URGENT: Malware Flag

I left managewp and migrated all customers to mainwp

All my customers who host with godaddy got a suspension warning 24 hours later asking them to remove

wp-content/plugins/activity-log-mainwp/extensions/reports/download.php ]

or they will be suspended for good.

Has anyone else experienced this? and is there a fix?

Casually dealing with a few hundreds calls today from clients in shock :frowning:

This is a 3rd party plugin, not managed by MainWP: Activity Log For MainWP – WordPress plugin | WordPress.org so it would be best to contact the plugin author.

Does it say anything about the malware it has detected? I don’t see any malware in the original file, so make sure the file hasn’t been tampered with. If it isn’t it might be a false positive and you should contact GoDaddy support to ask for more information.


Thank you, I think I will deactivate for now as GoDaddy are notoriously slow at replying or acting on anything.

The part i am finding hard to solve is that I don’t see this plugin installed… seems it might be part of pro reports.

The plugin is installed on the client sites, but it might be hidden.

Hi @extensive

As @josklever pointed out above it looks like the plugin in question is Activity Log for MainWP, a third-party extension developed and maintained by the Melapress team.

However, that plugin (which we also refer to as a MainWP extension) shouldn’t be installed on the child sites (your client’s sites) but only on the MainWP Dashboard.

Did you perhaps install it on your child sites? If so, please remove it.

We have contacted the Melapress team, and they will look into this further.


Hi @bojan & @josklever

Thank you for you response and help

We manually went into each site and removed the plugin

To be honest, not quite sure how this plugin got installed on all websites, I think it was an option in pro reports or when we were adding child sites, we added quite a few yesterday.

I was also note entirely sure how to remove plugins across all websites in one click via mainwp so we just did it manually an re-synced all

1 Like

You are most welcome.

The Pro Reports extension will suggest to install MainWP Child Reports plugin on child sites which works in tandem with Pro Reports.
However, MainWP does not suggest at any point to install Activity Log for MainWP extension to your child sites.

For future reference, you can find information here on deleting plugins in bulk:

Thank you for the article on delete plugins.

What is strange, we didn’t install this plugin on any sites manually or directly, only we manage the websites, the site owners or any other developer doesn’t access them… and we only accessed the websites via mainwp, so somewhere along the line, it got installed via mainwp – also note, that plugin was on ALL websites we connected to mainwp.

Need to trace back to see where and how that got activated.

Hi @extensive,

I reviewed this case and checked the file that GoDaddy marked as malicious.
It’s located here:

I would suggest asking GoDaddy support what triggered their security systems to flag this file.

Also, I texted the plugin author, and as soon as he is available, I believe he will reply here. I assumed he would have more info about it, but not sure yet.

On the other hand, I am not sure how this plugin (extension) could get installed on all your websites.
MainWP plugin itself does not have any feature that would do that. There is no code that “auto-installs” any plugin before MainWP Dashboard user executes the process.

I also checked the Activity Log for MainWP extension and found nothing that would do it.

This is the first time we have had something like this reported. There are 20K+ active installs for MainWP Dashboard from users like you, with over 600K managed child sites, and no one has reported this problem. So, I am sure that the MainWP plugin did not play any role on its own in installing the mentioned plugin on all your Child sites.

I would strongly suggest reviewing server logs so you can get to the bottom of it and figure out how the plugin got installed.


Hello @extensive and everyone else,

I am Robert from Melapress. A quick update from our end:

  1. It seems that this report is about our MainWP Extension; Activity Log for MainWP.
  2. This should only be installed on the MainWP dashboard, and not on child websites.
  3. By coincidence we are working on an update and I can confirm that there is no malware in that file. Maybe the functionality that triggers the file download has triggered this?

As @bogdan said, can you please ask GoDaddy to be more specific and advise what is triggering this report?

Also, this plugin should not be installed on child websites, but only on the MainWP dashboard. The fact that it is installed on child websites is either a mistake or there is something fishy.

Please drop us an update as soon as you hear back from GoDaddy. Also, would you be able to send me a copy of that file in question so we take a look? Did you compare it to the original one on the repo?

You can always contact me directly via email at [email protected].

Looking forward to hearing from you and to solving this issue.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.