Hello!
Hope you are doing fine.
This is Tapan from WP Staging, I am writing after getting a support request from one of our users, https://www.ads-software.com/support/topic/malcare-firewall-blocked-because-of-malicious-activities/
Our findings are, after creating the staging site, we show a popup from where the user can quickly login to their staging site, the URL format is something like
wp-login.php?wpstg_login=xxxxxxxx
On this page, we are getting the following warning,
MalCare Firewall
Blocked because of Malicious Activities
Reference ID: 473837891672c81d8864ee
We don’t find any way to whitelist from your dashboard. Please suggest.
]]>Hi there,
Malcare is working OK, but I’ve noticed it has the www, whereas the site is non-www.
I’m not sure if it makes any difference, but I was unable to change it. It says check the URL is correct and contact support.
Thanks!
]]>Hi
After activation it disappears from the Plugins list. If I go to the repository it is marked as Active but can’t find it anywhere, not in plugins, nor any menu alternative.
Have disabled it via SFTP for now.
]]>I have a subscription to Malcare and it shows no infections…but installed a free verion of another malware plugin to double check and it shows eight infections.
What is going on? Why this discepancy?
]]>I have a backup site with Basic Authentication enabled and wondered if I can still use malcare on it, a simple add SIte is not working
]]>My site got hacked and all my google ads are now disapproved and not working. Would you be able to clean and maintain my site in order for me to get them up and working again?
]]>Hi Support and community,
I am having a weird issue on filters. Ajax filter is working properly, only issue is when you click on checkbox, it filters the records but checkbox does not show selected.
Any help on this topic highly appreciated.
Thanks
Hi there
I attempted to remove Malcare from my website by first deleting the site from the dashboard and deactivating the plugin. This didn’t work. I still don’t have the ability to add or delete plugins from the wordpress dashboard. I then checked php.ini .htaccess user.ini, etc… for malcare code but there wasn’t any. So I removed the waf file. This didn’t help. I then deleted the plugin folder from my server files. This also didn’t work.
Not sure what to try next.
]]>I don’t want to allow Logins via wp-login.php. Does the free version of your product do that?
Ron
]]>With debugging turned on, I found this in my log. Is this an indication of a bug in the plugin? I x-ed out the IP adresss and removed the wordpress prefix. I think this is related to this plugin, since it mentions table <wordpress prefix>_bv_lp_requests.
]]>WordPress database error Column 'username' cannot be null for query REPLACE INTO<wp_prefix>_bv_lp_requests(ip,status,time,category,username,request_id,message) VALUES ('x.x.x.x', '2', '1718749248', '7', NULL, '19919161846672083ff4050', 'Login Success') made by require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), do_action('template_redirect'), WP_Hook->do_action, WP_Hook->apply_filters, WC_AJAX::do_wc_ajax, do_action('wc_ajax_checkout'), WP_Hook->do_action, WP_Hook->apply_filters, WC_AJAX::checkout, WC_Checkout->process_checkout, WC_Checkout->process_customer, wc_create_new_customer, wp_insert_user, do_action('user_register'), WP_Hook->do_action, WP_Hook->apply_filters, {closure}, do_action('wp_login'), WP_Hook->do_action, WP_Hook->apply_filters, MCProtectLP_V556->loginSuccess, MCProtectLP_V556->log, MCProtectLogger_V556->log, MCProtectLoggerDB_V556->log, MCWPDb->replaceIntoBVTable
Hi,
On several of the hosting accounts under our management, we’re seeing that the following line gets added multiple times/repeatedly:
@(include '/data/sites/web/REDACTED/www/malcare-waf.php');
Interestingly (not sure if related) we see code referring to a non-existing file:
cat /data/sites/web/REDACTED/www/malcare-waf.php <?php // Please validate auto_prepend_file setting before removing this file if (file_exists('/data/sites/web/REDACTED/www/wp-content/plugins/blogvault-real-time-backup/protect/prepend/ignitor.php')) { define("MCDATAPATH", '/data/sites/web/REDACTED/www/wp-content/mc_data/'); define("MCCONFKEY", 'REDACTED'); include_once('/data/sites/web/REDACTED/www/wp-content/plugins/blogvault-real-time-backup/protect/prepend/ignitor.php'); } ?> cat /data/sites/web/REDACTED/www/wp-content/plugins/blogvault-real-time-backup/protect/prepend/ignitor.php cat: /data/sites/web/REDACTED/www/wp-content/plugins/blogvault-real-time-backup/protect/prepend/ignitor.php: No such file or directory grep malcar www/wp-config.php @(include '/data/sites/web/REDACTED/www/malcare-waf.php'); cat /data/sites/web/REDACTED/www/malcare-waf.php <?php // Please validate auto_prepend_file setting before removing this file if (file_exists('/data/sites/web/REDACTED/www/wp-content/plugins/blogvault-real-time-backup/protect/prepend/ignitor.php')) { define("MCDATAPATH", '/data/sites/web/REDACTED/www/wp-content/mc_data/'); define("MCCONFKEY", 'REDACTED'); include_once('/data/sites/web/REDACTED/www/wp-content/plugins/blogvault-real-time-backup/protect/prepend/ignitor.php'); } ?> cat /data/sites/web/REDACTED/www/wp-content/plugins/blogvault-real-time-backup/protect/prepend/ignitor.php cat: /data/sites/web/REDACTED/www/wp-content/plugins/blogvault-real-time-backup/protect/prepend/ignitor.php: No such file or directory
Please reach out if you need further info from our end.
