www.remarpro.com
Get WordPress
www.remarpro.com

Plugin Directory

Anti-Malware Security and Brute-Force Firewall

Anti-Malware Security and Brute-Force Firewall

By Eli Scheetz

Description

Features:

  • Download Definition Updates to protect against new threats.
  • Run a Complete Scan to automatically remove known security threats, backdoor scripts, and database injections.
  • Firewall block SoakSoak and other malware from exploiting Revolution Slider and other plugins with known vulnerabilites.
  • Upgrade vulnerable versions of timthumb scripts.

Premium Features:

  • Patch your wp-login and XMLRPC to block Brute-Force and DDoS attacks.
  • Check the integrity of your WordPress Core files.
  • Automatically download new Definition Updates when running a Complete Scan.

Register this plugin at GOTMLS.NET and get access to new definitions of “Known Threats” and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for “Potential Threats” and leaves it up to you to identify and remove the malicious ones.

NOTICE: This plugin make call to GOTMLS.NET to check for updates not unlike what WordPress does when checking your plugins and themes for new versions. Staying up-to-date is an essential part of any security plugin and this plugin can let you know when there are new plugin and definition update available. If you’re allergic to “phone home” scripts then don’t use this plugin (or WordPress at all for that matter).

Special thanks to:

  • Clarus Dignus for design suggestions and graphic design work on the banner image.
  • Jelena Kovacevic and Andrew Kurtis of webhostinghub.com for providing the Spanish translation.
  • Marcelo Guernieri for the Brazilian Portuguese translation.
  • Umut Can Alparslan for the Turkish translation.
  • Micha Cassola for the German translation.
  • Robi Erwin Setiawan for the Indonesian translation.

Screenshots

  • The menu showing Anti-Malware options.
  • The Scan Setting page in the admin.
  • An example scan that found some threats.
  • The results window when “Automatic Repair” fixes threats.
  • The Quarantine showing threats that have been fix already.

Installation

  1. Download and unzip the plugin into your WordPress plugins directory (usually /wp-content/plugins/).
  2. Activate the plugin through the ‘Plugins’ menu in your WordPress Admin.
  3. Register on gotmls.net and download the newest definition updates to scan for Known Threats.

FAQ

Why should I register?

If you register on GOTMLS.NET you will have access to download definitions of New Threats and added features like automatic removal of “Known Threats” and patches for specific security issues like old versions of timthumb and brute-force attacks on wp-login.php. Otherwise, this plugin only scans for “Potential Threats” on your site, it would then be up to you to identify the good from the bad and remove them accordingly.

How do I patch the Revolution Slider vulnerability?

Easy, if you have installed and activated my this Anti-Malware plugin on your site then it will automatically block attempts to exploit the Revolution Slider vulnerability.

How do I patch the wp-login vulnerability?

The WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. This plugin can apply a patch that will block access to the WordPress Login page whenever this type of attack is detected. Just click the Install Patch button under Brute-force Protection on the Anti-Malware Setting page. For more information on this subject read my blog.

Why can’t I automatically remove the “Potential Threats” in yellow?

Many of these files may use eval and other powerful PHP function for perfectly legitimate reasons and removing that code from the files would likely cripple or even break your site so I have only enabled the Auto remove feature for “Know Threats”.

How do I know if any of the “Potential Threats” are dangerous?

Click on the linked filename to examine it, then click each numbered link above the file content box to highlight the suspicious code. If you cannot tell whether or not the code is malicious just leave it alone or ask someone else to look at it for you. If you find that it is malicious please send me a copy of the file so that I can add it to my definition update as a “Know Threat”, then it can be automatically removed.

What if the scan gets stuck part way through?

First just leave it for a while. If there are a lot of files on your server it could take quite a while and could sometimes appear to not be moving along at all even if it really is working. If it still seems stuck after a while then try running the scan again, be sure you try both the Complete Scan and the Quick scan.

How did I get hacked in the first place?

First, don’t take the attack personally. Lots of hackers routinely run automated script that crawl the internet looking for easy targets. Your site probably got hacked because you are unknowingly an easy target. This might be because you are running an older version of WordPress or have installed a Plugin or Theme with a backdoor or known security vulnerability. However, the most common type of infection I see is cross-contamination. This can happen when your site is on a shared server with other exploitable sites that got infected. In most shared hosting environments it’s possible for hackers to use an one infected site to infect other sites on the same server, sometimes even if the sites are on different accounts.

What can I do to prevent it from happening again?

There is no sure way to protect your site from every kind of hack attempt. That said, don’t be an easy target. Some basic steps should include: hardening your password, keeping all your sites up-to-date, and run regular scans with Anti-Malware software like GOTMLS.NET

Why does sucuri.net or the Google Safe Browsing Diagnostic page still say my site is infected after I have removed the malicious code?

sucuri.net caches their scan results and will not refresh the scan until you click the small link near the bottom of the page that says “Force a Re-scan” to clear the cache. Google also caches your infected pages and usually takes some time before crawling your site again, but you can speed up that process by Requesting a Review in the Malware or Security section of Google Webmaster Tools. It is a good idea to have a Webmaster Tools account for your site anyway as it can provide lots of other helpful information about your site.

How can I report security bugs?

You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. Report a security vulnerability.

Reviews

October 9, 2024
A Google search resulted in a website link which was another site infected with malware. The scan found an infected file and fixed it and quarantined other files. The problem is resolved, thanks!
August 29, 2024
This programme is needed to keep your wordpress site safe from viruses, spammers etc. Their is a lot of work gone into and it needs your support to keep your sites safe.
July 15, 2024
What an incredible find! Not only is it possible to use this plugin completely for free, I’ve seen many reviews from people who have cleaned malware that wasn’t found through other (paid) options. I have been impressed enough to donate because Eli so deserves to be compensated for his work to keep WP safe. But I love that he doesn’t require it for the plugin to work. (It’s well worth donating though and is far more cost effective and useful than every other malware option I’ve tried before).
July 9, 2024
Never fails! Thank you, Eli and team for your work. 5-stars awarded and worth every star.
Read all 764 reviews

Contributors & Developers

“Anti-Malware Security and Brute-Force Firewall” is open source software. The following people have contributed to this plugin.

