The plugin does not work when using php version 8.0 or above. The issue is that the plugin uses php_uname() function, which is disabled by hosting server for security reasons. Temporary solution is to revert back to older version of php (7.4).

• This topic was modified 1 month, 1 week ago by nasiriqbal.

there is no explanation here about mismatch

https://i.imgur.com/3XzdMCL.png
https://i.imgur.com/4FESCPo.png

I scanned my website used your Malcure tool and it displayed “Malcure Detected 1 Severe Infection(s)”

The file is: /wp-content/themes/flatsome/inc/admin/panel/sections/tab-changelog.php

<?php
/**
 * Theme Change log
 */
?>
<div id="tab-changelog" class="coltwo-col panel flatsome-panel">
<div class="inner-panel">
<pre style="padding:30px; overflow: auto;font-size:0.9em;">
<?php require get_template_directory() . '/changes.txt'; ?>
</pre>
</div>
</div> 

I guess this file is not a malware or virus.

I am seeing a cURL Error everytime I try to register for definitions update. This is the error.

cURL error 60: Peer’s Certificate issuer is not recognized.

I have tried 3 different email addresses, and none work; so I think it must be an issue with the SSL on your Definitions server, or the plugin itself.

It is a old site, so a very old version of wordpress. New site build is in progress, but we need this site to remain stable in the meantime.

Please let me know if you have had this same error message reported, and know any possible reasons?

Hi again. I would like to request a button to clear the scan logs.

Secondarily, it would be good to have a log for what the firewall features have blocked. It is also odd that there is a counter on the Firewall admin menu link, but there is no indication of what that number means.

Thank you

Hello,

Your plugin claims:

“Found database infection(s) in Option id 835567. Threat Level → severe. Hf531O”

I followed the link which doesn’t describe anything specific. I also searched the web for these two codes and nothing.

At the very least I would think the plugin should be able to point to the table in question. Since there is no reference to the questionable entry, how is this at all helpful?

Please advise, thanks

Installed a few to play with locally to see what they detect or not and to potentially scan plugins locally before used in production. Found this so wanted to share.

Detecting other scanner plugins as severe infections

/Local Sites/malware-scanner-site/app/public/wp-content/ninjascanner/nscan65966997517410.30495875/cache/signatures.txt

i just installed your plugin on suspicion on malware. on the connect to malware api server box when i press register, nothing happens. in the console log i see post 500 error. i have replaced the wp core files on ftp but still not working. i dont know whats wrong. my site is having issues when i try to post something i get 500 error page, same error if im trying to delete plugin.

• This topic was modified 1 year, 6 months ago by K.

How can I delete the log file (table or plugin dir) – I set Paranoia in the 1st run and it created a lot of false entries in the log file ??

Hi,

I clik on the update and nothing happens, can not initiate a scan.

When this warning is clicked:
Your site is using out of date definitions. Click here to connect to Malcure API Server for a thorough scan →
nothing happens.

Can not change files per rq.

Inititate DeepScan button is inactive.

Wordfence is switched off.

What shall I do, please?

Thanks.

Is there a reason why Malcure would add over 2MB of autoloads in the database? Other than deactivating the plugin and removing those entries from the db, how can this be trimmed down?

I can’t use the plugin, the “Run Scan” page takes hours to load and after the loading the browser is frozen. I tried on Safari and Chrome with a M1 Mac. The server is a dedicated 16cpu/32gb.

Malware issues are critical and time-sensitive. If you need help with the plugin, the fastest way is to visit Malcure Forums There’s a large community of users and experts monitors that forum, so by posting there you have a much better chance of getting a timely and helpful response.

Thank you for using Malcure WP Malware Scanner for WordPress!

How to removal malware:
https://malcure.com/blog/security/10-steps-to-remove-malware-from-your-wordpress-site/

• This topic was modified 2 years, 10 months ago by Malcure Web Security.

Hi All,

Do you have some issues about updating definitions? It says:

Failed. Reason: Please register to get updated definitions.

I use this plugin for a long time. Looks like it needs to be get registered but how?

on trying to run website scan with malcure website froze.
website and scan admin page crashed.
now website is completely frozen and can’t access cpanel.
is it possible the scan is still running without any windows open?
if so, is there any way to kill the process or other ideas as to what might be happening?

