Vonino.eu Site Reportedly Hacked; Wordfence Flagging WordPress Plugins

WordPress site administrators running the Wordfence security plugin have been receiving alerts about a possible “critical” problem involving a suspected malware url in the mobileDetect.php file used by various WP themes and other plugins.

The suspected url is identified as http://www.vonino.eu/tablets and it belongs to a site that has been flagged by Sucuri as infected with malware. In fact, Google Safe Browsing has tagged Vonino.eu with a “This site may harm your computer” warning. Such blacklisting is what appears to be triggering the false positive in the Wordfence scan.

This site may harm your computer

The WordPress sites receiving the alerts are not themselves affected by Vonino.eu’s malware in those particular circumstances. Note, however, that it does not mean the WordPress site could not possibly be compromised in other ways.

For the Vonino-related situation, the only course of action is to wait for the vonino.eu site itself to be cleaned of the malware infection. If wanting to immediately clear the Wordfence alert, one can go to the mobileDetect.php file and comment out the relevant portion of the code that includes the vonino.eu url.

Among the WordPress plugins using the mobileDetect.php file are Google Easy Maps and WP Rocket. An example of a theme that makes use of the mobileDetect.php file is Virtue Premium.

PSA: Run a security scan regularly — Sucuri online and Wordfence within your installation. And promptly update your themes and plugins.