites but kept those I worry will not be restored with clean files after deleting. (My host said I can restore them after deleting but I am worried about that)

    I downloaded the .zip file of your plugin and uploaded to wp-content/plugin from cPanel for the few remaining sites. But without access to the WordPress dashboard, I am unable to register nor activate and use your plugin.

    Can you please kindly take a look and advise what I can do? If required, I can email you my cPanel access credentials to investigate further. (Please provide or email me)

    Pardon my long message here.
    Thank you for your great work and help.

    • On January 20, 2018 at 5:58 pm, Anti-Malware Admin said:

      I’m sorry that your hosting provider is making it hard for you by suspending your account, that is unfortunately a very common response from most hosts. You will need access to your wp-admin to update the registration and run the scan. You need to convince your hosting provider to allow you access to your own sites so that you can use my plugin to clean them.

  • On December 9, 2017 at 6:17 am, Brian said:


    I am getting this error at the top of the page when on your plugin page.

    Another Plugin or Theme is using ‘N2Wordpress::platformRenderEnd’ to handle output buffers.
    This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).

    Is this anything of concern?

    • On December 9, 2017 at 1:54 pm, Anti-Malware Admin said:

      I have not had any personal experience with “N2Wordpress::platformRenderEnd” but a quick search shows that it is probably related to the PHP Class “The_Neverending_Home_Page”, jetpack Code. You could try deactivating Jetpack to see if that message goes away and then at least you would know what plugin is invoking this output buffer handler.

  • On November 25, 2017 at 6:20 pm, Sam Bangert said:


    Just used your brilliant plugin, mostly fine but got a read/write error on:


    I’ve had a look at the file as maybe thought it was a file size issue but it’s only 1 byte. The permissions are 0644.

    Anything to worry about?



    • On November 26, 2017 at 7:45 am, Anti-Malware Admin said:

      1 byte? and the permissions look good, are you 100% sure that you are looking at the same file (in the same site_root) as the file with the R/W Error?

      If the file is really only 1 byte then it shouldn’t be anything to worry about, but you have piqued my curiosity, I would be interested in seeing this file and the binary value of the 1 byte that it contains. If possible could you email me that file as an attachment?


Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>