Contributors

“Anti-Malware Security and Brute-Force Firewall” has been translated into 14 locales. Thank you to the translators for their contributions.

Translate “Anti-Malware Security and Brute-Force Firewall” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

4.23.71

  • Set autoload to false on the large values in wp_option.
  • Added exception to the skip by extention option so that hidden files are never skipped.
  • Checked code for compatibility with WordPress 6.6.2.

4.23.69

  • Updated Brute-Force Login Protection to integrate better with login forms from other plugins like WP User Manager and StranoWeb Ajax Login.
  • Added option to hide the Brute-Force Login Protection logo on the login page.
  • Checked code for compatibility with WordPress 6.6.

4.23.68

  • Updated Brute-Force Login Protection to integrate better with login forms from other plugins like WooCommerce and Ultimate Membership.
  • Fixed static wp_posts table name in whitelist query to use the WPDB dynamic table name.
  • Checked code for compatibility with WordPress 6.5.5 and ClassicPress 2.1.1.

4.23.67

  • Upgraded Brute-Force Login Protection to integrate the JS check on the login form with the session check.
  • Fixed session conflict with REST API and a couple Undefined Variable warnings.
  • Huge improvements to the Quick Scan on the Core Files when Core File Definitions are installed.
  • Added custom Whitelist that skips files you have chosen to ignore.
  • Fixed display of DB threats to properly decode HTML characters.
  • Checked code for compatibility with WordPress 6.5.4 and ClassicPress 2.1.0.

4.23.57

  • Removed session incompatibilities within the Brute-Force Login Protection that failed when other plugins had already output page headers.

4.23.56

  • Upgraded Brute-Force Login Protection to integrate the JS check on the login form with the session check.
  • Fixed definition update to only allow admin users to post the update, even if a valid nonce token is used.
  • Improved the Nonce tokens to incorperate user_id and context for better security.
  • Limited the Nonce token check to once single token per request for better security, instead of allowing multi-check capabilities with an array.
  • Redesigned Scan History to retain more of the detailed scan results.
  • Fixed usage of incorrect value for REMOTE_ADDR when the server is using a reverse proxy.
  • Added an option to manually recheck the donation status.
  • Checked code for compatibility with WordPress 6.4.3 and ClassicPress 1.7.2.

4.21.96

  • Fixed another Undefined Index Warning in new installs when no definition updates have been downloaded.
  • Improved timing of registration check and avoided cached results after new registrations are submitted.
  • Added an option to manually recheck the registration status of the site.
  • Checked code for compatibility with WordPress 6.3.1.

4.21.95

  • Fixed the Undefined Index Warning created in the last release.

4.21.94

  • Improved error handling for better scan completion.
  • Checked code for compatibility with WordPress 6.3 and ClassicPress 1.6.0.

4.21.93

  • Fixed the Undefined Index Warning when the Brute-Force Login Protection is invoked in certain situations.
  • Checked code for compatibility with WordPress 6.2.2 and ClassicPress 1.5.3.

4.21.92

  • Fixed the Uncaught Value Error when scanning files that use Windows-1252 encoding which is unsupported by the PHP function mb_regex_encoding.
  • Fixed other minor PHP Warnings about Undefined Indexes.

4.21.91

  • Fixed some HTML formatting issues.
  • Fixed a JavaScript error in the scan engine that prevented second attempts to scan directories that failed on the first try.

4.21.90

  • Fixed array compatibility with older versions of PHP.

4.21.89

  • Added more late escapes and sanitizated all _SERVER variables.
  • Checked code for compatibility with ClassicPress 1.5.0.

4.21.88

  • Added late escapes to variables that were already escaped as requested by Code review team.
  • Fixed a PHP warning about is_dir when it attempts check the existance of a directory that was scanned in the past but is now outside the allowable scan path.

4.21.87

  • Code review and cleanup, added more sanitization.
  • Fixed an error when attempting to unserialize an array.

4.21.86

  • Improved the removal of database injections when values are serialized.
  • Fixed a vulnerability in using unserialize with Class Objects.
  • Fixed PHP warnings about undefined indexes.

4.21.85

  • Prevented infinite looping on recursive sub-directories.
  • Changed some default values.
  • Checked code for compatibility with WordPress 6.1.1 and ClassicPress 1.4.4.

4.21.84

  • Removed the no_error_reporting option used for debugging when server errors are breaking the site.
  • Checked code for compatibility with WordPress 6.0.2 and ClassicPress 1.4.2.

4.21.83

  • Fixed XSS vulnerability on debug URLs introduced in the last release, thanks Erwan Le Rousseau.
  • Updated code with other various minor improvements bug fixed.
  • Checked code for compatibility with WordPress 6.0.1 and ClassicPress 1.4.2.

4.21.74

  • Updated code with various minor improvements to efficiency and compatibility.
  • Checked code for compatibility with WordPress 6.0.

4.20.96

  • Fixed XSS vulnerability by removing unsanitized QUERY_STRING.
  • Cleaned up Quarantine code, removing legacy functions and adding more detailed info.
  • Fixed undefined variable notice and checked code for compatibility with WordPress 5.9.2.

4.20.95

  • Added more sanitization and validation to all user data entered for better security.
  • checked code for compatibility with WordPress 5.9.

4.20.94

  • Fixed an XSS vulnerability and checked code for compatibility with WordPress 5.8.3.

4.20.93

  • Fixed undefined variable warning.
  • Updated code for compatibility with PHP version 8.0.

