WordPress.org

Ready to get started?Download WordPress

Forums

Sucuri Security - Auditing, Malware Scanner and Hardening
[resolved] vulnerability in plugin (3 posts)

  1. Stranger
    Member
    Posted 1 year ago #

    hi
    i am using this plugin from 2 weeks, my experience was almost nice, but on friday morning i was warned from PHPIDS security plugin (mute screamer) that the file \sucuri-scanner\inc\scripts.php was modified, i though it might be plugin itself that changed this files, but i was wondered on saturday morning when i was unable to access my site seeing SERVER NOT FOUND error,
    after a bit investigating i was shocked to see that the hackers use scripts.php to inject virus into it and after that my domain name was directly suspended by ICANN due to this infected file.
    please investigate this bug other wise i will delete this plugin :(

    http://wordpress.org/extend/plugins/sucuri-scanner/

  2. ogu007
    Member
    Posted 1 year ago #

    Hi!
    I would like to know if the plugin safe finally?
    Thanks for the feedback!

  3. leejosepho
    Member
    Posted 11 months ago #

    Have a look at this:

    ###
    # Harden certain WordPress folders (as recommended by Sucuri and others)
    # ref: http://www.wpbeginner.com/wp-tutorials/how-to-disable-php-execution-in-certain-wordpress-directories/
    # note: Do not use in ~/wp-content if your site uses TimThumb or similar scripts.
    # 1. Place in ~/wp-content/uploads and check for problems...
    #>> Blocks Plugins Garbage Collector plugin from scanning ~/wp-content/plugins/
    # 2. else Place in ~/wp-content/ and check for problems...
    # 3. Place in ~/wp-includes and check for problems...
    ## note: ~/wp-includes has many .php files.
    ###
    <Files *.php>
    deny from all
    </Files>

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic