I may review and edit my rating after hearing back from you – on my mobile only, in the footer, I had malware – it displayed “How to lose fat”, “Forextraders”, etc. After I uninstalled your app, it disappeared. I am so thankful that I tried it on my own website first, before taking it to clients. Mabe it is not coming from your plugin – but if it is, perhaps warn users that on the free installation you will be getting those in your footer, else it seems like a website had been hacked.
↧
Malware?
↧
Amazing Plugin – Present Use
I would personally like to say thank you to Word Fence for creating this amazing plugin.
My story: I have been doing WordPress websites for as long as I can remember. I have had my hosting account and domain registrar for over 10 years. Not once did I EVER have any issues with hackers, malicous content being put on my websites, people cracking my passwords, or anything else. Then suddenly at the start of this month, September, I got a notification email from my host that I was hacked.
I hired a guy to fix it for me and he did so. But, I only paid him to clean up the 3 files that my host mentioned. I honestly never imagined it could be worse than that.
I was wrong. I was hacked again a few days later by the same person that hacked me the first time. I hired the guy again, this time to do everything he needed to do in order to clean the entire website, rid it of any malware, scripts, viruses and put up a firewall for me. In all, he found over 1000 walmare, viruses, scripts, etc. I am not naive by any means. I know that we live in an unsafe world, but I never in a million years thought that IF it did happen to me, it would be THIS bad.
I did a ton of research on the best security plugins and I found Wordfence. My guy also recommended it to me before I even mentioned anything to him lol. I installed it, but to be honest, there is a learning curve. If you are going to use it and you are not sure how, hire someone to set everything up because it will be worth it.
I honestly feel like since I have this new guy that WORKS for a web security company AND I have wordfence, that I have a literal fence around my entire network. After its installed and set up, it still takes some time to get used to. But, in my personal situation, there is really not a whole lot the Admin needs to be taught. That is because a lot of the settings are set it and forget it or your web security guy can figure out things for you.
Anyway. I just wanted to say thanks. Thus far, its working VERY well and I am VERY happy. The only complaint I have is that I would like to get premium, but for 6 websites its expensive. So unfortunately I will just stick with the free version rather than the premium version for all 6 of my websites.
↧
↧
File contains suspected malware wp-includes/wp-vcd.php
My question is this php file where build in wordpress wp-includes files?
I did not found any of it when I did download the wordpress and tried to rewrite the code on file by using CPanel, but could not find any of it on wordpress files downloaded from wordpress.org,
Please let me know if I can delete it.
[malware code removed]
↧
malicious code inject
I have the latest WP version and just had a malicious code injection.
I wonder, how can that happen, and what can be done for future protection?
On 2 domains some directories had been tempered with and had a brand new change date.
They were on one domain:
wp-content/themes/twentysixteen
wp-content/themes/twentysixteen/template-parts
The twentysixteen theme was installed, but another theme was active. It was updated to the latest version though (WP updates themes no matter they are active or not)
The other domain:
wp-includes/rest-api
wp-content/plugins/wp-members/admin
wp-members is popular plugin that gets often updated?
So how to prevent such malicious code injections? Or if they happen, how to notice them?
↧
Sucuri Detects SEO Spam but Wordfence Detects Nothing
Hello,
I scanned my site with Succuri SiteCheck and it detected a malware called SEO Spam. I already had Wordfence on the site before that so I used it to scan the site but WordFence reported that the site is clean.
Here is what succuri detected: `Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?spam-seo.hidden_content.62
<body class=”home page-template-default page page-id-102 lightbox nav-dropdown-has-arrow elementor-default elementor-page elementor-page-102″><div style=”position:absolute;top:0;left:-9999px;”>`
Is there any help you can offer me with that?
Thanks in advance.
↧
↧
Please Help: Site Infected With SEO Spam
Hello, Sucuri detected SEO Spam on my site but when I scanned the site with your plugin, it didn’t detect any threat.
Here is the report Sucuri is giving: `Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?spam-seo.hidden_content.62
<body class=”home page-template-default page page-id-102 lightbox nav-dropdown-has-arrow elementor-default elementor-page elementor-page-102″><div style=”position:absolute;top:0;left:-9999px;”>`
Please help.
Thanks.
↧
This is a malware plugin, breaks WP.org plugin guidelines
Potential users need to be aware that this plugin’s current implementation of JavaScript-based crypto-mining is considered malware by most users, web hosts, cloud security services, and anti-virus apps.
It is also breaking the WordPress plugin developer guidelines (no 7) by loading a script from a third party domain: All scripts have to be loaded from the website itself:
Images and scripts should be loaded locally as part of the plugin whenever possible. If external data (such as blocklists) is required, their inclusion must be made clear to the user.
This is enqueuing a JavaScript file directly from coin-hive .com, which allows them to run code from their site on yours. This is also a security risk, as it allows a number of security exploits. The script enqueued directly is: https://coin-hive.com/lib/coinhive.min.js
Right now we’re testing out a few of these crypto miner JavaScript plugins because of the rash of these types of scripts popping up on sites, and the risks they pose to site owners and visitors.
Most people do not want to have their browsers hijacked for mining cryptocurrency, especially without warning or option to opt-out. It can cause their CPU usage to spike drastically.
Cloudflare and many web hosts are kicking off users who run these types of scripts because they are considered malware when there is no transparency to the site visitor.
↧
Alert for iThemes Sync
Hi. Love the plugin and just used it to find some nasty malware… and promptly donated to your cause.
I have not delved in extensively, but I noticed I received alerts for ithemes-sync/api.php on the sites I’ve scanned. I checked the file against the latest version I downloaded and it’s the way the developer intended.
So is this just some code that has a legit purpose and being flagged? I thought I’d ask or at the least notify you since I use it on many sites and I know the plugin is popular and the developer is reputable.
One last thing… I had been manually deleting the files that are found because the first time I tried “fix automatically” the offending malware was not actually deleted. I think of 5 files, 4 were zero K and one was intact.
↧
Site hacked, creating new files every 1 mintues
Hi All,
I have been in a spot of bother. I have seen my wordpress site having unnecassry files added in root all the times. I removed them but after 1-2 mintues new files have been added and wp-blog-header.php file also been modified with some malware code at the top of the file linking those newly created files.
I changed permission of wp-blog-header.php to 444 but when a new file added, its permissions changed to 666 and code added again.
I also installed wordfence which give indication of modified files, i cleaned them and changed permissions to 444 but newly files are still creating. Don’t know what to do.
I also downloaded all files, scanned with antivirus and malwarebytes, they found some code, i removed them and re-uploaded to the server on same domain but files are still adding and wp-blog-header.php file modifying again.
I disabled Rest API, XML-RPC but still no luck. Can anyone suggest me what to do here? How can i resolve this please?
Thanks,
Zack
↧
↧
File change detected – previous changes
Hi there,
Is there a way to find out what previous changes were after the ‘File change detected’ emails have been sent out? I’ve found that there’s some malware on my website, and I’d like to be able to find what day certain files were changed so I can find out where the malware code was placed. Unfortunately, I’ve deleted all of my recent file change emails, so it’d be great if there was a backup or log somewhere which told me which files were changed on which day.
↧
This is a malware plugin
Potential users need to be aware that this plugin’s current implementation of JavaScript-based crypto-mining is considered malware by most users, web hosts, cloud security services, and anti-virus apps.
It is also breaking the WordPress plugin developer guidelines (no 7) by loading a script from a third party domain: All scripts have to be loaded from the website itself:
Images and scripts should be loaded locally as part of the plugin whenever possible. If external data (such as blocklists) is required, their inclusion must be made clear to the user.
This is enqueuing a JavaScript file directly from coin-hive .com, which allows them to run code from their site on yours. This is also a security risk, as it allows a number of security exploits. The script enqueued directly is: https://coin-hive.com/lib/coinhive.min.js
Right now we’re testing out a few of these crypto miner JavaScript plugins because of the rash of these types of scripts popping up on sites, and the risks they pose to site owners and visitors.
Most people do not want to have their browsers hijacked for mining cryptocurrency, especially without warning or option to opt-out. It can cause their CPU usage to spike drastically.
Cloudflare and many web hosts are kicking off users who run these types of scripts because they are considered malware when there is no transparency to the site visitor.
↧
This is another malware plugin – Browser Cryptojacking w/no notice to visitor
Being in cybersecurity, we’re currently investigating and testing out all WordPress plugins that implement browser-based cryptocurrency mining. At the time we posted this review, no WordPress plugins are currently doing it right or asking permission.
While not something that we recommend, if it’s done in an opt-in manner, where the site visitor is notified first, and no mining occurs without user permission, that is legitimate.
However that’s not what this plugin does. This plugin’s implementation is malware. It is a stealth miner, or cryptojacker, because it effectively hijacks the user’s browser for mining and will spike their CPU usage.
Potential users need to be aware that this plugin’s current implementation of JavaScript-based crypto-mining is considered malware by most users, web hosts, cloud security services (WAFs), and anti-virus apps.
There are a rash of these types of stealth miner scripts popping up on sites, and the risks they pose to site owners and visitors are not acceptable.
Most people do not want to have their browsers hijacked for mining cryptocurrency, especially without warning or option to opt-out.
