I am using Salient 4.9 with WordPress 4 along with WordFence plugin. WordFence scan suggested malware is found in the following files (Scanning file contents for infections and vulnerabilities) of the theme:
On opening each of these files I see a reference made to http://bit.ly/vcomposer which when opened in Chrome gives a malware warning. Can you please fix the issue ASAP?
I just went ahead and did a search and replace to remove the offending URLS in the files flagged. But the real question is how this got past Envato's security screening when the last updates were done from WPBAKERY VC and from the themes that use it? I admit at being irritated at having to waste time with this after a panic email from a client this morning over this. Pretty clearly, the dev over at WPBAKERY has an infected local machine that created this in the first place.
Hey Guys, the URL http://bit.ly/vcomposer still appears in multiple places even in the current VC - when I access it, it seems to just be the ThemeForest Visual Composer plugin page, I'm not seeing any malware reporting in the browser when going to it but I'll reach out to WPBakery in regards. It could be a false flag from your security plugin since hardcoded URLs that redirect in theme files would seem suspicious - but it appears to be intentional, unharmful links from the plugin author
I am using Salient 4.9 with WordPress 4 along with WordFence plugin. WordFence scan suggested malware is found in the following files (Scanning file contents for infections and vulnerabilities) of the theme:
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/lang/default.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/changes.txt
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/composer/build.php
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/composer/settings/settings.php
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/default.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/js_composer-de_DE.mo
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/js_composer-de_DE.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/js_composer-es_ES.mo
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/js_composer-es_ES.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/js_composer-fr_FR.mo
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/js_composer-fr_FR.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/js_composer-it_IT.mo
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/js_composer-it_IT.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/js_composer-pt_BR.mo
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/js_composer-pt_BR.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/js_composer-ru_RU.mo
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/locale/js_composer-ru_RU.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/ar_AE.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/de_DE.mo
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/de_DE.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/default.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/es_ES.mo
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/es_ES.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/fr_FR.mo
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/fr_FR.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/it_IT.mo
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/it_IT.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/pt_BR.mo
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/pt_BR.po
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/ru_RU.mo
[Oct 25 16:27:36] Adding issue: File contains suspected malware URL: /filepath/wp-content/themes/THEMENAME/wpbakery/js_composer/theme_locale/ru_RU.po
On opening each of these files I see a reference made to http://bit.ly/vcomposer which when opened in Chrome gives a malware warning. Can you please fix the issue ASAP?
Regards,
Hiren Mehta
Hey Hiren!
If its showing as malware you can simply remove those files as they are only required when you translate visual composer.
Thanks
ThemeNectar Support Team
Not quite. There are PHP files in there as well. If those files are removed it breaks the theme.
I just went ahead and did a search and replace to remove the offending URLS in the files flagged. But the real question is how this got past Envato's security screening when the last updates were done from WPBAKERY VC and from the themes that use it? I admit at being irritated at having to waste time with this after a panic email from a client this morning over this. Pretty clearly, the dev over at WPBAKERY has an infected local machine that created this in the first place.
Hey Guys!
Have flagged the ticket for the developer to respond.
Best,
-T
ThemeNectar Support Team
I'm commenting because
1) I certainly want updates on this as they come…
and 2) to say I tried the scanner at Sucuri and all came out clear (at least on a URL scan)
sitecheck.sucuri.net
That is because they seem to have fixed the issue.
Hey Guys, the URL http://bit.ly/vcomposer still appears in multiple places even in the current VC - when I access it, it seems to just be the ThemeForest Visual Composer plugin page, I'm not seeing any malware reporting in the browser when going to it but I'll reach out to WPBakery in regards. It could be a false flag from your security plugin since hardcoded URLs that redirect in theme files would seem suspicious - but it appears to be intentional, unharmful links from the plugin author