Make WordPress Core

Opened 13 months ago

Closed 13 months ago

Last modified 11 months ago

#58130 closed defect (bug) (wontfix)

Google has detected harmful content on wp-login.php page

Reported by: thomask's profile thomask Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description (last modified by costdev)

Google just marked my web as potentially harmful, but it marked the default wp-login.php page (there is no change on that page by any plugin or virus as far as i can say). The only changes I see in the code comparing to blank wordpress are from Site Kit by Google 1.98.0 plugin - so plugin made by Google himself (from unknown reason it ads <meta name="generator" content="Site Kit by Google 1.98.0"> what is btw stupid)

I know this is probably more a Google bug, but i guess there might be some reason why it triggers, that might be improved.

the reported url is

the Learn more link goes to

Attachments (1)

Snímek obrazovky 2023-04-14 000148.png (243.9 KB) - added by thomask 13 months ago.
google search console screenshot

Download all attachments as: .zip

Change History (5)

13 months ago

google search console screenshot

#1 @costdev
13 months ago

  • Description modified (diff)
  • Keywords reporter-feedback added

Hi @thomask,

Is there a verified or suggested issue with WordPress Core? If not, then this needs to be explored further to determine the root cause.

Side note: Trac, like all public WordPress communication channels, is family friendly, so I've removed an acronym that was included in the original ticket's summary.

#2 @sabernhardt
13 months ago

In addition to the Site Kit 'generator' meta tag, the login page also has <!--n2css--> (from Smart Slider 3?) and a stylesheet from Limit Login Attempts Reloaded.

<link rel='stylesheet' id='llar-login-page-styles-css' href='' media='all' />
<meta name="generator" content="Site Kit by Google 1.98.0" />

Neither of those seem to cause a security issue. The free Sucuri SiteCheck does not report specific vulnerabilities, though their report mentions that McAfee blocks the site. I recommend checking any possibility the site might have been hacked.

If you find and fix a problem, or if you are confident that the site is safe, you could click the Request Review button in Search Console.

#3 @thomask
13 months ago

  • Resolution set to wontfix
  • Status changed from new to closed

yep. I have added also limit login attemps to even more enhance security.

The site was not hacked recently (it was months ago). I have tried Request Review before, but nothing changed. But when i posted this report i tried it again and they put the notice down. So it was probably some minor glitch at Google. I resolve this as #wontfix.

#4 @sabernhardt
11 months ago

  • Keywords reporter-feedback removed
  • Milestone Awaiting Review deleted

Thanks for the reply!

Note: See TracTickets for help on using tickets.