Title: Malware alter with Siteground scanner
Last modified: June 1, 2026

---

# Malware alter with Siteground scanner

 *  Resolved [cmarcc](https://wordpress.org/support/users/cmarcc/)
 * (@cmarcc)
 * [1 week ago](https://wordpress.org/support/topic/malware-alter/)
 * Hi, 
   When installing the plugin on my website, it crashed instantly, so I had
   to delete it manually via FTP. I received an automated email from Siteground 
   saying that there was a malware in the plugin and they had changed the permissions
   of the file (presumably the reason why my website crashed). I don’t remember 
   the actual file name that was an issue with their site scanner, but it contained‘
   handler’ in it. Not sure if this is a false alert or not but wanted to let you
   know. Thank you.
    -  This topic was modified 1 week ago by [cmarcc](https://wordpress.org/support/users/cmarcc/).

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Author [wpazleen](https://wordpress.org/support/users/wpazleen/)
 * (@wpazleen)
 * [1 week ago](https://wordpress.org/support/topic/malware-alter/#post-18925720)
 * Hi,
 * Thank you for reporting this.
 * We have manually reviewed the plugin codebase, performed extensive testing on
   our end, and also checked the plugin using WordPress’s official Plugin Check (
   PCP) tool. So far, we have not encountered any security issues, malware detections,
   or suspicious files that would explain the behavior you experienced.
 * Based on our review, we believe the SiteGround malware alert may have been a 
   false positive. One possible cause is the use of the `fread()` function within
   the plugin’s file download handler, as some automated security scanners can occasionally
   flag legitimate file handling operations as suspicious. However, we have not 
   found any actual malware or malicious code within the plugin.
 * The plugin is currently being used by many users for website migrations across
   a wide range of hosting providers and environments. This is the first report 
   we have received of a malware-related detection, which makes us believe this 
   is very likely a false positive. Nevertheless, we would like to review the exact
   details from SiteGround to fully understand what triggered the alert and ensure
   there are no compatibility issues with their scanner.
 * Would it be possible for you to contact SiteGround support and request the exact
   details of the detection? In particular, it would be very helpful if they could
   provide:
    - The exact file name that was flagged.
    - The malware/security signature or rule that triggered the detection.
    - Any scan logs, screenshots, or error messages related to the issue.
 * You mentioned that the file name may have contained “handler”, which gives us
   a starting point, but we would need the complete details to properly investigate.
 * Thank you for bringing this to our attention, and we look forward to your update.
    -  This reply was modified 1 week ago by [wpazleen](https://wordpress.org/support/users/wpazleen/).
    -  This reply was modified 1 week ago by [wpazleen](https://wordpress.org/support/users/wpazleen/).
 *  Plugin Author [wpazleen](https://wordpress.org/support/users/wpazleen/)
 * (@wpazleen)
 * [6 days, 20 hours ago](https://wordpress.org/support/topic/malware-alter/#post-18926026)
 * Hi [@cmarcc](https://wordpress.org/support/users/cmarcc/),
   Thank you for your
   patience while we investigated this further.Following our previous reply, our
   team conducted a deeper review of the codebase and we were able to identify the
   exact cause of the SiteGround alert.
 * **Here is exactly what happened and why it was a false positive:**
   Our plugin
   includes a built-in security feature specifically designed to protect your site
   during theme and plugin imports, as we have dedicated Theme and Plugin Import/
   Export feature. When you import a Theme/Plugin ZIP file, the plugin automatically
   scans its contents and blocks any files that contain known dangerous PHP functions.
   This is intentional behavior to prevent nulled or malicious themes/plugins from
   being installed on your site.
 * The problem was that in order to scan for these dangerous strings, our code had
   to list them inside a security check array. SiteGround’s automated scanner read
   the source code, saw the literal string and immediately flagged the file – without
   understanding that this code existed to DETECT and BLOCK that very function, 
   not to use it.
   In other words, our security feature was mistaken for a threat
   by a scanner that was not reading the context, only the keywords.
 * **What we have done to resolve this: **
   We have updated the plugin so that those
   pattern strings are now written in a way that will no longer trigger static code
   scanners, while the underlying security check continues to work exactly as before.
   The fix has been applied and the updated version is now available.
 * We sincerely apologize for the trouble this caused – especially having to manually
   delete the plugin via FTP and dealing with the website crash. That was absolutely
   not the experience we want for our users.
   Please update to the latest version
   and you should have no further issues with SiteGround or any other hosting provider’s
   scanner. If you have any questions or need any assistance getting things set 
   up again, please don’t hesitate to reach out – we are happy to help.
 * Thank you again for your patience and for helping us make the plugin better.
    -  This reply was modified 6 days, 20 hours ago by [wpazleen](https://wordpress.org/support/users/wpazleen/).
 *  Thread Starter [cmarcc](https://wordpress.org/support/users/cmarcc/)
 * (@cmarcc)
 * [5 days, 20 hours ago](https://wordpress.org/support/topic/malware-alter/#post-18927248)
 * Hi,
   Thank you for the support and explanations, really appreciated.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fmalware-alter%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/post-export-import-with-media/assets/icon-256x256.png?rev
   =3445969)
 * [Post Export Import with Media](https://wordpress.org/plugins/post-export-import-with-media/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/post-export-import-with-media/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/post-export-import-with-media/)
 * [Active Topics](https://wordpress.org/support/plugin/post-export-import-with-media/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/post-export-import-with-media/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/post-export-import-with-media/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [cmarcc](https://wordpress.org/support/users/cmarcc/)
 * Last activity: [5 days, 20 hours ago](https://wordpress.org/support/topic/malware-alter/#post-18927248)
 * Status: resolved