4.20.92

  • Added German translation thanks to Micha Cassola.
  • Improved the Apache software version checker for better firewall compatibility.
  • Fixed session compatibility that was conflicting with the REST API check in Site Health.
  • Checked code for compatibility with WordPress 5.8.1 and ClassicPress 1.3.1.

4.20.72

  • Updated registration form to be more compatible with newer iframe restrictions.
  • Fixed session check on the Brute-Force patch to no longer need mod_rewrite.
  • Removed older code from WordPress Repository.

4.20.59

  • Various minor bug fixes.
  • Added Core Files Definitions for ClassicPress.
  • Tweaked code for better compatibility with WordPress 5.7.2 and ClassicPress 1.2.0.

4.19.69

  • Fixed a JavaScript error caused by a new French translation.
  • Checked code for compatibility with WordPress 5.4.1.

4.19.68

  • Updated some external links.
  • Tweaked code for better compatibility with PHP 7.4 and WordPress 5.4.

4.19.50

  • Added even more error handling to the DB Scan for servers with the PHP memory_limit set too low.
  • Modified the Directory Scan Depth to accept 0 as a value to indicate skipping the Directory Scan (use this to focus on the DB Scan).
  • Added some Help tips to some of the options on the Settings page.

4.19.44

  • Updated links to use HTTPS by default and fixed some old URLs.
  • Various performance improvements.
  • Added more error handling to the DB Scan.
  • Fixed a few minor bugs causing PHP Notices.
  • Fixed a path search to work on Windows servers.
  • Tweaked code for compatibility with WP 5.3 (latest release).

4.18.76

  • Cleaned up the Nonce Token creation and storage functions.
  • Cleaned up View Quarantine page and fixed recovery link.
  • Added debugging for login errors WP head and footer Hooks.

4.18.74

  • Fixed a bug in the Nonce Token Errors that was created by changes in the last release.

4.18.71

  • Added wp_options table to the db_scan.
  • Fixed a few minor bugs in the db scan quarantine view.
  • Changed some wording and other minor fomatting issues.
  • Checked code for compatibility with WP 5.2.1 (latest release).

4.18.69

  • Added a Warning message about the vulnerability in the yuzo-related-post plugin.
  • Updated the Quarantine interface and added a re-scan / re-clean feature.
  • Fixed a bug in the scan depth array that would produce PHP Notices in the error_log files under certain conditions.
  • Changed some wording and other minor fomatting issues.
  • Removed some outdated JavaScript that is no longer needed.
  • Checked code for compatibility with WP 5.2 (latest release).

4.18.63

  • Fixed a major bug in the Firewall updates that could cause a False Positive lockout.

4.18.62

  • Fixed a bug in the Firewall that prevented some iPad devices from logging in.
  • Fixed an encoding bug that prevented the Examine File window from dispaying some file formats.
  • Restored the File Details window in the Examine File window.
  • Updated code for compatibility with WP 5.1.1 (latest release).

4.18.52

  • Added a whole new DB Scan category that looks for links and scripts injected directly into the database content and removes them.
  • Updated Firewall landing page for HTTPS compatibility.
  • Removed some old code that was no longer needed.
  • Added a feature to clear cache files before running the Complete Scan, this will speed up the scan and prevent malware from being saved on your cached paged.
  • Updated code for compatibility with WP 5.0.2 (latest release).

4.17.69

  • Updated code for compatibility with WP 4.9.8 (latest release).
  • Fixed PHP Notice for the unknown offset of SERVER_parts.
  • Escaped single-quotes in translated strings for use within JavaScript.

4.17.68

  • Updated code for compatibility with WP 4.9.7 (latest release).
  • Removed wrong size dashicon from Settings link in plugin list.
  • Removed the broken link to vote WORKS on www.remarpro.com.
  • Reordered priorety on fixing Known Threats to be more efficient.

4.17.58

  • Updated code for compatibility with WP 4.9.4 (latest release).
  • Fixed dashicons sizing in css.
  • Add ability to update registration email from within the plugin settings.
  • Cleaned up expired nonce tokens left behind from an older version.

4.17.57

  • Updated code for compatibility with WP 4.9.3 (latest release).
  • Fixed registration form and alternate domain for definition updates to work on HTTPS.
  • Fixed the wording on the Title check error message.

4.17.44

  • Added Title check to make sure it does say you were hacked.
  • Updated code for compatibility with WP 4.8.3 (latest release).
  • Fixed Undefined variable error in Quarantine.
  • Fixed XSS vulnerability in nonce error output.

4.17.29

  • Changed the definition update URL to only use SSL when required.
  • Updated PayPal form for better domestic IPN compatibility.

4.17.28

  • Added the Turkish translation thanks to Umut Can Alparslan.
  • Improved the auto update so that old definitions could be phased out and new threat types would be selected by default.
  • Fixed the admin username change feature on multisite installs.
  • Fixed the details window so that it scrolls to the highlighted code.
  • Set defaults to disable the Potential Threat scan if other threats definitions are enabled.
  • Encoded definitions array for DB storage.
  • Fixed syntax error in the XMLRPC patch for newer versions of Apache.
  • Added fall-back to manual updates if the Automatic update feature fails.
  • Fixed PHP Notices about undefined variable added in last Version release.
  • Improved Apache version detection.
  • Changed Automatic update feature to automatically download all definitions and firewall updates.
  • Added PHP and Apache version detections and changed the XMLRPC patch to work with Apache 2.4 directives.
  • Removed the onbeforeunload function because Norton detected it as a False Positive.
  • Removed code that was deprecated in PHP Version 7.
  • Fixed PHP Notice about an array to string conversion with some rare global variable conditions.
  • Added more firewall options.
  • Moved Scan Log from the Quarantine page to the main Setings page.
  • Fixed PHP Warning about an invalid argument in foreach and some other bugs too.
  • Fixed “What to look for” Options so that changes are saved.
  • Changed get_currentuserinfo to wp_get_current_user because the get_currentuserinfo function was deprecated in WP 4.5

