First of all, i dont know if this is resolved yet. Because the unauthorized error sometimes come back after a day or more.
I used GeneratePress as the parent theme, and GeneratePress Child as child theme. i deactivated the child theme and used the parent directly. I did this because the supposedly malware led to a generatepress theme pages.
When i deactivate CleanTalk as of now for the website, i waited a day or two, there’s no more the unauthorize access.
Now i turned it back on, scanner found 2 malware but offer only “approve” option: http://bit.ly/44PT0xz. i checked the website, the unauthorized waring has not appeared it as of now.
I dont know if it is the cleantalk configuration that caused that. Now scanner found 2 frontend malware with no option to delete.
it highlighted this error on top of plugin page:
2025-07-20 09:32:44: Scheduled: background_scan: “WRONG_SITE_RESPONSE TEST_ACTION FOR RC scanner__controller, ERROR: UNEXPECTED RESPONSE: \u0022\u0022\u003C!DOCTYPE html\u003E\u003Chtml lang=\\\u0022en-US\\\u0022\u003E\u003Chead \u003E \u003C!– Google Tag Manager –\u003E \u003Cscript\u003E(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({\u0027gtm.start\u0027:\\nnew Date().getTime(),event:\u0027gtm.js\u0027});var f=d.getElementsByTagName(s)[0],\\nj=d.createElement(s),dl=l!=\u0027dataLayer\u0027?\u0027\u0026l=\u0027+l:\u0027\u0027;j.async=true;j.src=\\n\u0027https:\\/\\/www.googletagmanager.com\\/gtm.js?id=\u0027+i+dl;f.parentNode.insertBefore(j,f);\\n})(window,document,\u0027script\u0027,\u0027dataLay\u0022\u0022”
