Got Critical Message from Wordfence


I got the following message from Wordfence:

Alert generated at Saturday 25th of October 2014 at 07:15:01 AM
Critical Problems:

  • File contains suspected malware URL: …/wp-content/plugins/bb-plugin/js/jquery.magnificpopup.min.js

  • File contains suspected malware URL: …/wp-content/themes/bb-theme/js/jquery.magnificpopup.min.js

Can you tell me if this is something you added or it is a suspected malware URL.


Hey Dennis, that particular jQuery file has a bitly URL in the comments. You may have heard, but bitly had a security breach and many services started flagging bitly URLs as malware. Here’s the first artilce that came up when I Googled the problem:

I am assuming that’s the reason that WordFence flagged that file. But, can you please send us a copy of that Javascript file so we can be sure? Also, since we’re chatting about it, did you get any other WordFence notifications? And or, is there anything that might lead you to believe your site has been compromised? Let us know…

[Content Hidden]

Dennis, which email was sent from a noreply!? I am not sure I understand…?

It looks like WordFence officially responded to the incident and it was the bitly breach we suspected. Here’s another link for ya:

Thanks Dennis, sorry for the trouble!

[Content Hidden]