Am I hacked?

  • Resolved Jeroen-marketing

    (@jeroen-marketing)


    3 years, 1 month ago

    According to WordFence, I am getting these errors with your plugin:

    Modified plugin file: wp-content/plugins/google-captcha/google-captcha.php
Type: File
Issue Found 24 March 2021 07:47
Medium
REPAIR
IGNORE
DETAILS
Need help with a hacked website?

Our team of security experts will clean the infection and remove malicious content. Once your site is restored we will provide a detailed report of our findings. Includes a 1-year Wordfence Premium license.

Modified plugin file: wp-content/plugins/google-captcha/includes/allowlist.php
Type: File
Issue Found 24 March 2021 07:47
Medium
REPAIR
IGNORE
DETAILS
Modified plugin file: wp-content/plugins/google-captcha/includes/class-gglcptch-settings-tabs.php
Type: File
Issue Found 24 March 2021 07:47
Medium
REPAIR
IGNORE
DETAILS
Modified plugin file: wp-content/plugins/google-captcha/includes/forms.php
Type: File

    Am I hacked? Or what can this be?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Anonymous User 17160716

    (@anonymized-17160716)

    3 years, 1 month ago

    Jeroen-marketing, hi there.

    What kind of issue do you see in the “Details” tab for each file?

    wwwolf

    (@wwwolf)

    3 years, 1 month ago

    A quick look at the details suggests the plugin has been updated (particularly in relation to display of ads for Premium version?) without actually changing the version number, so it hasn’t been flagged (and therefore an update offered) in WordPress… but Wordfence is seeing differences when it compares the local version with that in the repository.

    While this might have been done because none of the changes relate to core functionality of the plugin, it’s still not good practice, and gives those of us using Wordfence a fright (and the tedious process of checking the differences).

    My usual solution when developers do this is to back up to the installed version of the offending plugin in /wp-content/plugins/ then download the repository version direct from wordpress.org and substitute it (manually). This ensures you have the latest version and, on running a fresh Wordfence scan, it should now pass as there will be no differences. Boring but reassuring.

    BTW, you won’t lose any settings, but CHECK the functionality, and restore the backed up version if it has broken anything!

    wwwolf

    (@wwwolf)

    3 years, 1 month ago

    On the other hand… since this introduces a promotional banner on the main plugins page, which keeps coming back even when it has been dismissed… you might want to just keep the existing version. I increasingly have a policy of removing plugins that do this kind of thing… if everybody did it, we’d never be able to find anything at all through the blizzard of adverts 🙁

    Thread Starter Jeroen-marketing

    (@jeroen-marketing)

    3 years, 1 month ago

    Hi there,

    Thank you for your replies. To be honest, I’ve deleted the plugin from my WordPress website and I no longer have the errors at WordFence. So unfortunately I cannot show you what is at the details section.

    I was a bit worried about my website, so I took action.

    Hopefully this will not be an issue for other users of the plugin.

    Kind regards,
    Jeroen

    georgesupport

    (@georgesupport)

    3 years ago

    Hi,

    These changes were made by us. Since the changes were minor, we did not create a new version of the plugin.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Am I hacked?’ is closed to new replies.