4.16.17

  • Removed Menu Item Placement Options because the add_object_page function was deprecated in WP 4.5.
  • Added firewall options for better compatibility with WP Firewall 2.
  • Fixed an XSS vulnerability in the debug output of the nonce token.
  • Moved the Firewall Options to it’s own page linked to from the admin menu.
  • Moved the Quick Scan from the admin menu to the top of the Scan Settings page.
  • Fixed PHP Warning about in_array function expecting parameter 2 to be an array, found by Georgey B.
  • Made a few minor cosmetic changes and fixed a few other small bugs in the interface.
  • Fixed the Nonce Token error caused by W3 Total Cache breaking the set_transient function in WordPress.
  • Added the Brazilian Portuguese language files, thanks to Marcelo Guernieri for the translation.
  • Fixed the admin menu and also some links that did not work on Windows server.
  • Added Core Files to the Quick Scan list on the admin menu.
  • Added a nonce token to prevent Cross-Site Request Forgery by admins who are logged-in from another site.
  • Hardened against XSS vulnerability triggered by the file names being scanned (thanks to Mahadev Subedi).
  • Improved brute-force patch compatibility with alternate wp-config.php location.
  • Had to remove the encoding of the Default Definitions to meet the WordPress Plugin Guidelines.
  • Improved the JavaScript in the new Brute-Force login patch so that it works with caching enabled on the login page.
  • Improved the Brute-Force login patch with custom fields and JavaScript.
  • Added a Save button to that Scan Settings page.
  • Fixed a bug in the XMLRPC Patch “Unblock” feature.
  • Added a link to purge the deleted Quarantine items from the database.
  • Added firewall option to Block all XMLRPC calls.
  • Fixed a few cosmetic bugs in the quarantine and firewall options.
  • Fixed a bugs in the Quarantine that was memory_limit errors if there number of files in the was too high.
  • Added the highlight malicious code feature back to the Quarantine file viewer.
  • Added the ability to change the admin username if the current username is “admin”.
  • Improved the code in the Brute-Force Protection patch.
  • Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.
  • Fixed a major bug that made multisite scan extremely slow and sometimes error out.
  • Moved all ajax call out of the init function and into their own functions for better handling time.
  • Moved the quarantine files into the database and deleted the old directory in uploads.
  • Fixed some minor formatting issues in the HTML output on the settings page.
  • Added a warning message if base64_decode has been disabled.
  • Hardened against injected HTML content by encoding the tags with variables.
  • Fixed debug option to exclude individual definitions.
  • Hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
  • Fixed another XSS vulnerabilities in the admin (thanks to James H.)
  • Hardened against XSS vulnerabilities in the admin (thanks to Tim Coen).
  • Added feature to restore default settings for Exclude Extensions.
  • Changed the encoding on the index.php file in the Quarantine to make it more human-readable.
  • Fixed a few small bugs that were throwing PHP Notices in some configurations and added more info to some error messages.
  • Extended execution_time during the Fix process to increase the number of files that could be fixed at a time.
  • Added a Quarantine log to the database.
  • Fixed a couple of minor bugs that would throw PHP notices.

4.15.16

  • Created an automatic update feature that downloads any new definition updates before starting the scan.
  • Added WordPress Core files to the new definitions update process and included a scan option to check the integrity of the Core files.
  • Automatically whitelisted the unmodified WordPress Core files.
  • Made more improvements to the Brute-Force protection patch and other minor cosmetic changes to the interface.
  • Protected the HTML in my plugin from filter injections and fixed a few other minor bugs.
  • Fixed a problem with deleting files from the Quarantine folder.
  • Added a descriptive reason to the error displayed if the fix was unsuccessful.
  • Added link to restore the default location of the Examine Results window.
  • Improved the encoding of definition updates so that they would not be blocked by poorly written firewall rules.
  • Suppressed the “Please make a donation” nag if the fix was unsuccessful, to avoid confusion over premium services.
  • Removed debug alert from initial session check.
  • Improved rewrite compatibility of session check for the Brute-Force Protection Installation.
  • Improved session check for the option to Install Brute-Force Protection and added an error message on failure.
  • Improved support for Multisite by only allowing Network Admins access to the Anti-Malware menu.
  • Added link to view a simple scan history on the Quarantine page.
  • Updated firewall to better protect agains new variations of the RevSlider Exploit.
  • Improved check for session support before giving the option to Install Brute-Force patch.
  • Added option to skip scanning the Quarantined files.
  • Updated Brute-Force patch to fix the problem of being included more that once.
  • Fixed a few minor bugs (better window positioning and css, cleaner results page, updated new help tab, etc.).
  • Made sure that the plugin does not check my servers for updates unless you have registered (this opt-in requirement is part of the WordPress Repository Guidelines).
  • Added exception for the social.png files to the skip files by extension list.
  • Fixed removal of Known Threats from files in the Quarantine directory.
  • Block SoakSoak and other malware from exploiting the Slider Revolution Vulnerability (THIS IS A WIDESPREAD THREAT RIGHT NOW).
  • Enabled the Brute-Force protection option directly from the Settings page.
  • Fixed window position to auto-adjust on small screens.

