Title: Checkout Malicious Code Injection Last modified: February 14, 2022 --- # Checkout Malicious Code Injection * Resolved [ErrolTuds](https://wordpress.org/support/users/erroltuds/) * (@erroltuds) * [4 years, 4 months ago](https://wordpress.org/support/topic/checkout-malicious-code-injection/) * WE have WC 4.1.2 and added the patch after the security issues has been identified last year. Currently we have been attack by adding a JS code inside our form- checkout.php inside the theme folder and vars.php in the wp-ncludes folder, this code disabled the Proceed to Checkout button and redirects the user to a malicious HMTL page, what we did was create a function that detects the file’s updated date and replace it with the backup fomr-checkout.php to remove the malicious code automatically. this is ran every 5mins using cron job. Updating the plugin is not in the options since we have custom function that is not tested in the latest version of WC. Does anyone have longterm solution or have experienced this? Thanks * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fcheckout-malicious-code-injection%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 5 replies - 1 through 5 (of 5 total) * [Margaret S. woo-hc](https://wordpress.org/support/users/margaretwporg/) * (@margaretwporg) * [4 years, 4 months ago](https://wordpress.org/support/topic/checkout-malicious-code-injection/#post-15361924) * Hi [@erroltuds](https://wordpress.org/support/users/erroltuds/) * > WE have WC 4.1.2 and added the patch after the security issues has been identified > last year… * I see that you are using a pretty old version of WC. We do not recommend using outdated versions due to security and functionality reasons. If you’re interested, here’s a good post on why it’s important to keep your store up to date: [https://woocommerce.com/posts/why-keep-woocommerce-updated/](https://woocommerce.com/posts/why-keep-woocommerce-updated/). * I suspect that WooCommerce not being up-to-date the site was vulnerable and that was a major factor behind the attack been possible. Hence, our first recommendation is to update your WooCommerce version. Here’s a helpful guide: [https://woocommerce.com/document/how-to-update-woocommerce/](https://woocommerce.com/document/how-to-update-woocommerce/) * > Updating the plugin is not in the options since we have custom function that > is not tested in the latest version of WC. * You may want to consider testing the custom function with the latest version of WooCommerce, and modify as required. You may duplicate your site to a staging environment and performing tests without modifying your live site. Many hosting providers offer site staging facilities, but if you don’t have such a feature, you can create one with the [WP Staging](https://wordpress.org/plugins/wp-staging/) plugin. * Let us know how it goes. - This reply was modified 4 years, 4 months ago by [Margaret S. woo-hc](https://wordpress.org/support/users/margaretwporg/). * [seank123](https://wordpress.org/support/users/seank123/) * (@seank123) * [4 years, 4 months ago](https://wordpress.org/support/topic/checkout-malicious-code-injection/#post-15367522) * You need to find our HOW the malicious code was added – could be from a number of sources! Infected plugin or theme, somebody accessing your server directly etc * Are your WordPress admin, Cpanel, FTP etc logins secure? Is your database secure? Are you using plugins from ‘unofficial’ sources? * Thread Starter [ErrolTuds](https://wordpress.org/support/users/erroltuds/) * (@erroltuds) * [4 years, 4 months ago](https://wordpress.org/support/topic/checkout-malicious-code-injection/#post-15367534) * Hi [@margaretwporg](https://wordpress.org/support/users/margaretwporg/) , we have alot of custom plugins that is integrated with the ther version that we have, we have tried to update it before but it causes of alot of error on our end we will need to do a total revamp of the site when we did that so reverted back out staging environment to the previousr version, when a vulnerability issue was identified last year of July we updated our version 4.1.2 to the patched version that WC released to resolve the velnerability issue that they have identified. is there any other way aside from updating th plugin to the latest version? we are also using WP 5.4.9 so updating woocommerce to the latest version might not be compatible with our WP version. * Thread Starter [ErrolTuds](https://wordpress.org/support/users/erroltuds/) * (@erroltuds) * [4 years, 4 months ago](https://wordpress.org/support/topic/checkout-malicious-code-injection/#post-15367540) * [@seank123](https://wordpress.org/support/users/seank123/) Yes we did try to find out where the backdoor injection was being done, but no luck, we have secured our admins and constantly changing the passwords, we also secured the file in the wp-contents folder and our databases * [aetta](https://wordpress.org/support/users/chiape/) * (@chiape) * [4 years, 4 months ago](https://wordpress.org/support/topic/checkout-malicious-code-injection/#post-15368865) * Hi [@erroltuds](https://wordpress.org/support/users/erroltuds/) * It’s very important to keep everything updated, from your PHP version to your WordPress and all of your plugins/add-ons! * I’d recommend checking the article below: * [https://jetpack.com/2021/03/23/how-to-secure-your-woocommerce-store/](https://jetpack.com/2021/03/23/how-to-secure-your-woocommerce-store/) * And also using a plugin like Jetpack to scan everything for you! * [Jetpack Security](https://jetpack.com) takes care of multiple tasks: free and paid features include everything from brute force attack prevention to downtime monitoring, backups, malware scanning, spam protection, and more. * These features combine to create a holistic WordPress security plugin. * I hope that helps! My very best! Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Checkout Malicious Code Injection’ is closed to new replies. * ![](https://ps.w.org/woocommerce/assets/icon.svg?rev=3234504) * [WooCommerce](https://wordpress.org/plugins/woocommerce/) * [Frequently Asked Questions](https://wordpress.org/plugins/woocommerce/#faq) * [Support Threads](https://wordpress.org/support/plugin/woocommerce/) * [Active Topics](https://wordpress.org/support/plugin/woocommerce/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/woocommerce/unresolved/) * [Reviews](https://wordpress.org/support/plugin/woocommerce/reviews/) * 5 replies * 5 participants * Last reply from: [aetta](https://wordpress.org/support/users/chiape/) * Last activity: [4 years, 4 months ago](https://wordpress.org/support/topic/checkout-malicious-code-injection/#post-15368865) * Status: resolved