Forum Replies Created
-
AuthorPosts
-
It may not show up under the account that you are logging into my site as because it was registered to a different email address so it is under a different account.
You can click on the green checkbox by the registration and update info in the upper-right of the Anti-Malware Settings page in your wp-admin and then re-register that site to the correct email address.
You should have the option to scan the root directory of the site which is up one level from the directory that WordPress in installed in. If you don’t see that option then please send me a screenshot so that I can help you further.
!. You are only finding Potential Threat (which are not fixed because they may not be malicious at all) because you have not downloaded the latest definition updates. Download the definition updates and the my plugin will find and fix any Known Threats.
2. If your site is blacklisted then you will need to manually request a review to get your site off the blacklist.
That icon is actually your Gravatar for the email address that you registered the on gotmls.net and because that email address does not match any WP User on your site it says “Unknown User”.
You are not the first person to be confused about this so I will be changing the way that is presented in the next release of my plugin.
Sorry for the confusion and please let me know if you have any other questions.
Ouch! Excuse me but I pride myself on the work I have put into this plugin, and you might see that it is working for thousands of other contented users. The fact that I offer this great work for free (or more accurately: for voluntary donations) does not mean that you should expect it to be junk.
Now, if you are having an issue with a repeated infection then perhaps you would like to ask for more help rather than just writing my plugin off as “straight up doesn’t work”. It sounds to me like it is working when you scan and clean the site, but then you are getting re-infected again and again. There could be other vulnerabilities on this site or other sites on the same server that are letting the hacks in after the cleaning. If you want to tell me which site your are having trouble with and maybe provide some details about the problem, or screenshots, or your wp-admin login (you can email me directly if you want), then I can provide more help.
Also, You should understand that there are many hosting providers that offer cheap shared hosting solutions that are fundamentally insecure and at some point it does not matter how many great security plugins you have (or how much you pay for them) because nothing can stop the spread of some malware on a typical shared hosting account once it’s made it onto the server. Sometimes the only solution is to move your hosting to a more secure host.
Anyway, if your interested in receiving any help on this please consider contacting me again with some details that I might be able to shed some light on for you.
This is a CSS issue caused by a change in the default dashicon sizes in the stylesheet that were updated in a recent release of WordPress. I will have my own CSS in place to override these default styles in my next plugin release.
This is normal, and you can click on the “Skipped Files” link to see the list of files that were skipped. You will notice that most of them are binary file types that do not execute PHP code and some others may be empty files. You can hover over each file on the list to see why it was skipped.
I hope this explanation helps, and please let me know if you have any more questions.
It sounds like this could be a direct database injection. You should try changing your DB_PASSWORD and update the wp-config.php file to match.
Also, check to mat sure that there are no rogue admin users.
There are no “falsely registered” keys, and you should not try and register a key that you have on one site to another site. Each site gets it’s own key and each key should be registered to the site that it was generated for (not any other sites).
However, you can register all your sites to the same email address so that they are all on the same account, as I see that you have two URLs registered to this account. If you have registered any keys to another email address then simply login to http://gotmls.net/members with the password that was sent to that email and then transfer that registration to your main email account.
I found that your registration was only partially deleted, so it was not gone but not fully there either, meaning that it could not be added back. I deleted the rest of the registration so that you could re-register. Please try to re-register your site again. If it still does not work this time then please email me a screenshot or your wp-admin login and I can look into it further.
That message is not coming from my plugin. There must be something else that is interfering. Can you send me a screenshot so I can see what it might be?
It looks like both of your registered sites are up-to-date. Did you get it working or is this issue you are having on a different site?
Clicking the “Download new definitions!” button is the manual way to update them and it simply POSTS a form with the update values encoded in that page of your wp-admin. How would your host be blocking that? Do you get an error message? Do they have a post size limit maybe?
If you use the “Automatic Update” method that is available as premium feature then the update will be downloaded directly from my server. I’m not sure how your server could block that either without disabling all remote_get methods in your PHP version.
Yeah, I just moved somebody else from TSOHOST to my own Super Secure Hosting and the database injections that they were getting every 5 minutes stopped immediately. When they contacted TSOHOST about this continual threat to their TSO BD the support person responded saying only that the vulnerability has already been patched and there in no more danger on their server but the clients old DB on the TSO server continues to be reinfected even though their site was no longer hosted there.
Is that script being injected directly into your database, because if it is then this might not be a vulnerability that can even be stopped by a plugin. If the server has a root vulnerability then there is really nothing you can do to your site or your account to secure it. Your not hosting on TSOHOST by any chance are you? They still seem to be having repeated database injections across many of their DB servers that have nothing to do the user’s security.
-
AuthorPosts