4.14.47

  • Major upgrade to the protection for wp-login.php Brute-Force attempts.
  • Fixes a bug in setting the permissions for read-only files so that they could still be cleaned.
  • Fixes a minor bug with pass-by-reference which raises a fatal error in PHP v5.4.
  • Enhanced the Examine File window with better styles and more info.
  • Changed form submission of encrypted file lists to array values instead of keys.
  • Fixes other minor bugs.
  • Made the Examine File window sizable.
  • Fixed a few small bugs and removed some old code.
  • Added a link to my new twitter account.
  • Re-purposed Quick Scan to just scan the most affected areas.
  • Set the registration form to display by defaulted in the definition update section.
  • Fixed a few small bugs in advanced features and directory depth determination.
  • Fixed a session bug to display the last directory scanned.
  • Fixed a few small cosmetic bugs for WP 3.8.
  • Added Spanish translation, thanks to Jelena Kovacevic and Andrew Kurtis at webhostinghub.com.
  • Updated string in the code and added a .pot file to be ready for translation into other languages.
  • Added “Select All” checkbox to Quarantine and a new button to delete items from the Quarantine.
  • Added a trace.php file for advanced session tracking.
  • Fixed undefined index bug with menu_group item in settings array.
  • Added support for multisite network admin menu and the ability to restrict admin access.
  • Fixed a session bug in the progress bar related to the last release.
  • Fixed a session bug that conflicted with jigoshop. (Thanks dragonflyfla)
  • Fixed a few bug in the Whitelist definition feature.

3.07.06

  • Added SSL support for definition updates and registration form.
  • Upgraded the Whitelist feature so the it could not contain duplicates.
  • Downgraded the WP-Login threat and changed it to an opt-in fix.
  • Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
  • Added ability to whitelist files.
  • Fixed a major bug in yesterdays release broke the login page on some sites.
  • Added a patch for the wp-login.php brute force attack that has been going around.
  • Created a process to restore files from the Quarantine.
  • Fixed a few other small bugs including path issues on Winblows server.

1.3.02.15

  • Improved security on the Quarantine directory to fix the 500 error on some servers.
  • Fixed count of Quarantined items.
  • Added htaccess security to the Uploads directory.
  • Linked the Quarantined items to the File Examiner.
  • Added a scan category for Backdoor Scripts.
  • Consolidated the Definition Types and added a Whitelist category.
  • Completely redesigned the Definition Updates to handle incremental updates.
  • Added “View Quarantine” to the menu.
  • Enhanced Output Buffer to work with compression enabled (like ob_gzhandler).
  • Moved the quarantine to the uploads directory to protect against blanket inclusion.
  • Fixed Output Buffer issue for when ob_start has already been called.
  • Enhanced the Automatic Fix process to handle bad directory permissions.
  • Added more detailed error messages for different types of file errors.
  • Improved overall error handling.
  • Minor UI enhancements and a few bug fixes.
  • Completely revamped the scan engine to handle large file systems with better error handling.
  • Enhanced the results for the Automatic Fix process.
  • Fixed a few other small bugs.
  • Enhanced the iFrame for the File Viewer and Automatic Fix process.
  • Improved error handling during the scan.
  • Moved the File Viewer and Automatic Fix process into an iFrame to decrease scan time and memory usage.
  • Enhanced the Automatic Fix process for better success with read-only files.
  • Improved code cleanup process and general efficiency of the scan.
  • Encoded definition update for better compatibility with some servers that have post limitation.
  • Fixed XSS vulnerability.
  • Changed registration to allow for multiple sites/keys to be registered under one user/email.
  • Changed auto-update path to update threat level array for all new definition updates.
  • Updated timthumb replacement patch to version 2.8.10 per www.remarpro.com plugins requirement.
  • Fixed option to exclude directories so that the scan would not get stuck if omitted.
  • Added support for winblows servers using BACKSLASH directory structures.
  • Changed definition updates to write to the DB instead of a file.

1.2.03.23

  • First versions available for WordPress (code removed, no longer compatible).

Meta

Support

Issues resolved in last two months:

4 out of 6

View support forum

Donate

Would you like to support the advancement of this plugin?

