I contacted another Weaver II site, the owner was able to relay this info:
… on the WeaverTheme.com support forum, this malware alert seems to be the only thing people are talking about. And one of the moderators there reports having communicated offline with Bruce about it…. the moderators do say that whatever the nature and extent of the problem, it should not pose any danger to websites running the Weaver theme itself, regardless of version number (including 2.0), and regardless of free or Pro. The malware infection, if any, supposedly affects only the support forum. But one wrinkle is that the 2.0 version of Weaver II contains a help-file link to the support forum, so some people are reporting warnings apparently arising from that…. the Weaver team, including Bruce, is aware of this situation….
Obviously they are working to fix it, relieved there is no domino effect. Appears those of us running scanners got blocked sooner than others.
Many thanks to Wilderbee for surfacing a little more information about what’s going on with both Weaver II and their web site blockage. Glad to know that Bruce is aware of the problem. Let hope they get it sorted out soon. Thanks again for the update.
Please post news about their site as it comes in.
Latest announcement from Weaver:
WeaverTheme.com was hacked yesterday, and unfortunately I was offline and unable to do anything until now.
The sites are restored, and should be off the Google blacklist shortly.
NOTE: the Weaver II Theme itself has NOT been compromised. Some WordPress hack check plugins follow all links in plugins and themes, and if the LINK is listed as bad (e.d., weavertheme.com), then the plugin issues all sorts of dire warnings. This is really unnecessary – the theme or your own site has not been hacked – just weavertheme.com.
Hi,
I received this note back from Bruce yesterday:
http://www.WeaverTheme.com was somehow hacked with a malware script. I was off in the wilderness when this happened. Fixed now, but it will take a day or so to clear Google’s list.
But thanks for caring enough to report the problem – I got home to a full inbox! Very unhappy experience.
Don’t know how the site was hacked, but it was not due to Weaver II itself.
Weaver
—————-
Many thanks to Bruce Wampler at Weaver for following up on it. It looks like everything is back up on the site. Thanks Bruce. You and your team are great.
Sorry, I don’t normally monitor WordPress.org support.
It is still unclear just how the site was hacked.
It is most unfortunate that the hack coincided with the release of Weaver II 2.0. Several people have mentioned to me that this may have been intentional.
Whatever, I’ve gotten the hack cleared, significantly minimized the number of plugins used by the site, and spent time hardening the site from future attacks.
But I would like to repeat – the Weaver II theme itself was not compromised, and the versions you can download from both here at WordPress.org and the Pro version are not compromised.
And a word about Wordfence – it checks files on your site for links to other sites – even down to checking for site names in code comments. If there is a link to a site listed by Google as bad, then you get a warning. Wordfence must be using a cached version of the Google list as it was still issuing warning long after Google had cleared weavertheme.com. If you followed the link back to the Google report, you would see the site was listed as okay again. I do wish that Wordfence would make it much more clear that YOUR site is okay in these cases – it is just a link to another site – and one that for the most part was probably hacked, and not one intentionally having badware.
@wpweaver:
Thanks for the update and the prompt fix to the hack. People here are very supportive of you and what you have done with Weaver theme.
I strongly recommend that you periodically check with this support area. When the site was blocked, this was the only clear channel to find out what was happening and find ways to let you know. I know you want to keep regular support happening on the weaver forum. That makes a lot of sense, and folks that haven’t used it are missing out. It’s one of the best support forums I’ve seen and is worthy of praise. But, since it was down, this was where we could at least follow along with the difficulties you were having.
Anyway… I personally appreciate what you are doing and your participation here and on your support forum. Great work.
HG/mws