Malcure says that firewall have notifications, but doesnt show what blocked?
https://ibb.co/q1mnJWy

I get this error when I try to open malware scan page

PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /var/www/html/wp-content/plugins/wp-malware-removal/wpmr.php:4445\nStack trace:\n#0 /var/www/html/wp-content/plugins/wp-malware-removal/wpmr.php(1972): WPMR_Init->update_setting()\n#1 /var/www/html/wp-content/plugins/wp-malware-removal/wpmr.php(2080): WPMR_Init->get_definitions()\n#2 /var/www/html/wp-includes/class-wp-hook.php(303): WPMR_Init->scanner_page()\n#3 /var/www/html/wp-includes/class-wp-hook.php(327): WP_Hook->apply_filters()\n#4 /var/www/html/wp-includes/plugin.php(470): WP_Hook->do_action()\n#5 /var/www/html/wp-admin/admin.php(259): do_action()\n#6 {main}\n thrown in /var/www/html/wp-content/plugins/wp-malware-removal/wpmr.php on line 4445

Any solution for this ?

I cannot get this scanner to run at all. it just initializes for an hour and then runs so slow it will take an entire week just to finish. says its running at duck speed. no matter what i try, the results dont change.

how do i get this thing to actually scan effectively?

Hi,

I ran the Malcure scan and I got “Invalid Scan Response” for many of the files in my wp-content directory. Does that mean that these files have malware or does it mean that the files could not be scanned? Do the permissions of my wp-content directory have anything to do with the scan response message? Please clarify.

I just used malcure to scan my site which it did very well. After removing the plugin, my site became very slow as the mysql process eats up almost all CPU capacity (constantly close to 100%). Is there anything known about issues with removing this plugin? Anything that could cause this extremely high processor drain? Any manual action I can perform to check whether this plugin left residues I need to clean up?

Thank you!

Hello,

I got this message when trying to update: Failed. Reason: Error fetching Update.

It worked flawlessly for more then a year. Not sure if this is a issue on my site or my hosting proivider or on the delivery side of the update.

Does this plugin conflict with wordfence & wp hide ?

Dear Malcure team,
Malcure detected an outdated version of adminer.php on our website. Though I replaced the file with the latest version (4.7.7) the notification “severe infection” doesn’t disappear when scanning again.

Malware Details For Infection ID: KAGFu
Brief: Adminer database management tool Not malicious but versions below 4 7 0 have a vulnerability that can allow site takeover PHP adminer 3653

Is this a bug?

Thanks in advance for your help with this issue!

Best regards, Dinha

I installed the plugin and disabled the other anti-malware plugin I had before, to not be in conflict.
But now when I start the scan with malcure, it stays forever in status: Initializing.
Checksums: 5232
Signatures: 3320
Sig Version: Hn456
Last Updated: 3 hours ago
Total Files: 0
Files Excluded: 0
Files to scan: 0
Files remaining: 0
Time Elapsed: Not Initialised
Time Remaining: Not Initialised
Achieved Speed: Duck
Status: initialising…
Do I need to do other steps or something more to start the scanning?
I tried also with put a higher amount of scan files /request. No success.
I cleared the cache from WPRocket too.
Is a W2012, IIS, PHP 7.3.7, WP 5.4.2 all updated.
Thanks.

Hi,

My website was infected but I cleaned and re-scanned. malCure couldn’t find any issue. Now I want to clean logs. But how? I couldn’t see any option. Thanks.

Hi malcure i love your plugin and i have some questions.
i want to setup a woocommerce shop and i want to know that how much this plugin slow website? does it have a waf that support zero day exploits like ninja firewall? do i need another plugin line ithemes to harden my website? does this product has a waf?

• This topic was modified 4 years, 6 months ago by armanmprr.

Hi there!

Thanks for this plugin. Scan was very helpful to make sure nothing was infected on a clients website.

One problem though: The Logs page throws a PHP fatal error on WordPress 5.2 and earlier and thus shows an empty admin screen (tested with plugin versions 6.2 and 6.3).

PHP Fatal error: Uncaught Error: Call to undefined function wp_timezone_string() in (..)/wp-content/plugins/wp-malware-removal/wpmr.php:1376

The function wp_timezone_string() was introduced in WordPress 5.3 so for older WordPress installs the logs page doesn’t work at the moment.

https://developer.www.ads-software.com/reference/functions/wp_timezone_string/

All the best!

Is there a way to ‘whitelist’ MalCure in Wordfence so that I can run both and it will not be blocked in a long scan?

Hi,

During a scan, Malcure says that a malware has been detected in one of my WP sites.

Malcure says that the malware has been detected in a index.html file in wp-content/cache folder created by a cache plugin (WP fastest cache).

I analyzed thouroughly this file both manually and using even virustotal.com website, but there no whatsoever malware in this file…

Is this a false positive?

Best regards

Is there a way to whitelist a file from being marked as malware?

I use sucuri (legitimate security service) and their php file is marked as malware and is not….