Donate to this plugin

VIP777 login Philippines Ok2bet PRIZEPH online casino Mnl168 legit PHMAYA casino Login Register Jilimacao review Jl777 slot login 90jili 38 1xBet promo code Jili22 NEW com register Agila Club casino Ubet95 WINJILI ph login WINJILI login register Super jili168 login Panalo meaning VIP JILI login registration AGG777 login app 777 10 jili casino Jili168 register Philippines APALDO Casino link Weekph 50JILI APP Jilievo xyz PH365 casino app 18JL login password Galaxy88casino com login superph.com casino 49jili login register 58jili JOYJILI apk Jili365 asia ORION88 LOGIN We1win withdrawal FF777 casino login Register Jiligo88 philippines 7777pub login register Mwgooddomain login SLOTSGO login Philippines Jili188 App Login Jili slot 777 Jili88ph net Login JILIMACAO link Download Gcash jili login GG777 download Plot777 app download VIPPH register Peso63 jili 365.vip login Ttjl casino link download Super Jili 4 FC178 casino - 777 slot games JILIMACAO Philippines S888 register voslot LOVE jili777 DOWNLOAD FK777 Jili188 app CG777 app 188 jili register 5JILI login App Download Pkjili login Phdream Svip slot Abcjili6 App Fk777 vip download Jili888 register 49jili VIPPH register Phmacao co super Taya777 link Pogo88 real money Top777 app VIP777 slot login PHMACAO 777 login APALDO Casino link Phjili login Yaman88 promo code ME777 slot One sabong 888 login password PHMAYA casino Login Register tg777 customer service 24/7 Pogibet slot Taya777 org login register 1xBet live Acegame888 OKBet registration JILIASIA Promotion Nice88 voucher code AgilaClub Gaming Mnl168 link Ubet95 free 50 PHMAYA casino login JLBET 08 Pb777 download 59superph Nice88 bet sign up bonus Jiliyes SG777 download apk bet88.ph login JILIPARK casino login Register Philippines PHMAYA APK CC6 casino login register mobile PHMACAO com download MWPLAY app JILIPARK Download Jili999 register link download Mnl646 login Labet8888 download 30jili jilievo.com login Jollibee777 open now LOVEJILI 11 18JL casino login register Philippines JILIKO register Philippines login Jililuck 22 WJPESO casino PHMAYA casino login Jili777 login register Philippines Ttjl casino link download W888 login Register Galaxy88casino com login OKBet legit tg777 customer service 24/7 Register ROYAL888 Plot777 login Philippines BigWin Casino real money PHLOVE 18JL PH 18JL casino login register Philippines SG777 Pro Taya777 pilipinong sariling casino Jiligames app MNL168 free bonus YesJili Casino Login 100 Jili casino no deposit bonus FC178 casino free 100 Mwcbet Download Jili888 login Gcash jili download JILIMACAO 123 Royal888 vip 107 Nice888 casino login Register FB777 link VIPPH app download PHJOIN 25 Ubet95 legit phcash.vip log in Rrrbet Jilino1 games member deposit category S888 live login FF777 download FC777 VIP APK ME777 slot Peso 63 online casino OKGames app Joyjili customer service superph.com casino FB777 Pro Rbet456 PH cash online casino Okbet Legit login taruhan77 11 VIPPH 777Taya win app Gogo jili 777 Plot777 login register Bet99 app download Jili8989 NN777 VIP JP7 fuel Wjevo777 download Jilibet donnalyn login Register Bossjili ph download 58jili login registration YE7 login register FC777 new link login 63win register Crown89 JILI no 1 app Jili365 asia JLBET Casino 77PH fun Jili777 download APK Jili8 com log in CC6 casino login register mobile ph365.com promotion phjoin.com login register 77PH VIP Login download Phdream live chat Jlslot2 Me777 download Xojili legit PLDT 777 casino login Super Jili Ace Phdream 44 login Win888 casino JP7 Bp17 casino login TTJL Casino register FB777 slot casino Jili games online real money phjoin.com login register BET99 careers ORION88 LOGIN Plot777 login Philippines Labet8888 login JILI Official Pogibet app download PH777 casino register LOVEJILI app Phvip casino VIP jili casino login PHMACAO app 777pnl legit YE7 casino online Okbet download CC6 bet app 63win club Osm Jili GCash LOVEJILI 11 Www jililive com log in Jili58 casino SuperAce88 JiliLuck Login Acegame 999 777pnl promo code MWPLAY good domain login Philippines Pogo88 app Bet casino login Superph98 18jl app download BET999 App EZJILI gg 50JILI VIP login registration Jilino1 new site pogibet.com casino Jili Games try out Gogojili legit 1xBet Aviator WINJILI ph login Jili168 register How to play Jili in GCash 777pnl PHDream register login JILISM slot casino apk FB777 c0m login EZJILI Telegram MWCASH88 APP download Jili88 vip03 APaldo download 1xBet 58JL Casino 58jl login register Jili scatter gcash OKJL slot jili22.net register login 10phginto APaldo 888 app download 1xBet live FC178 Voucher Code 58jl Jili888 ph Login 365 Jili casino login no deposit bonus JP7 VIP login PHBET Login registration 58jili login registration VVJL online Casino Club app download Jili77 login register Jili88 ph com download KKJILI casino WJ peso app Slot VIP777 BigWin69 app Download Nice88 bet Suhagame philippines Jiliapp Login register Qqjili5 Gogo jili helens ABJILI Casino OKJL download 1xBet login mobile Pogibet 888 777 game Okgames casino login Acegame888 Bet86 promotion Winph99 com m home login JP7 VIP login 20phginto VIPPH register KKJILI casino OKJILI casino Plot777 app download NN777 register bossphl Li789 login Jiligo88 app Mwcbet Download Betjilivip Https www BETSO88 ph 30jili Https www BETSO88 ph Jilievo Club Jili888 register Jili777 download APK JILI77 app download New member register free 100 in GCash 2024 Royal888casino net vip JOLIBET withdrawal MW play casino Jili365 login FB777 Pro Gold JILI Bet99 registration 55BMW red envelope Bet199 login philippines JILI188 casino login register download Phjoin legit or not Bigwin 777 Bigwin pro Apaldo PH pinasgame JILIPARK Login registration JiliApp ph04 Ph143 Jili168 login app Philippines MW Play online casino APK 77tbet register 8k8t Bigwin casino YE7 Download App Ph365 download apk Acejili Ph888 login S888 juan login 63win withdrawal Okbet cc labet 8888.com login password Mwbet188 com login register