The plugin does not come with malware. If you doubt this, you can download a fresh copy of the plugin from the WordPress plugin directory and compare it with the copy installed on your server. Do not trust plugins distributed by anyone other than the developer themselves or from the WordPress plugin directory. Also, feel free to contact me directly: http://matchboxcreative.com
It’s very possible that your site has been hacked. This guide outlines the steps you should take if you think you’ve been hacked: https://codex.wordpress.org/FAQ_My_site_was_hacked
Hello Cornelius,
Its an awesome plugin, I completely trust you that there is no malware in it, I install it use it and uninstall it, no reason to have it active as its a passive scanner, id some user have left it active and its had malware injected into it then that is not your problem.
I love the plugin, keep it maintained
Thanks,
Rob Turner
I just downloaded it today from wordpress.org
Sucuri site scanner picked it up right away.
wp-content/plugins/gauntlet-security/admin/includes/classes/gus_FilePermissions.php
definition: php.spam-seo.injector_gen.007
As soon as i deleted and rescanned the error was gone.
Hi milton-01,
This is very helpful. It seems Sucuri’s scanner has spotted some code in that file that matches their definition of a specific type of malware. I know 100% that there’s no black-hat SEO malware in that file.
I’d suggest contacting Sucuri and asking them to confirm that that file does or does not have malware in it. If there is malware in it, it might be getting added automatically by another script on your server. If there isn’t, Sucuri might need to tweak their scanner a little bit to prevent false positives. Please let me know how it turns out.
Thanks for the kind words, Rob!
Ok will do! I will let you know!