]]>I’ve been trying to synchronize the plugin for days but I always get an error.
I’ve tried every way but it’s impossible.
how can I solve it?
Hello
I was looking at my error_log file and i noticed a lot of PHP Warnings, all related to malcare. Here are some from yesterday
[27-Mar-2024 17:35:04 UTC] PHP Warning: fwrite(): SSL operation failed with code 1. OpenSSL Error messages:
error:1409E10F:SSL routines:ssl3_write_bytes:bad length in /home/bicicosa/public_html/wp-content/plugins/malcare-security/callback/streams.php on line 123
[27-Mar-2024 17:35:04 UTC] PHP Warning: fwrite(): SSL: Success in /home/bicicosa/public_html/wp-content/plugins/malcare-security/callback/streams.php on line 123
[27-Mar-2024 17:35:04 UTC] PHP Warning: fwrite(): SSL operation failed with code 1. OpenSSL Error messages:
error:1409E10F:SSL routines:ssl3_write_bytes:bad length in /home/bicicosa/public_html/wp-content/plugins/malcare-security/callback/streams.php on line 123
[27-Mar-2024 17:35:04 UTC] PHP Warning: fwrite(): SSL operation failed with code 1. OpenSSL Error messages:
error:1409E10F:SSL routines:ssl3_write_bytes:bad length in /home/bicicosa/public_html/wp-content/plugins/malcare-security/callback/streams.php on line 123
[27-Mar-2024 17:35:04 UTC] PHP Warning: fwrite(): SSL operation failed with code 1. OpenSSL Error messages:
error:1409E10F:SSL routines:ssl3_write_bytes:bad length in /home/bicicosa/public_html/wp-content/plugins/malcare-security/callback/streams.php on line 123
[27-Mar-2024 17:35:04 UTC] PHP Warning: fwrite(): SSL operation failed with code 1. OpenSSL Error messages:
error:1409E10F:SSL routines:ssl3_write_bytes:bad length in /home/bicicosa/public_html/wp-content/plugins/malcare-security/callback/streams.php on line 123
[27-Mar-2024 17:35:04 UTC] PHP Warning: fwrite(): SSL operation failed with code 1. OpenSSL Error messages:
error:1409E10F:SSL routines:ssl3_write_bytes:bad length in /home/bicicosa/public_html/wp-content/plugins/malcare-security/callback/streams.php on line 123
[27-Mar-2024 17:35:04 UTC] PHP Warning: fwrite(): SSL operation failed with code 1. OpenSSL Error messages:
error:1409E10F:SSL routines:ssl3_write_bytes:bad length in /home/bicicosa/public_html/wp-content/plugins/malcare-security/callback/streams.php on line 123
[27-Mar-2024 17:35:04 UTC] PHP Warning: Undefined array key "status" in /home/bicicosa/public_html/wp-content/plugins/malcare-security/callback/streams.php on line 202
[27-Mar-2024 17:35:04 UTC] PHP Warning: Undefined array key "status_string" in /home/bicicosa/public_html/wp-content/plugins/malcare-security/callback/streams.php on line 203Looking back at the log, these warning started to appear on 21-Sep-2023, but they where not so frequent.
I’m using PHP: 8.1.27 on LiteSpeed server
It’s not an error. Just leeting you know because they are more frequent and this could mean some kind of problem.
Regards
]]>Completely ineffective. While I’m willing to pay for my website’s cleanup, I would appreciate at least a minor indication of why you believe my website has been hacked.
