Jump to content

False Positive on My Client's Website

Go to solution Solved by gonzo,

Recommended Posts

I'm a web developer and am contracted to operate as webmaster for the website 


White doing routine maintenance operations on the site, I encountered a page from Malwarebytes Browser Guard incorrectly blocking downloads from the WordPress admin area. I was attempting to download backups of the site. I tried to click the button to continue with the download and the first time it worked, but the 2nd time it went into an infinite loop of reblocking this site, and the only way to prevent this loop was to completely disable Browser Guard.

I checked my MBAM settings and the site is already manually set to allowed and should not be blocked like this.

I know this site is clean as I have security active on the site, including a firewall and daily scans for signs of tampering and there are no signs of any security issues with the site.

Please remove this site from any block list and fix the blocked site page so it behaves properly. IE when clicking on the "continue to site" button, it disables this warning and allows normal browsing of the site and downloading of files and not continuously loop back to the blocked page.

Edited by AdvancedSetup
disabled live hyperlink
Link to post

What extension did the blocked files have?  DOC/DOCX? XLS/XLSX?  EXE?  The site is not on a block list, so it likely has to do with the action itself.  For reference, MBAM and Browser Guard are two separate programs.  One will tell you about many behaviors of the other, but they do operate separately.

Knowing more will also help us reproduce the issue (if it is reproducable).

Link to post

the files were .zip files. Compressed backups of the database and site files. They're only accessible through the WordPress admin area as a logged in Admin user. I've never had MBAM or Browser Guard block these types of files before and I download them regularly for several sites I manage, or am in the process of developing.

So to reproduce it, you may have to run WordPress in a test environment. The site shows about 140 session and 250 pageviews over the past 30 days according to Google Analytics and is at about it's 1 year anniversary, so this is still very much a new domain and business.

I also just checked on another client's website and I'm running into the same issue. This site's 


and is also protected by the same on site security as the other site and has considerably more traffic at 610 session and over 1000 pageviews in the last 30 days, and it's been around since at least 2018 (that's when I first connected with the site's owners), so it's not likely site age or low traffic that's causing this issue, but the .zip file type itself. This is probably from an update that occurred within the last week as I performed the exact same actions on the exact same 2 websites last week, on Wednesday Oct 20.

The plugin I'm using in both cases to crate the backups is BackupWordPress. I access the backups in the WordPress Admin area, click the download link and the blocked site error page comes up.

Edited by AdvancedSetup
disabled live hyperlink
Link to post

I just tested downloading the smaller database backups (also .zip files) from my email provider (one.com) through their online webmail app and had no issues, so it seems to be directly connected to downloading files from websites, or possibly as a logged in WordPress Admin. Would require further testing to determine what the exact criteria are to trigger this security block page.

Link to post

Thank you for that.  You can add sites that you administer to the ALLOW LIST so that you do not have to allow them each time.  That does imply that you know you can trust they have not been compromised.  I am going to alert the developer and QA to your report.  Hopefully they have a suitable environment for full testing of this.

You may also wish to reproduce the issue one more time, and immediately afterwards collect a Browser Guard Log, ZIP the log up and send it to me.  That log may be able to highlight what is causing it as well.

Link to post
Just now, gonzo said:

Reading this a second time, if you have already added the site to the Allow List, a secondary domain/subdomain may be involved that is launching another app.  That log could be valuable!

There isn't. It's just linking to a file on the server. BackupWordPress stores the backups as zip files in a folder on the server.

Link to post
  • Solution

I have just added truevikingfinance.ca to the whitelist.  Give it 15-30 minutes and see if that takes care of it.  The developer did have some concern about the program behavior and there may be some work done there. I can't predict developer priorities or schedules, so I'll leave that part there.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.