Sunday, January 20, 2019 Site Reportedly Hacked; Wordfence Flagging WordPress Plugins

Suspected Malware Infection is a False-Positive

WordPress site administrators running the Wordfence security plugin have been receiving alerts about a possible “critical” problem involving a suspected malware url in the mobileDetect.php file used by various WP themes and other plugins.

The suspected url is identified as and it belongs to a site that has been flagged by Sucuri as infected with malware. In fact, Google Safe Browsing has tagged with a “This site may harm your computer” warning. Such blacklisting is what appears to be triggering the false positive in the Wordfence scan.

This site may harm your computer

The WordPress sites receiving the alerts are not themselves affected by’s malware in those particular circumstances. Note, however, that it does not mean the WordPress site could not possibly be compromised in other ways.

For the Vonino-related situation, the only course of action is to wait for the site itself to be cleaned of the malware infection. If wanting to immediately clear the Wordfence alert, one can go to the mobileDetect.php file and comment out the relevant portion of the code that includes the url.

Among the WordPress plugins using the mobileDetect.php file are Google Easy Maps and WP Rocket. An example of a theme that makes use of the mobileDetect.php file is Virtue Premium.

PSA: Run a security scan regularly — Sucuri online and Wordfence within your installation. And promptly update your themes and plugins.

Leave a Reply

Notify of