There is no malware in the theme-check plugin. Wordfence is mistaken.
I suggest you tell the Wordfence people that their scanner is showing false positives.
Hi,
I use Wordfence security and I received a similar alert this morning.
The files were listed in the Wordfence admin area.
It only happened after I updated the plugin, which I have now deleted.
Other websites I have which have not had the plugin updated yet have not received a malware warning.
Les Bell
Here are the files Wordfence reported:
* File contains suspected malware URL: theme-check/lang/theme-check-nl_NL.mo
* File contains suspected malware URL: theme-check/lang/theme-check-nl_NL.po
* File contains suspected malware URL: theme-check/lang/theme-check.pot
Those are false positives. They are translation files, they contain no executable code.
The theme-check.pot file I made myself. It just contains the strings of the theme-check plugin.
Wordfence is mistaken. Please tell them so.
Hi,
The reported suspected malware was actually links to creativebriefing.com which is listed by Google as containing malware.
Bit odd that it would find that in those files and not in the “worms.php” file, where that link is actually located.
Nevertheless, it’s just a link to a blog post which explains the potential malware that the theme-check is scanning for. It is not an actual security concern, and you can safely ignore the false positive here.
I’ve just received a warning from another website.
Looks like it’s the #: checks/worms.php:13 section where Wordfence is seeing the link and reporting it as possible malware.
It was in the file: theme-check.pot
Again, this is not an actual problem in the theme-check plugin, and I will not be correcting it.
Tell Wordfence to fix their scanner. If it’s flagging links as malware just because Google says they might contain issues, then that is way overly paranoid, I’d say.
I think the problem here is this:
You are listing a possible worm site URL as a check.
Google is flagging the same URL as a suspected malware URL.
Wordfence is using Googles list as a check for malware and finding the URL.
Hence the alerts – until one of the three changes the alerts will keep comimg!