Philippines MNL168 net login registration kkjili.com download Jili888 Login registration Abc Jili com Download JILIPARK casino login Register Download AbcJili customer service live777. casino Jilievo casino jilievo APP live casino slots jilievo vip Jolibet legit PH888 login Register 888php register 55BMW win Mwbet188 com login register Philippines AbcJili customer service Jili88 ph com app 200Jili App MAXJILI casino ROYAL888 deposit mi777 Jili games free 100 ACEGAME Login Register Jilibet donnalyn login Voslot register Jilino1 live casino 18jl login app apk JILI Vip777 login Phtaya login Super Ace casino login Bigwin 777 Ubet95 free 190 superph.com casino Jili22 NEW com register SG777 win Wjpeso Logo 1xBet login mobile Jili88 casino login register Philippines sign up Okbet cc Agg777 slot login Phv888 login P88jili download jiliapp.com- 777 club Fish game online real money One sabong 888 login password QQJili Taya365 slot mnl168.net login Taya365 download Yes Jili Casino PHMACAO APK free download 365 casino login Bigwin 29 JILISM slot casino apk Wow88 jili777.com ph 888php login 49jili VIP Jilino1 legit SG777 slot Fish game online real money Voslot free 100 18jl login app apk OKJL app Jili22 NEW com register Nice88 free 120 register no deposit bonus Sugal777 app download 288jili PHJOIN VIP com Register Jl77 Casino login KKjili com login Lovejili philippines Pogo88 casino SLOTSGO VIP login password Jili22 net register login password Winph 8 we1win 100 Jili slot 777pnl promo code Sg77701 Bet88 download for Android PH365 casino Royal Club login Jili88 casino login register MWPLAY login register Jilibay Promotion 7SJILI com Register FC777 casino link download Royal meaning in relationship OKBET88 AbcJili customer service 777ph VIP BOSS JILI login Register 200Jili App KKJILI casino login register maxjili Mwcbet legit JILIASIA 50 login Milyon88 com casino login 8k8app17 Royal slot Login Phmacao rest 338 SLOTSGO Ph888 login PHGINTO com login YY777 app Phdream register Jili22 net register login password Lucky Win888 Jiligames API Agila club VIP 77PH VIP Login download Acegame888 register PHMAYA Download Jili88 online casino 7XM Lovejili philippines 63win register Jilimax VOSLOT 777 login 18JL Casino Login Register JILIASIA 50 login 50JILI VIP login registration 7XM com PH Nice888 casino login Register 58jl Jili168 casino login register download Timeph philippines 90jilievo Jili88 casino login register OKBet legit JILI slot game download Bet99 promo code 58jili app 55BMW com PH login password KKjili casino login bet999 How to play Jili in GCash BigWin69 app Download OKJL Milyon88 com casino login phdream 888php register Ph888 PH777 registration bonus JLBET Asia LOVEJILI download Royal Casino login 646 ph login Labet8888 review JLBET Casino Jili888 ph Login Wjpeso Wins JILIMACAO 666 Jiliplay login register JILIAPP com login Download JiliLuck download WIN888 PH JL777 app Voslot777 legit Pkjili login 20jili casino Jolibet login registration Phjoin legit or not Milyon88 com casino register JILI apps download 88jili login register Jili 365 Login register download 11phginto Jili777 vip login Ta777 casino online Swertegames Taya365 download 777PNL online Casino login Mi777 join panalo 123 JILI slot 18jili link Panalo lyrics Jiliplay login philippines yaman88 Bet88 login Jili888 Login registration FF777 TV Ok2bet app Pogibet casino philippines Www jilino1 club WOW JILI secret code AB JILI Jili168 online casino BET99 careers Go88 slot login JILI Vip777 login CG777 Casino link OKBet GCash www.50 jili.com login WINJILI download Lucky bet99 Acegame888 77ph com Login password ACEGAME Login Register ACEGAME casino Swerte88 login password Wj slots casino APALDO Casino Phjoin slot JLBET com JLBET ph Taya777 org login 49jili slot Svip slot Jili77 download APK 200jiliclub Bet199 philippines Jili888 Login registration 88jili withdrawal phjoin.com login register Swerte88 login registration Voslot777 legit Superph11 AAA JILI app download Www jililive com log in VIP777 Casino login download Jili77 download APK Jilibet donnalyn login Register JILICC sign up Pogibet app download www.mwplay888.com download apk Jili68 Jililuck App Download APK Yy777 apk mod Jili77 vipph.com login labet8888.com app Phdream live chat Ph646 login register mobile 7777pub download Jolibet Fortune Tree 90JILI app 18JL login Philippines JLSLOT login password 50JILI fun m.nn777 login 88jili withdrawal PH Cash Casino APK 888PHP Casino LINK Boss jili app download Jili999 login register FB777 download APK Free 100 promotion JILIPARK Download VIP PH casino JILIHOT ALLIN88 login 8K8 com login PHMAYA casino login 58jili withdrawal Ubet95 free 100 no deposit bonus KKJILI online casino M GG777 100jili APP JILI888 slot download PHBET88 Jili Games demo 1xBet OKJL Casino Login Nice888 casino login Register Betso88 App download APK VIP777 app Gcash jili register 1xBet registration 58jili withdrawal Jili63 Suhagame23 218 SLOTSGO AGG777 login Philippines Bay888 login JILIVIP 83444 PHCASH com casino login Jilievo 666 Jili 365 VIP register PHMAYA link PH cash VIP login register Yaman88 casino JP7 VIP We1Win download free rbet.win apk Jili168 casino login register download Milyon88 com casino register 18JL login app 88jili withdrawal AAA Casino jilibet.com register Winjili55 UG777 login app PH777 download Jili365 bet login app Osm Jili GCash 77tbet philippines GI Casino login philippines 88jili login FC178 casino free 100 SG777 Com Login registration Nice88 free 100 Oxjili Royal777 Top777 login FB777 live 200jili login Gogojili legit Yes Jili com login phcash.vip casino Sugal777 app download 58JL app Login Panalo login JILI games APK Lucky99 Slot login Jili scatter gcash 7XM APP download FB JILI casino login download PHMACAO app ROYAL888 Link Alternatif ACEPH Casino - Link 55bmw.com casino Timeph app Osm Jili GCash M GG777 Ubet95 login Jiligo88 CG777 Casino Philippines Tayabet login Boss jili app download YY777 app download Nice88 free 120 register no