Skip Navigation

Suspected Malware (urgent)

This support ticket is created hace 8 años, 9 meses. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

This topic contains 4 respuestas, has 4 mensajes.

Last updated by Craig hace 8 años, 9 meses.

Assigned support staff: Caridad.


Hi there,

I am a bit concerned that these two files have been highted as being suspected malware by WordFence.

* File contains suspected malware URL: /var/sites/.../public_html/wp-content/plugins/wp-views/res/js/codemirror234/mode/velocity/index.html
* File contains suspected malware URL: /var/sites/.../public_html/wp-content/plugins/wp-views/res/js/codemirror311/mode/velocity/index.html

Has this been reported before, or does anyone know of why they might be being flagged as malware?



same here


Me too.

The urgent Wordfence message says this for me:

File contains suspected malware URL: /www/wp-content/plugins/wp-views/res/js/codemirror311/mode/velocity/index.html
Filename: wp-content/plugins/wp-views/res/js/codemirror311/mode/velocity/index.html
Bad URL: hidden link
File type: Not a core, theme or plugin file.
Issue first detected: 2 mins ago.
Severity: Critical
Status New
This file contains a suspected malware URL listed on Google's list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: hidden link

I ran a Sucuri scan on my site. It was fine. I then ran the pivotal-solutions URL through their scanner and it says it's WP version is out of date and some additional information about the JS being the problem.

I opened the plugin and that file does exist in the original download and it looks similar in the original 1.5 download and the file on my site. I didn't not compare it carefully. It's a darn strange looking file to me. Wordfence did not flag this until today and I upgraded to 1.5 soon after it came out.

Can we just use Wordfence to delete this file?


Dear Users,

This is just a file with documentation and Im sure you can delete it without any problems. This is the header of the file, as you can see the URL is not doing any harm there:

## Velocity Code Demo
   based on PL/SQL mode by Peter Raganitsch, adapted to Velocity by Steve O'Hara ( <em><u>hidden link</u></em> )
   August 2011

I will look further into this, but WordFence is not giving me this alert. Have you updated all plugins to the latest version?

Please let me know if you are satisfied with my answer and if I can help you with any other questions you might have.



Hi Caridad,

It looks like that the "hidden link" was causing the issue. I went to the site the other day and Google flagged it as containing Malware.

I have checked the site again today, and it seems to be clear of malware again, and that is probably why there are no issues showing now.