Wordfence throws malware warning

Weaver themes home site was hacked or something happened that caused it to be blacklisted by Google. That’s why it’s showing that. But it’s fixed now, I believe.

https://weavertheme.com/this-site-hacked/

I don’t use weaver theme. When I look at the file in Wordfence’s warnings, the only place weavertheme is mentioned is connected to Yoast. The file shows yards and yards of text that only appears in HIS site’s blog posts, not mine. I do use his SEO plugin but that doesn’t explain why his site’s text is ending up inside my sql backup.

I’m not an expert at all this but now it’s feeling like there’s method at work where Yoast site posts are embedded behind the scenes. He just happened to blog about weaver theme which got pulled into my site???

Possibly, if there’s a reference to the site’s URL anywhere in your site.

I’m having the exact same problem reported in my sql backups starting with my files on July 20th. I run a backup once per week(and I’ve never used a Weaver theme). Only thing I haven’t done is dig into the sql file to locate where the error is generating from. But I’m assuming it’s the same issue as I also use Yoast.

Wordfence is no longer reporting this as an issue in my backups?

You are right! I just checked and no warning. When the weaver site was taken off the Google blacklist it must have changed in Wordfence’s security list. Still worrisome that Yoast has included references from his blog that can only be seen in my sql backup.

Thank you, lmfoster!

Hi Guys,

Yes, the domain was blacklisted by Google and since it’s listed as a malicious domain we started warning our customers about it. This is a good thing because if that domain appears in any of your posts or files that are indexable by Google, you risk incurring an SEO penalty if you’re caught linking to it. So pay attention to these alerts.

Regards,

Mark.

Thanks Mark. What I can’t figure out is WHY this URL is included in my sqlbackup file. Other than having the plugin Yoast (which is where I believe the URL came from), there is nothing on my site that is referencing that domain. So in theory, the only way I could have protected my site was to remove the Yoast plugin since that’s where it looks like the domain was being referenced, correct? I’m fairly new to WordPress, so just want to make sure I understand how to protect my site. When this occurred, I didn’t have a clue how I’d fix it since it was only showing up as in issue in my backup. I was in a panic worrying I’d also get blacklisted by Google. BTW, I LOVE Wordfence! ??

Thank you, Mark. I have to echo lmfoster. The warnings, which I totally appreciate, were only about the backups. No pages on my site reference the blacklisted domain. The “ads” that Yoast displays on the admin panel for other plugins appear to be the culprit.

I, too, was panicked that I had to delete all my backups or Yoast too. Since the domain wasn’t referenced by me on my site, I made a new backup and Wordfence subsequently found the same problem with that new backup. How did the URL get into the sqlbackup?