Cloudflare, and many other cloud security WAFs and web hosts are kicking off users who run these types of scripts because they are considered malware when there is no transparency to the site visitor.
Google is even planning on adding code to Chrome to block mining scripts like this.
We recommend that all WordPress site owners avoid this type of script/plugin. Users can protect themselves by using browser anti-mining plugins, and strong antivirus. Most ad blockers don’t stop most in-browser cryptominers (yet)…many are working on adding this. Users need a specific browser add-on for cryptominers like “No Coin” and “minerBlock”, etc. Might want to use a couple as no single one blocks all of them.
↧
More Cryptojacking Malware – Avoid it
We’re currently investigating and testing out all WordPress plugins that implement browser-based cryptocurrency mining. At the time we are posting this review, no WordPress plugins are currently doing things in an ethical manner or asking user permission to hijack their browsers. That’s a problem.
We’ve tested this plugin out, and it works just like the others.
Even though we still don’t recommend this, if perhaps it were done in an opt-in manner, where the site visitor is notified first, and no mining occurs without user permission, that is at least a potentially legitimate way to implement a browser-based crypto-miner, because you’re asking first.
However that’s not what this plugin does. This plugin’s implementation is malware. It is a stealth miner, or cryptojacker, because it effectively hijacks the user’s browser for mining and will spike their CPU usage.
Potential users of this plugin need to be aware that its current implementation of JavaScript-based crypto-mining is considered malware by most users, web hosts, cloud security services (WAFs), and anti-virus apps. You’re not going to make enough to account for the damage it will cause to your site’s reputation. Your web host may even kick you off.
There are a rash of these types of stealth miner scripts popping up on sites, and the risks they pose to site owners and visitors are not acceptable.
The vast majority of people who visit a website do not want to have their browsers hijacked for mining cryptocurrency, especially without warning or option to opt-out. If they’re using an older computer, it can bring it to a crawl. A couple old ones that we tested it on even crashed the browser and computer completely.
Cloudflare, and many other cloud security WAFs and web hosts are kicking off site owners who run these types of scripts on their sites, because they are malware.
Google is working on adding code to Chrome to block mining scripts like this.
In our opinion, developers of these types of plugins need to stop now…take these plugins off the market and off the WordPress.org directory.
We recommend that all WordPress site owners avoid this type of script/plugin. Users can protect themselves by using browser anti-mining plugins, and strong antivirus. Most ad blockers don’t stop most in-browser cryptominers (yet)…many are working on adding this. Users need a specific browser add-on for cryptominers like “No Coin” and “minerBlock”, etc. You may want to use a couple as no single one blocks all of them.
↧
↧
Spyware/malware infected my Installation
Not every time, but *most times* when you hit this link for my WordPress blog:
http://www.brelsfordpersonnel.com/blog
You get one of those fake “Windows Defender says your site is unsafe”
Blah blah blah, it’s fake.
I’ve been running WP “4.8.2”, there isn’t a TON of traffic on our Blog, and I’ve had “Akismet” running on it. Now this is happening. Any ideas how I can fix this?
I’ve tried installing this plugin:
https://wordpress.org/plugins/antivirus/
But I’m not sure it’s actually helping anything with my installation right now.
Any ideas?
↧
maydayistanbul malware
Suspicious conditional redirect. Details: http://sucuri.net/malware/entry/MW:HTA:7
Redirects users to:http://maydayistanbul.com/
http://baytalebaa.com/post-sitemap.xml
this malware drive SEO robots away from your website and make it land on http://maydayistanbul.com/
giving you HELL of lots of 301 . 404 pages in google fetch and dropping your rank in google big time ,,,
please . is there a fix for it , or anything coming soon?
↧
File contains suspected malware wp-includes/wp-vcd.php
My question is this php file where build in wordpress wp-includes files?
I did not found any of it when I did download the wordpress and tried to rewrite the code on file by using CPanel, but could not find any of it on wordpress files downloaded from wordpress.org,
Please let me know if I can delete it.
[malware code removed]
↧
Plugin Keeps Deactivating after I have set it up
I think the plugin is great and I have deployed it on several sites. I have one site that keeps deactivating the plugin after a short time of working. Could this mean Malware in my site that keeps changing the settings of the plugin?
↧
↧
Malware
¡Cuidado!
No instales este plugin ya que descarga un archivo de malware (un miner de bitcoin).
↧
JSEcoin WordPress Plugin
This script makes it easy to install the JSEcoin code snippet on your wordpress site.
↧
Great plugin – easy integration
Setup installed the plugin linked it to my jsecoin account and checked back a couple days later to find a couple coins in my account. This is a great option to get rid of adds to help fund my site.
↧