deposit bonus Bossjili7 XOJILI login 68 PHCASH login ezjili.com download apk Jili 365 VIP APK Milyon88 pro Jili88 casino login register download Jili online casino AgilaPlay Jili scatter gcash 7777pub login CC6 app bonus JK4 online PHJOIN casino Joyjili login register 22phmaya 5JILI Casino login register Betso88 VIP Winph 8 Phmacao rest JILI Slot game download free s888.live legit APALDO Casino link Plot 777 casino login register Philippines Ph646wincom Jili168 login app Philippines KKJILI casino Apaldo PH Phdream live chat Slot VIP777 PH888BET 22 phginto 50JILI APP MWPLAY login register Slotph We1Win apk VIP777 slot login Nice88 PRIZEPH online casino Jilipark App 7XM app for Android Jili58 Jili168 free 100 APALDO 888 CASINO login APaldo download Jiliasia8 com slot game phcash.vip casino OKJL Casino Login YY777 live Jili888 register Winjiliph QQ jili casino login registration Abcjili5 NN777 register Phvip casino Taya 365 casino login OKBet app Osm Jili GCash Nice88 free 100 5JILI Casino login register Bet88 app download 5 55bmw vip Jlph11 JILI slot casino login Nice88 bet sign up bonus JILI Slot game download for Android Abc Jili com Download FF777 TV Peso 63 online casino MILYON88 register free 100 7777pub JILIASIA 50 login CC6 online casino latest version Royal Club apk 1xBet login registration CG777 Casino Philippines 1xBet app Mwcbet net login Password LOVEJILI 21 FBJILI Now use Joyjili Promo code JILI188 casino login register download PHMACAO SuperPH login AGG777 login app Peso 63 online casino filiplay Sugal777 app download Galaxy88casino com login EZJILI Telegram JiliApp ph04 Jilino1 com you can now claim your free 88 PHP download 63win Coupon Code PHDream 8 login register Philippines MNL168 website CC6 online casino register login 3jl app download apk Jlph7 TA777 com Login Register password 5jili11 FF777 casino login Register KKJILI casino login register 10 JILI slot game 3JL login app Jili100 APP Winjili55 Milyon88 info Jilino1 VIP login YE7 bet sign up bonus Apaldo games Wj casino app AbcJili win.ph log in Jili22 VIP 204 SG777 Jl77 Casino login YY777 app download Jilimacao Okjl space Wjevo777 download Ubet95 free 100 no deposit bonus PHMAYA APK Xojili legit 77PH bet login Taya365 pilipinong sariling casino LOVEJILI AAAJILI Casino link Jollibee777 How to play mwplay888 18jl app download jilievo.com login password VIP PH casino mnl168.net login JiliLuck download Win2max casino 777PNL download app Ubet Casino Philippines Win888 Login Jili88 casino login register Philippines sign up Bet99 APK 18JL casino Login register Download Naga888 login JLPH login PHMACAO APK free download How to register Milyon88 Royal888ph com login JiliCC entertainment WINJILI customer service PHBET88 Jili888 Login Philippines SG777 slot FBJILI Jili365 bet login app Ubet95 free 100 no deposit bonus Taya 365 casino login LOVEJILI Jili777 free 150 YE7 casino login register download QQJili 58jili login Download S888 sabong Gi77 casino Login taya777 customer service philippines number 24/7 WINJILI customer service Https www wjevo com promocenter promotioncode Nice99 casino login Phdream 44 login Mi777app 777PNL online Casino login phjl.com casino JILILUCK promo code Pogibet 888 login BigWin Casino legit Jolibet app download Jilli pogibet.com casino JP7 VIP login Ug7772 Phjoy JILIMACAO 123 PH143 online casino jili365.bet download PH cash VIP login register Abc Jili Register Mwgooddomain login 58JL Casino link 365 Jili casino login no deposit bonus JILIEVO Casino 777 60win OKGames casino 49jili VIP kkjili.com app JILIPARK casino login Register Philippines Agila Club casino OKGames GCash OKBet casino online S888 juan login Yaman88 log in Winph99 com m home login Jili88 casino login register Winjiliph CG777 Casino LOGIN Register Ubet Casino Philippines Agilaclub review Is 49jili legit ph646 JLBET link JiliCC entertainment Jilicity withdrawal Ta777 casino online Jili777 login register Philippines JP7 coupon code Milyon88 one Ug7772 Jilibet casino 77PH VIP Login download Jili live login 68 PHCASH 7XM APP download Boss jili login MWCASH88 APP download Jilicity login Acegame888 real money LIKE777 JILILUCK app JiliBay Telegram Bet199 login philippines Ph646wincom PHJOIN login OKGames register JILIASIA withdrawal Panalo login 88jili Login Philippines Wjevo777 download phjl.com casino Fcc777 login Labet8888 login JILI8998 casino login PHJL Login password Jilibay Voucher Code 28k8 Casino P88jili download 49jili apps download Fk777city we1win CG777 Casino login no deposit bonus MW play casino FF777 casino login Register Philippines download JILIAPP com login Download Bet199 PHGINTO com login Bet88 bonus Sw888 withdrawal Vvjl666 Jiliapp 777 Login QQ jili login Jilicity download Jili188 login Philippines Timeph philippines Casino Club app download Nice88 bet login registration Bay888 login PH Cash casino download Jiliko777 Nice88 PH 777pnl Jiliplay login register JILI VIP casino cg777 mwcbets.com login Fbjili2 JILIAPP download 7xm login 77jl.com login JILI Slot game download for Android MWPLAY app superph.com casino Nice88 free 120 WJ peso app Jili58 register 3jl app download apk Betso88 link OKGames login free JILIASIA 888 login 58jl login register Jilibet888 68 PHCASH login Jili88ph net register 55BMW Casino app download APK Abc Jili com Download FB777 register login Philippines Jilievo org m home JiliLuck download jlbet.com login register Jp7 casino login 18JL Casino Login Register YE7 casino APK prizeph Boss jili login Royal logo FC178 casino - 777 slot games Taya777 pilipinong sariling casino Ph888 MWPLAY app @Plot777_casino CG777 login BOSS JILI login Register JILI PH646 login Vvjlstore Mi777 casino login Download Okgames redeem code 50JILI VIP login registration Bet88 login AGG777 login Philippines JILIMACAO Yesjili com legit P88jili com login OKBET88 Gold JILI VIP PH casino VIP PH log in bet88.ph legit kkjili.com app JiliLuck Login JILI Vip777 login 63win withdrawal bet999.ph login m.nn777 login 58JL 8k8app17