WordFence Reporting Errors with this plugin

Resolved webauthor
(@webauthor)

10 years, 3 months ago

Millions of WP site owners use the WordFence Plugin. I just ran a WF scan and it came back with this error:
==========================================================
File contains suspected malware URL: /home/xxxxxxxxxxxxxx/public_html/wp-content/plugins/genesis-custom-headers/inc/gch-metabox.php
Filename: wp-content/plugins/genesis-custom-headers/inc/gch-metabox.php
Bad URL: http://genesistutorials.com/visual-hook-guide/
File type: Not a core, theme or plugin file.
Issue first detected: 2 mins ago.
Severity: Critical
Status New
This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://genesistutorials.com/visual-hook-guide/ – More info available at Google Safe Browsing diagnostic page.

Are you guys affiliated in any way with http://genesistutorials.com? If so, it looks like http://genesistutorials.com has been hacked as well as http://christophercochran.me/ which is displayed as the operator of http://genesistutorials.com.

Please investigate and let us know if http://genesistutorials.com is truley a valid site and if links to http://genesistutorials.com should actually be in the plugins/genesis-custom-headers/inc/gch-metabox.php file of this plugin.

Thanks

https://ww.wp.xz.cn/plugins/genesis-custom-headers/

Viewing 6 replies - 1 through 6 (of 6 total)

Plugin Author Nick Diego
(@ndiego)

10 years, 3 months ago

Hi webauthor,

I am not affiliated with that site, but it is a useful reference for Genesis Users. It shows you were all the Genesis Hooks are. I will investigate and remove the actual link. The link it supposed to be there as a reference to the plugin users. I was not intended as malicious.

Thanks,
Nick

dirkbeckersbe
(@dirkbeckersbe)

10 years, 3 months ago

this is causing the problem…
https://www.google.com/transparencyreport/safebrowsing/diagnostic/?hl=en-US#url=malenkayavalera.info

please fix 🙂

Plugin Author Nick Diego
(@ndiego)

10 years, 3 months ago

Hi dirkbeckersbe and web author,

I just pushed version 1.1.3 with the links to http://genesistutorials.com removed. Such a shame as that was a good resource for Genesis users. I am reaching out to the author to let him know his site has been compromised.

Thank you both for catching this. It seems to have happened fairly recently!

Nick

Plugin Author Nick Diego
(@ndiego)

10 years, 3 months ago

Just a follow up for everyone, it seems as though he is aware: https://twitter.com/tweetsfromchris/status/696759059953811456. That is no fun!

Thread Starter webauthor
(@webauthor)

10 years, 3 months ago

Thanks Nick ~ Good to hear it and thank you for the quick reply. I had a feeling that was the case that’s why I posted here. It can take a while for Google to remove the warning once he removes any of his malicious code from his site. Hopefully it’ll get cleared up on his site soon.

Thanks again Nick.

Thread Starter webauthor
(@webauthor)

10 years, 3 months ago

Hi Nick,

I deactivated your plugin and updated it. I ran a new WordFence scan and we’re getting a warning that gch-settings.php contains a link to http://genesistutorials.com as well. I see you removed the link from gch-metabox.php but not this gch-settings.php file. You may want to update that file as well.

Thanks

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘WordFence Reporting Errors with this plugin’ is closed to new replies.