Select Page


I use ManageWP.com (recently bought by GoDaddy) to quickly manage a number of WordPress sites, all in one place, at one time.
Recently, while running security checks on the sites, one of them popped up with a site error – something you never want to see on a site.   I ran a couple of other scans to double-check – with the same result.

Trawling around online, the 404javascript.js can be a legitimate malicious WordPress injection.   It can be a part of actual, harmful, malware.

Looking at the site via FTP – that file isn’t there.   In fact, it’s not in the site at all (much time was spent searching).

You see, though the error also shows as a 500 Internal Server Error.
A 500 error is a very, very general error that basically means that something went wrong with the server.

After a lot of searching and researching, I figured that the problem must be down to the 500 error, and less about the Malware.
Calling GoDaddy confirmed this, though they couldn’t work out exactly where/what the issue is and why this site would throw an alert when other, practically identical sites wouldn’t.

Everything was checked from the .htaccess on up.  Theme files, plugins, the works – all seemed ok but still, scans threw alerts.

Leaning toward the good old .htaccess – copying and pasting the .htaccess contents from a functioning file didn’t make any difference.

After a little more research, I decided to trash and totally recreate the .htaccess.
Renaming the existing file (so as to not lose it completely), upload a new text file and rename it via your favorite FTP application, and what do you know? It worked! All scans coming up clean.
Just create a blank one, maybe copy and paste a perfect .htaccess from a template, or re-write it if you know how.
Be sure to set your file permissions correctly too – keep that bad-boy secure.

It seems that the 404javascript.js (error 500) error is just a generic way of saying that there’s something wrong, it could be malware, it might not be, but who knows?

So, before you tear your hair out for days, wreck your site, spend money on support, and worry about malware – even though your .htaccess may look shiny and wonderful on the inside – even though it’s essentially just less than a text file, it can be even minorly corrupted on the outside and give your site real issues.

I can’t guarantee this is the problem with your site.  Maybe you have something more serious going on, but the .htaccess is a good place to start, and it’s easy to just re-rename your old .htaccess to put it back into place and have everything the way it was.

Of course, I have to say – if you’re not comfortable FTPing, and playing with your WordPress core files – please, please ask someone who knows for help.

If you’re looking for inexpensive, quality, supported Managed WordPress Hosting, check out Tubu Internet Solutions.