Support » Plugin: AddToAny Share Buttons » Google detected malware on my site – Add to Any plugin

Viewing 14 replies - 1 through 14 (of 14 total)
  • Hi Johanna,

    To address the issue, the best thing to do right now is to perform a site re-build using:

    – fresh WordPress core files
    – fresh plugins & themes
    – clean /uploads folder ( you can disable PHP for this section as well )

    To start the rebuidling process:

    – keep only wp-config.php file ( make sure the file is malware free )
    – add each component step by step : core files, plugins & theme ; if possible use a clean theme from the source: https://wordpress.org/themes/meditation/

    Good luck, Adrian

    PS: Right now your domain name is blacklisted by Google, currently marked as deceptive. Here’s a screenshot: https://www.magefix.com/screenshots/2018-06-27%2012_04_38.png

    Hi Adrian,
    I have no idea what the problem is.
    My site hosting provider provides a malware scan and I have done that and it came out clean. I deactivated the “Add to Any” plugin and asked Google to check my site again.
    I’m not prepared to start from scratch just like that. Then I loose everything and I don’t want that. Especially since it isn’t clear what is the matter.
    I wait for Google and see what to do next after that.
    Thanks for trying to help me though.

    Johanna

    Hi Johanna,

    Parts of your site – like https://www.lana-turner.com/wp-content/ – display the red screen warning ( Deceptive site ahead ). These warnings are active for a reason, your site might have hosted phishing / deceptive pages.

    Malware-related issues should be addressed immediately – don’t rely on your hosting support only.

    Performing a site rebuild doesn’t leave any precious data behind – only guarantees your site will be malware free.

    Later on, you need to check the users with administrator rights, FTP users from your hosting account – to make sure there are no open doors for the attackers.

    Adrian

    Hi Adrian,
    But isn’t there anything else I can do then starting from scratch?
    Maybe I can download the wp-content folder and perform a scan on that?

    Johanna

    Adam

    (@adamlachut)

    @johanna2patricia
    It is (almost) always possible to clean infection without starting from scratch. Additionally, there is no guarantee that removing all files except /uploads folder solves your problem (for many reasons, like malicious content in your DB or wp-config file, compromised password(s) etc. to name a few).
    Unfortunately, it may be really hard to clean the infection, remove vulnerability, harden your WP and deal with Google issues if you have no experience in this field

    Hi Johanna,

    Folders like wp-includes, wp-admin or wp-content could host potential malicious files. So it’s not only about wp-content.

    Malicious files could easily become undetected by any tool. So don’t rely on automated scanners. There are backdoors ( upload scripts ) which look like the legitimate files.

    You can download wp-content directory and separately make a new directory called wp-content.

    Then you can copy uploads folder – make sure you delete all the PHP files which might be inside. Look for ICO files, some might include malicious code. Add .htaccess file inside uploads folder to prevent PHP execution.

    Later you can create plugins & themes. And you can populate these folders with fresh data, downloaded from :
    https://wordpress.org/plugins/ and
    https://wordpress.org/themes/meditation/

    Adrian

    Hi Adam and Adrian, is it an idea to restore my site to a previous backup?
    Maybe that will solve it?
    Google just found the issue today, so maybe if I put back a backup from a couple of days ago, it will be ok?

    Johanna

    Adam

    (@adamlachut)

    Yes, you may try with the backup, but you have to know that the backup might be infected (we don’t know when your website was infected, we know when Google/hosting found the infection).
    After recovering the bakup you HAVE TO:
    – change all the passwords including database password
    – upgrade all the plugins (to fix the vulnerability which most likely is vulnerable plugin)
    – verify the domain ownership in Google Search Console and send the reconsideration report (for www and non-www version).
    Of course, you need to recover the backup after cleaning your hosting account (please, be sure that this backup is working)
    If you are lucky, it may work. Good luck!

    A.

    Ok. But how can I upgrade my plugins? All my plugins are up to date.
    And how often does Google crawl sites?

    Johanna

    Adam

    (@adamlachut)

    So, probably there is another vulnerability, it may be a weak password, another website on this hosting account, server security issues etc – it’s impossible to guess.

    Johanna,

    I don’t recommend this method ( restoring a previous backup ). And – like Adam said – you never know when the infection really occured. So you might still end up with a compromised site.

    Before anything else, perform a backup for your current data. It’s very important to prevent any data loss from now on.

    So backup your:

    – database associated with your site
    – your site files

    Save these with your local machine ( PC , laptop ).

    PS: If there’s an extra site on this hosting account – like Adam suggested – you might deal with a cross-site contamination. Discuss with your hosting support – ask them if there are any WordPress instances installed – other than one used for lana-turner.com.

    Hosting more than two WordPress site within the same shared hosting account is not secure. But hopefully, maybe it’s not your case.

    To get rid of that red warning, only after you’ve cleared out the malware, you can:
    – verify your website with https://www.google.com/webmasters/tools/home
    – Check the “Security issues” section
    – Ask for a re-evaluation. It takes aprox. 24 hours for them to complete it.

    Hi everybody,
    An update: I was downloading my site to my pc and Kaspersky found a backdoor in my htaccess file.
    So I have removed that one and the htaccess.php file.
    I also changed the paswords to my hosting account and wp sites.
    I’m now downloading my site to my pc and will see how it goes.

    Thank you all for your help!

    Johanna

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Google detected malware on my site – Add to Any plugin’ is closed to new replies.