Support » Plugin: All in One SEO Pack » detect webshell

  • hengjicj

    (@hengjicj)


    Why my host told my that they found a web shell in all-in-one-seo-pack/inc/compatibility/compat-init.php? Is it a problem for this plugin?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Dion hulse

    (@dd32)

    Core Developer

    Without seeing the exact code your host has found, it’s impossible to know exactly.. but I can say that the official files on WordPress.org for the plugin look clean to me.

    It’s very common for malware to install webshells and other backdoors into regular plugins files, causing blame on the plugin authors when it wasn’t ever present in the original plugin.

    It’d be worth ensuring that the rest of your plugins are up to date and that there’s nothing else compromised in your account – this article might help: https://wordpress.org/support/article/faq-my-site-was-hacked/

    Plugin Contributor arnaudbroes

    (@arnaudbroes)

    @hengjicj thank you for the 5-star review! Unless you did not download the plugin through the WordPress.org Plugin Directory, it is definitely a false-positive. There’s barely any code in that file.

    Also, @dd32 thank you for prompt response!

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this review.