Plugin Has Infected Files

That is not malware. There is a mistake in the programming of the malware scanner that you are using, so it is creating a false-positive.

YML files are perfectly normal files that are used like XML or JSON files. The bots.yml file in question has patterns used to match against different types of bots that might visit your site so that they can be filtered out. It is part of Matomo’s device detection library, which is used on many thousands of websites.

Can you please update your negative review with this new information in mind? A malware allegation is very serious business.

The file you mentioned does not contain any malware and you don’t have to take my word for it because you can view that exact file hosted here on wordpress.org: bots.yml.

I am not accusing you of lying. I am saying that the host’s malware scanner created a false-positive. My role is to let you know that this info is incorrect, and that our plugin does not actually include malware in it. My intention is not to offend you or make any of this personal. I just want to be very clear because it is such a serious matter.

• This reply was modified 1 year, 1 month ago by Ben Sibley.