Malvertising
-
Malvertising is placed on my site.
WP.com: Yes
Jetpack: No
Correct account: YesThe blog I need help with is: (visible only to logged in users)
-
-
AVG Antivirus-Benachrichtigung auf einem Bildschirm, die eine blockierte Verbindung zu einer Webseite mit dem Hinweis „Bedrohung gesichert“ zeigt. Die Meldung beschreibt die Bedrohung als „URL:Malvertising“, verweist auf eine gefährliche Werbung und nennt den Google-Chrome-Prozess als Quelle. Optionen zur Schutzverbesserung und zum Melden einer Fehl-Erkennung sind sichtbar.
-
I did read wordpress.com has a new advertising channel, so the problem is probably over there.
-
-
Hi @smoothjazzdaily,
Thanks for screenshot. I understand how concerning it can be to see a warning like that, and I’m happy to help clarify what might be going on.
Your site is hosted on WordPress.com under the free plan, which means WordAds, custom scripts, JavaScript, or iframe embeds aren’t supported. WordPress.com automatically strips unsupported or potentially harmful code to help keep your site and visitors safe. Because of this, it’s very unlikely that any actual malicious code is running directly on your site.
Check this guide for reference: https://wordpress.com/support/security/That said, AVG may have flagged a regular hyperlink — not a script — that points to a known suspicious domain (
linktracer.xyz). If a link like that was added manually to a post, page, or widget, even unintentionally, that could explain the warning. I’d recommend reviewing your site content for any unfamiliar or suspicious links.Also, since you mentioned you’re seeing this in Chrome, it’s worth checking if the issue persists in a different browser or device. Sometimes browser extensions or local software can inject ads or tracking scripts, and antivirus tools might associate that with the site you’re visiting. Let me know if you get the same warning on a different browser.
If you’d like help reviewing any specific content on your site, feel free to let us know, and we’d be glad to take a closer look.
-
Thanks for chiming in @observaterry,
Since your site is also on the free plan and WordAds isn’t active, it’s unlikely that the issue is coming from anything directly hosted or injected by WordPress.com. As mentioned earlier, WordPress.com doesn’t support custom scripts or iframes on free sites, and we take strict measures to block potentially harmful code.
That said, if there’s a manually added link in your content pointing to a flagged domain, that could explain the antivirus warning. Have you added any link to your site recently?
Could you please test the site in a different browser with extensions disabled, or in incognito mode? This way, we can determine if the warning appears across different browsers.
Let me know if that helps. -
-
Your new advertising partner uses that link to linktracer.xyz which seems not to be safe as stated by several thrustworthy websites.
Also the kind of ads they show are pure scam: you won an iPhone or whatever
-
Thanks for replying @josefhtest,
I’ve never manually added any links to
linktracer.xyz. I was first aware of this problem yesterday morning (~9am BST, 8 July), and the latest blog post was on 22 June.It cropped up on Chrome, Firefox, and Edge on separate devices, and it occurred on any blog post, which made me wonder if it had something to do with the widgets.
I changed the widgets for the search, latest posts, and most popular posts (from legacy to the latest versions); I removed the widget for my Gravatar. Even so, the blog was still getting flagged by Norton and Symantec.Currently, I’ve found the problem only stopped on Edge (protected by Symantec), and Firefox/Chrome (protected by Norton) after I removed the legacy ‘Follow blog’ widget. However, it persists on Chrome (extension, protected by Symantec).
If I learn anything more, I will keep you posted.
-
Probably related to this other recent issue:
https://wordpress.com/forums/topic/my-page-got-redirect-to-redirects-to-megadraws-dot-click/ -
Hi again @observaterry,
Thanks so much for all the details you shared.
We’ve identified the issue, and it’s now been resolved. Your site should no longer be flagged or show any unexpected behavior related to ads or redirects.
If you’re still noticing anything unusual, feel free to let us know — we’re happy to keep investigating if needed.
-
I experienced just now a new attack. In addition the Share Button for sharing posts to facebook is out of function.
-
Hi @smoothjazzdaily,
If your site has ads active, could you please try the following to turn off ads?
You can go to Tools → Monetize (or Jetpack → _Monetize if using WP Admin), click on the “Ads” tab, and then “Settings” to turn off ads. After that, please activate it again and clear your browser cache: https://en.support.wordpress.com/browser-issues/.This should reset the ads settings and load an updated version of the site.
Regarding the social share button, is it not working on smoothjazzdaily.wordpress.com? I tested some of your posts, and it worked well for me. Could you please share a screenshot of the error you are encountering or provide a post URL for testing?
Here is a guide on how to take screenshots https://wordpress.com/support/make-a-screenshot/
Additionally, have you tried using a different browser or incognito mode in your current browser to rule out any caching issues?
I look forward to your reply, -
-
-
Hi there,
I appreciate your patience while we reviewed this on our end! Our new ads partner has implemented a fix that should take care of the scam-type ads. Please let us know if you continue to see them.
Best,
- The topic ‘Malvertising’ is closed to new replies.
WordPress.com Forums 