Suspicious Code in plugin files

Please deactivate and delete your MailPoet and then install it again. Don’t worry, you won’t lose any data.

The uninstall/reinstall did not clear the Wordfence Security alert for the web site address in your files that are listed by Google as a malware web site.

Marking permissions on the files to disable them causes your plugin to malfunction.

Please advise corrective action.

Wordfence is marking the URL “https://clicky.me/wp-reviews” as bad.
Therefore sending a “File contains suspected malware URL” notice.

Thomas, thank you for the comment. I get what you’re saying and that’s what the scan notice says too. I fully understand the trigger and how it’s determined.

The question is to MailPoet authors – a site flagged by Google as malware is included by MailPoet authors. Why? Now that you have the notice, what are you doing about it?

I don’t know the design of the code to edit it and neutralize the risk.
Thus my inquiry.

Finally, in background, three times last fall another of my commercial sites that needs to be open to global customers was hacked resulting in the hosting service shutting it down. Wordfence flagged the files similar to above, and we “trusted” the plugin provider. Turned out to be bad advice, as two more times the site was affected.

Mailpoet designers, I want to trust your code, but a flagged entry, seemingly benign in relationship to what the code is otherwise needing to do, and thus probably expendable, should be removed or replaced with values not flagged by Google.

Please advise

Will there be any further information from you on this item?

Hi,
I potentially have the same issue, or at least similar.
I have never had a problem with Mailpoet, however two days ago I made a change to the Mailpoet newsletter signup form on our site and our entire site went down.
My site went down, and I could not log into the WordPress back-end, nor cpanel.
My web domain host said that there was something suspicious in the Mailpoet plugin that caused it (or my site) to be firewalled.
In order to get my site up again, they made an allowance in the firewall, however noted that this has reduced security, and they also mentioned something about visitors being locked out of the site.
I have now disabled the Mailpoet plugins (Mailpoet Newsletters and Mailpoet Newsletters Premium) hoping that the plugin will be fixed. I note it is not noted as being compatible with the latest wordpress or not, not sure if the issue resides there.
Anyway I am worried about deleting and reinstalling the plugins in case it re-triggers my being locked out of the site entirely (www.bioag.com.au).
Hope you can help. At the moment we have broken links pointing to our newsletter signup form, and are unable to send anything to our database of contacts.
Regards
Michael

@edtorrey that website is not present in our code. Your website was infected and then this malware infected MailPoet’s files. I suggest you run a Sucuri Site Check in your website: https://sitecheck.sucuri.net/