Google Ads Support says Integrity CSS file is infected?

Hi there!

I have an issue with Google Ads Support, who keep disapproving my ads,because they claim there is malware on my website. I removed my wordpress installation, including themes and plugins, and uploaded a fresh copy of Pro, straight from the theme.co download section. Same for the plugins, all fresh plugin files, sourced straight from the vendors and reinstalled after wiping the previous installs.

And yet, they say that when they scan the site, it is still infected. They have now sent me a list of files which they demand I either remove from the website or disinfect, and if not, I won’t be allowed to advertise via Google.

I am at the end of my ropes here, I have attached the list of Pro files as they sit on my server, which they say are infected. I cannot find anything wrong with them???

Hi Tristan,

Thank you for writing in, with that lots of files infected, it is better to reinstalling everything (all plugins and all themes) including the Wordpress itself. Then install a Wordpress Security plugin like WordFence.

Please follow this thread and read this article for a possible solution and contact your hosting regarding this issue as they have a better overview of this than us. Or hire someone that is expert in cleaning Wordpress site.

Let us know how it goes,
Cheers!

I understand that and that is what I did. I hired Sucuri.net to do that.

The problem is that Google is still not allowing me to use these files, because according to them, there still is a problem with my Pro files.

What would be helpful is if you could confirm is that the Pro files from this list as they sit on my server are identical to the official theme.co files.

Perhaps not all of them, maybe just a few? Then I can forward your reply to Google Support

Hi Tristan,

From the above list that you have shared, official Pro theme files are as follows.

wp-content/themes/pro/framework/dist/css/site/stacks/integrity-light.css

/wp-content/themes/pro/cornerstone/assets/dist/js/site/cs-body.js
/wp-content/themes/pro/cornerstone/assets/dist/js/site/cs-head.js
/wp-content/themes/pro/framework/dist/js/site/x.js

/wp-content/themes/pro/framework/fonts/font_awesome/fa-light-300.eot
/wp-content/themes/pro/framework/fonts/font_awesome/fa-regular-400.eot
/wp-content/themes/pro/framework/fonts/font_awesome/fa-solid-900.eot

However it seems that some of the files are rendered through your caching plugin and it created minified versions, so you will see different names on your above list. You can disable your CSS/JavaScript minifications of your caching plugin and then you should be able to see the exact file names.

Hope that helps.

Can you then please confirm that these files are similar to the official Pro ones?

/wp-content/themes/pro/framework/fonts/font_awesome/fa-light-300.eot?,
/wp-content/themes/pro/framework/fonts/font_awesome/fa-regular-400.eot?,
/wp-content/themes/pro/framework/fonts/font_awesome/fa-solid-900.eot?,

and Contact Form 7 was installed from inside the Pro theme, so please confirm also for

/wp-content/plugins/contact-form-7/images/ajax-loader.gif,

Hi Tristan,

Yes, same files on my installation and official Pro. But I can’t rule out that it’s infected or not infected. I have a similar experience before but on my own created theme, I edit the files and I found nothing. But later, I found out that the hosting is inserting something to the files it serves. It doesn’t directly edit my files but changes it as it serves it. I changed hosting and haven’t experienced it.

Another similar case (but not malware) on the forum and his Wordpress editor isn’t working, something is adding a tracker to tinyMCE javascript and breaks it. https://theme.co/apex/forum/t/unable-to-edit-txt-box-when-using-click-to-edit-function/56159/6, https://theme.co/apex/forum/t/amended-text-editor-blank-in-cornerstone-after-theme-update/55078/6. When checked on the actual files, it’s not there.

I’m not saying it’s exactly the same on your case, it could be different. But I recommend looking on that area too, try testing it on a different host.

Thanks!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.