]]>Malcare is not able to block the attacks, we are getting these attacks almost all the weekend even I have a premium account with them, if you are not available what the use of us purchasing the plugin.
I have notified these things earlier as well, and we get response after 2 – 3 days we cant keep of site off till the time u respond and we try to restore the site from the old backups of the server.
we have also installed wordfense and they notify us in advance about the multiple attacks, we still selected malcare premium and the pliugin doesnt work, no help from malcare team
]]>The plugin is installed and activated on the site – but when I enter my email (in WordPress) and agree to terms – it takes me to app.malcare/app/sites where I cannot scan for viruses. Security is all greyed out unless I upgrade. Is malware scanning now not for free?
Update: Is a ‘sync’ a security scan? Bit confusing. Can’t find any scan results – where are they in dashboard? This says it’s free: https://www.malcare.com/blog/malcare-free-vs-premium/
Update: even though it says installed and activated on the app.malcare – every time I login to my WP dashboard it says;
Activate MalCare Almost Done: Activate your Malcare account to secure your site.
Confused?
Plugin says my website is hacked but dont show what files,database or etc. is affected. How can I check that it only says clean and moves to your subsctiption page. Dont understand the point of saying website hacked maybe it didnt scan, maybe it scam.
]]>I uninstalled the plugin but I see I still have a file called “malcare-waf.php” in the root wp installation directory as well as my .htaccess file still has malcare configuration.
If I delete the ‘malcare-waf.php” file the site crashes.
How do I completely remove all configurations that this plugin added? I don’t even know how it got installed in the first place…
I checked your website after connecting to my domain but I can’t find the button anywhere to perform a scan, is this automatic? I don’t see the scan button like everyone else. thank you
]]>I want to buy the pro version but I have a question, if WordPress is multisite, will I have to buy a license for each subsite? It is not a subdomain but rather they all begin with example.com/….
]]>Hi, when activated MalCare plugin (Version 5.25) i get few Deprecation Notices on PHP 8.1 and WordPress 6.3.1:
Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in?/home/*/public_html/wp-includes/functions.php?on line?7127
Deprecated: str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in?/home/*/public_html/wp-includes/functions.php?on line?2182
Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in?/home/*/public_html/wp-includes/functions.php?on line?7127
Deprecated: str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in?/home/*/public_html/wp-includes/functions.php?on line?2182
Screenshot: https://i.gyazo.com/c2c9508cb0990132082349ade4252985.png
]]>Good morning, My site has malware, and while searching the web I found out about Malcare. Does purchasing the license ensure the removal of the Malware? Thank you very much, best regards
]]>Hi,
Wordfence says that Malcare files have been changed – has someone hacked this?
wp-content/plugins/malcare-security/callback/wings/info.php <- this is code change
wp-content/plugins/malcare-security/info.php <- This one is a version number
wp-content/plugins/malcare-security/malcare.php <- also a version number
Is this an issue?
Thanks for your help,
Karen
Hi!
I would like to know if this plugin also blocks spam comments?
Thank you
Plugin uninstalled but I can not delete site from your dashboard. Please remove it. Thank you.
]]>At the moment I have a test site on a free hosting server. This is going to be transferred to another host soon. Should I install Malcare on the freehosting server? The issue is that I am supposed to send you my email address – this is fine, but that email will change once the site is transferred to another host. What would you advise? Thank you.
]]>I have just discovered that the Malcare Firewall is blocking all my outgoing emails due to ‘Malicious Activity‘ which is a nonsense as the only emails coming from my site have been the ones I wanted to send, and I don’t send very many.
I have gone into the settings of Malcare (Free) and it displays that the Fireall is working, but no option to disable it or change the settings.
I’ve been left with no alternative but to disable the entire Plugin, and lose ALL of its features.
Is there any way in the Free verwsion to remedy this please?
]]>I am getting site hacked but it does not tell what was hacked.
]]>When I click on the MalCare menu item, it only displays {"message":"Access denied! You do not have permission to view this resource.","error":null,"error_class":"BV::UnauthorizedAccess"}.
I tried Malcare on my production site and it seems to be good however, it throws php error as shown by Query Monitor plugin:
Deprecated strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated
wp-includes/functions.php:7053
2 Plugin: malcare-security
Deprecated str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
wp-includes/functions.php:2165
2 Plugin: malcare-security
So, I have no other choice than removing this plugin for now and I will reinstalled after I see that error is fixed on upcoming version!!
]]>