Support » Plugin: EWWW Image Optimizer » Malware in latest update

  • Resolved Mr.Fitz


    I use EWWW Image Optimizer on my website and am very happy with it. Works great and have had no problems.
    Today I receiver this message from WORDFENCE about a critical issue involving EIO.

    “File contains suspected malware URL:”

    Filename: wp-content/plugins/ewww-image-optimizer/languages/
    Bad URL:
    File type: Not a core, theme or plugin file.
    Issue first detected: 7 hours 32 mins ago.
    Severity: Critical
    Status New

    This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: – More info available at Google Safe Browsing diagnostic page.

    Is this a known problem? I don’t see anyone else on the support page with this problem.
    It looks like a Romania language thing, Since I only do business in U.S. can I safely delete this file without harming the plugin?

    Thanks for your time, Greg

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author nosilver4u


    The url in question is the website of the individual (or team) that does the Romanian translations for the plugin. I don’t know Romanian, but their website does not look like it distributes malware. I’ve sent an email to them to try and get more information, but I suspect it may actually be the ad network they use that was infected, rather than their actual website.

    You can delete the file in question, or leave it, it isn’t going to hurt anything, since that url never gets displayed anywhere. It also won’t break anything, since you are not using the Romanian translation.

    I’ve deleted this file and as you suggested there seems to be no further problems. Wordfence is now happy.

    Thank you for your quick response.

    Great plugin.


    Plugin Author nosilver4u


    Just heard back from the folks at and they did indeed have a malware attack on their site that they have cleaned up in the last few hours. So Wordfence will be happy for now, and the file should not get flagged in future releases.

    Wow, this sounds like a big security risk! Could you not include the language files by default, and have users add them on demand?

    Plugin Author nosilver4u


    Slow down, it is a very very very very very tiny security risk. How many times have you gone looking at a .po file for a particular language and clicked the link for the contributor’s website? Their site was already fixed by the time the issue was reported here (a matter of hours).

    Ah okay, didn’t mean to over-react, my apologies. Going forwards it may prove helpful to post explanations such as this one for people that don’t understand what’s going on (in this case, PO files).

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Malware in latest update’ is closed to new replies.