• Resolved Mike Castro Demaria

    (@mikecastrodemaria)


    Wordfence Security plugin send Suspected malware URL about Google XML Sitemaps plugin

    message on …wp-content/plugins/google-sitemap-generator/sitemap-core.php
    What’s wrong ?

    Filename: wp-content/plugins/google-sitemap-generator/sitemap-core.php
    Bad URL: https://www.google-analytics.com/collect
    File Type: Not a core, theme or plugin file.
    Issue First Detected: 6 hours 3 mins ago.
    Severity: Critical
    Status New

    This file contains a URL that is currently listed on Wordfence’s domain blacklist. The URL is: https://www.google-analytics.com/collect

    Are you aware if it ?
    Mike

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Ditto this issue. Same flagged by Wordfence on one of my client sites.
    Looks like you need to update URLs for this to HTTPS, per the google developer reference on Measurement Protocol:
    https://developers.google.com/analytics/devguides/collection/protocol/v1/reference

    …which says specifically:
    “URL Endpoint
    You send data using the Measurement Protocol by making HTTP requests to the following end point:

    https://www.google-analytics.com/collect
    All data should be sent securely with the HTTPS protocol.”

    Could be problematic for sites where HTTPS is not available…:-b

    Well, looks like a pilot error on Wordfence end that is now fixed – didn’t see those posts at first.
    However the google reference is still relevant…don’t know what the consequences of trying to use HTTP instead of HTTPS with that URL is for whatever you’re doing with it. My hunch is something will not work right, if google says it is supposed to always be HTTPS.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Wordfence Security ? Suspected malware URL’ is closed to new replies.