rritoch

This is truly insane that a production version has a Beta dependency. V2 of the API hasn’t yet been released so you won’t find it in the WordPress repository. It seems the options are to downgrade your version of this (AngularJS for WordPress) plugin or take your chances with the beta release of WP-API.

https://github.com/WP-API/WP-API/releases/tag/2.0-beta3

Here is the proof that the static files are NOT a security risk. If they were than simply going to the following link would infect my own web sites.

https://www.ralphndiaritoch.info/wp-content/plugins/web-security-tools/phpwebsectools/modules/virus_clean/definitions/sm3wv8.static

As you can see they are displayed as harmless text files with no risk to the web browser or the server!!!

I will be filing a complaint against bluehost as their defamation of this plugin has lead to WordPress discontinuing this plugin. Even WordPress doesn’t understand that the plugin cannot harm a web site and that the files in question are REQUIRED to delete the associated VIRII and Threats.

Hello,

This plugin does not install a virus on your site unless your server will execute .static files. The .static files are used to remove the virii from your server. If you get a new virii you can make your own .static files in the same folder and run the scanner to clean the virus off of your site. If you are truly paranoid you can use .htaccess to block access to any .static files.

Best Regards,
Ralph Ritoch

Snowmoon,

I’m sorry to say but your site has been infected by a virus. You can follow the instructions at https://www.vnetpublishing.com/websecuritytools/ . Since you don’t seem to be an expert you should probably hire someone who is to repair your site. If you are on a tight budget but aren’t able to isolate the virus and create a virus definition file than your other option is to backup your database and web site and do a fresh wordpress install. Most people with wordpress who are getting infected are using timthumb be sure you don’t use anything with timthumb. You may even be able to recover your blog articles from the database and put them in your new database.

Best Regards,
Ralph Ritoch

I’m sorry about that, but I didn’t see your comment until today.

There are two behaviors of this script which protect your site. First of all if it detects any alteration to certain PHP code it will shut down your site. If you are getting “service unavailable” errors than chances are either your site is infected, or you have changed code that you shouldn’t have.

The second behavior of the script is that it will blindly patch security holes by changing file permissions of directories and files. This will break any non-secure scripts you have on your site.

If you didn’t alter the security plugin than chances are you have a plugin running which is a security risk, and since it can no longer write to files on your server it has broken your site. Example: timthumb

shazdeh,

I really don’t like the idea of prematurely killing a script as that will prevent other plugins from being able to complete their tasks. The implementation of the template selection though should probably be done with a filter instead of the current method. The registering of a object is still critical though. When I get a chance I will likely do some additional work on this hack to reduce the complexity and increase the usefulness of it.