Sucuri Security Notice


A malware breach has been reported by Sucuri labs ->

Please make sure to have prevention tactics in place. This is not an Avada related issue but a result of security breach as mentioned here ->

Firstly, we would like to clarify that this is not a theme related breach or specific to Avada. The Avada core files are malware safe and secure. Malware can however be injected into the reported file via insecure 3rd party plugins, insecure shared hosting amongst other methods.

A hacker is targeting minified scripts to inject and hide the malware. Thanks to Sucuri, this is not possible anymore. As further precaution, you should also look at ANY other minified script within the plugins or other themes which are not active within your installation. This is because Sucuri only scans the scripts and files of the active themes and plugins.

Explanation of the issue by Sucuri:

Encoded javascript (known the send malware to a site visitor) was detected. They can be in any form, but generally use base64 or some form of encoding to hide its content. Sometimes the content is not encoded, but a simple remote javascript is included to ther pages.

How to test your site:

Please use the Sucuri scanner here ->

The effected file:
Is as follows -> themes/avada/assets/js/main.min.js

We have run a test on our demo site -> – as of November 20th, 2015 and can report no malware detected ->

It is also important to note that a fresh download of the latest version of Avada via your Themeforest account is 100% malware free.

How to resolve this if your site is infected:

Method 1 – Replace the following Avada file only -> themes/avada/assets/js/main.min.js – taken from a newly downloaded Themeforest copy of Avada

Method 2 – Replace the entire theme with a newly downloaded Themeforest copy of Avada

1 Like
Proudly Serving Over 250000 Satisfied Users!