I have 3 WordPress websites that within the last week have all been blocked by Avast AVG.
I have checked them with multiple online scans (securi, pcrisk and virustotal) and they are all clean.
I’ve manually inspected recently updated files in the file system, and it doesn’t appear that anything is wrong.
I’ve submitted a False Positive report and not heard back.
What gives? The only connection between these three sites is that they are hosted on Namecheap (the first two domains are add-on domains of wiseflower.org), so they all share a host file system.
I can’t figure out why they are being blocked and hope Avast is quick with their review as it could be costing me clients. Any thoughts? And how long does it typically take Avast to respond?
Thanks, I actually did report it using that form last week. I submitted one for each website. I still have not received any acknowledgment or email reply from Avast, but just checked my websites and they are now loading again. So Avast must have done something, but I don’t know what or why they were blocking me to begin with.
One important issue with the configuaration of your Word Press CMS was found:
Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
Path Tested Status /wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
Set this setting to disabled and your good to go,
Have a nice day,
polonus (volunteer 3rd party cold reconnaissance website security analyst and website errror-hunter)