WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Safe? wp-wpau.js.php Appears to be public (7 posts)

  1. JeepBeat
    Member
    Posted 1 year ago #

    My server was recently broken into and I have been researching how it could have happened.

    I noticed in my access logs a lot of hits to this file:

    http://mysubdomain.myserver.com/blog/wp-content/plugins/wordpress-automatic-upgrade/js/wp-wpau.js.php

    When I access that link, it reveals quite a lot, including links to "DOWNLOAD database backup". The page is unstyled (no CSS) and appears as if it should not be accessible?

    I have quoted the page contents below.

    Is this safe?

    [Code moderated]

  2. esmi
    Forum Moderator
    Posted 1 year ago #

    Try asking the plugin's developer.

  3. JeepBeat
    Member
    Posted 1 year ago #

    Isn't wp-wpau WordPress' built-in automatic updater?

  4. esmi
    Forum Moderator
    Posted 1 year ago #

    Nope. The inbuilt upgrade system is part of core and the code is not stored as part of a plugin.

  5. JeepBeat
    Member
    Posted 1 year ago #

    Oh.

    So if I disable "WordPress Automatic Upgrade" in Plugins (by Keith Dsouza), I can still automatically upgrade my WordPress as it is now built into core?

  6. esmi
    Forum Moderator
    Posted 1 year ago #

    Absolutely! Just get rid of the plugin.

  7. JeepBeat
    Member
    Posted 1 year ago #

    Thanks!

Topic Closed

This topic has been closed to new replies.

About this Topic