Support » Plugin: Disable Embeds » Can the plugin be hacked?

  • Resolved Martin999

    (@martin999)


    Hi,
    I have WP 4.9.15 and several sites have been hacked, which all have this plugin.
    It has not been updated for a long time, at least I didn’t get a message that it can be updated. There is only one further plugin, updraftPus, which is updated and probably not the reason.

    Of course hacking can have many reasons, but I try to find the reason for hacking and many people say that very often old plugins can be hacked.

    Any thoughts on this?

    Thanks,

    Martin

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Pascal Birchler

    (@swissspidy)

    The Disable Embeds plugin is very simple, stable and does not require a lot of updating.

    It contains no real attack surface for intruders. If anything, it would help make your site more secure because it disables things.

    I recommend you to change your passwords, and scan your site for any installed backdoors. This will be much more fruitful than checking old plugins.

    Since you mentioned UpdraftPlus, it contained a few security vulnerabilities in the past. Might be good to verify you were not on one of those versions.

    Thread Starter Martin999

    (@martin999)

    Hey Pascal, thanks a lot.

    “The Disable Embeds plugin is very simple, stable and does not require a lot of updating.
    It contains no real attack surface for intruders.”

    That’s what I supposed, o.k., “done”.

    “I recommend you to change your passwords, and scan your site for any installed backdoors. This will be much more fruitful than checking old plugins.”

    Yes, you think intuitively right (how do you know?). There are several strange cryptic sounding “fdvor8”.phps ect. in main folders, and some of them recognized my PC-scanner as “Backdoor.PHP.Workshell.EH” (whatever a backdoor means).
    There are also added “index2.php”, “xindex.php” in many folders, changed index.php and htaccess appear in many folders.

    “Since you mentioned UpdraftPlus, it contained a few security vulnerabilities in the past. Might be good to verify you were not on one of those versions.”

    Again you could be right, though I’m a little bit shocked about UpdraftPlus… The Malware-Scan of my hoster found in every site among other things the same following issue:

    …plugins/updraftplus/central/listener.php
    #######################################
    Changed -> 13.06.2020 14:45:36 +0200

    Zeile -> SuchMuster -> FUND (Max. 300 Zeichen, gekuerzt, escaped…, angezeigt maximal: 20)

    73 -> if (!empty($_GET[.*]) &… -> if\(!empty\(\$_GET\[‘login_id’\]\)\&\&is_numeric\(\$_GET\[‘login_id’\]\)\&\&!empty\(\$_GET\[‘login_key’\]\)\)\{

    Have you been downloading “free” themes or plugins from non-official sources?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Can the plugin be hacked?’ is closed to new replies.