Wordfence -suspected malware alert

I installed PopUp Pro yesterday with Global network activation.

I just received the following wordfence malware alert:

"This email was sent from your website "prairiegardenoils" by the Wordfence plugin.

Wordfence found the following new issues on "prairiegardenoils".

Alert generated at Friday 24th of October 2014 at 01:24:59 AM Critical Problems:

* File contains suspected malware URL: /home/usingess/public_html/wp-content/plugins/popover/inc/rules/class-popup-rule-referrer.php

I've provided support access.

  • Tyler Postle

    Hey antKat,

    Hope you're doing well today and thanks for your question.

    First, I just want to note that this doesn't mean your site has malware by any means. All this is saying that a url inside of that file is suspected of containing malware, so a different site that the file links too may have malware, not yours and your visitors have no way of seeing any links within that file either, so your visitors and your site are still completely safe as far as this warning goes.

    With that said, I still want to investigate this further and see which link it is; however, it looks like the support access is currently invalid. Do you mind revoking then regranting the access? It should tell you which link the issue is with, do you have that? If so, then you can just paste that informaiton here :slight_smile:

    Look forward to hearing back!

    All the best,
    Tyler

  • tripvendor

    I've been getting wordfence sites I recently added Ad Widget to, and one of the alerts included popup pro warning too

    ... wp-content/plugins/ad-widget/adwidget-lite.php
    .../plugins/popover/inc/rules/class-popup-rule-referrer.php

    but also some sites getting other plugins flagged. something whacky with Wordfence... but also wonder what it thinks it is seeing

    there are websites referenced in the php, but not URL

    maybe soso.com which is chinese language

  • tripvendor

    Wordfence just sent out an email about Google flagging Delicious and Bitly as malicious... (huh?)

    "...Over the weekend Google has flagged two very popular sites as malicious. Delicious and most recently Bitly. I'm not using the dotted notation in this email on purpose because it will likely end up in your spam filter if I do.

    What to do:

    Wordfence integrates with the Google Safe Browsing list and will alert you to posts, comments and files on your site that contain links to either of these sites. Bitly has now been removed from the malware list, but Delicious is still listed and if you do a site: search in Google (screenshot on our blog) you'll see that Google is being quite aggressive about flagging the site.

    My suggestion is that you do a full Wordfence scan on your site. It may not be feasible to remove all links to Delicious. But if you have any pages that are critical to your SEO strategy and rely on a high search engine ranking, remove any links to Delicious that are on those pages. This will ensure that if Delicious remains listed as malicious then your search ranking won't be harmed. ..." Mark Maunder
    Wordfence Founder & CEO

  • Philipp Stracker

    Hi tripvendor,

    I have just investigated and replied to another thread that mentioned the same issue here: https://premium.wpmudev.org/forums/topic/false-positive-with-wordfence

    The short story: Our plugin contained the text "del.icio.us/search", which was identified by WordFence/Google as malicious. However, this text is not a link and also is never accessed by our plugin.
    We are not pursuing this issue, as by now Google has removed Delicious from the malware list again.

    Thanks for your feedback and for posting the background Infos! Philipp :slight_smile: