Support » Plugin: Shield Security: Protection with Smarter Automation » Please stop showing nonsense warnings for premium plugins: “potential malware”

  • Resolved Rene Hermenau

    (@renehermi)


    Hello guys,

    I am getting nonsense malware notices in my plugin dashboard for a bunch of premium plugins which I obviously did not install via wordpress.org.

    The error says that a “potential malware has been detected”

    This will reinforces unjustified fears and concerns by the average WordPress user.

    At least smooth out the warning message and don’t name premium plugins “potential malware”. This leads to an increase of additional and unnecessary support requests to premium plugin developers.

    Even a plugin installed from wordpress.org is “potential malware” so please get rid of such a warning for plugins that are not hosted on wordpress.org.

    Cheers
    René

    • This topic was modified 1 month, 2 weeks ago by  Rene Hermenau.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author One Dollar Plugin

    (@onedollarplugin)

    Hi René

    Sorry you think it’s nonsense. The purpose isn’t to instil fear, but to detect patterns that resemble malware.

    Also, Shield doesn’t put any admin notices on the site for this feature, so I’m not entirely sure which notices you’re referring to.

    We will be working on building a distributed white list system so that many of these will not be flagged, but we’re not there yet. We’ll get there, though. But we can’t sit on our developments until absolutely every scenario is accounted for.

    You may wish to read this about false positives:
    https://onedollarplugin.com/blog/wordpress-malware-scanner-shield-pro/

    It’s not about naming premium plugins as malware (Shield doesn’t do that) – it’s about flagging files regardless of where they come from. With WordPress.org plugins we have a reference which we use to remove such false positives, but with premium plugins we don’t have that luxury – and this will require further development.

    We apologise for any concern this raise, but until our system is in-place for better resolving false positives, this is the way it needs to be.

    If you wish, you can turn off the malware scanner if you’re confident all your files, installed via premium plugins or otherwise, are clean.

    You can also use the Ignore link on the table so you never hear about them again.

    Many thanks,
    Paul.

    Hello Paul,

    thanks for the clarification.
    That’s the notice I mean: https://monosnap.com/file/HPo7wTHXP8r6bLAj9hCia51MMebGg9

    (I am the lead dev of wp staging so I can assure you there is no malware in Administrator.php)

    I assumed this notice was some kind of general warning because the plugin is not hosted on wordpress.org but obviously the sentence “repair not available” is related to the hosting location. Now I get it!

    Plugin Author One Dollar Plugin

    (@onedollarplugin)

    Cool, it’s no problem. Overtime we’ll be able to build a list of valid false positives and reduce this sort of thing.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.