Did the mission for Easy WP SMTP change?

  • Resolved blueeventhorizon

    (@blueeventhorizon)


    5 years, 1 month ago

    Hi guys,

    I first installed Easy WP SMTP a couple of years ago. Without it, my contact forms simply did not work!

    As a result of this nasty glitch, my site was compromised (visitors got re-directed to some Russian credit-card scam site). I restored a back-up from last Friday (15th March), de-activated the plug-in and changed all admin passwords. Everything appears back to normal :).

    In fact, my contact forms are working fine without Easy WP SMTP activated! It seems like something in WP has changed along the way rendering this plug-in unnecessary for my installation. I am assuming that the mission of the plug-in also must have changed since it no longer seems necessary in my case.

    Can I safely hit the “destroy” button and have one less plug-in to worry about?

    Second question: When I checked my plug-ins after the restore, 1.3.9.1 was already installed. How did that happen? My records indicate I installed 1.3.9 on March 5th, 2019. But I have no record of installing 1.3.9.1. Is it possible that whoever hacked the 1.3.9 version is also spoofing the version number so it looks like I have updated, or was it updated automatically, or did I just forget to note the update – I did update other plug-ins on March 12th, 2019?

    Just curious really!!

Viewing 3 replies - 1 through 3 (of 3 total)
  • mbrsolution

    (@mbrsolution)

    5 years, 1 month ago

    We apologize for any inconvenience. The developers patched the vulnerability the moment it was reported by releasing version 1.3.9.1.

    The vulnerability was introduced in version 1.3.9 when the following features were added?

    1.3.9

    Added Export\Import settings functionality.
    Added option to delete all settings and deactivate plugin.

    I am assuming that the mission of the plug-in also must have changed since it no longer seems necessary in my case.

    That means that something probably changed in your server. Our plugin merely relays the e-mails.

    Second question: When I checked my plug-ins after the restore, 1.3.9.1 was already installed. How did that happen? My records indicate I installed 1.3.9 on March 5th, 2019. But I have no record of installing 1.3.9.1.

    The only theory I have is that version 1.3.9 has been removed from the repository by WordPress, which makes sense. You can only download version 1.3.9.1.

    Kind regards

    GenealogyCoach

    (@samatva)

    5 years, 1 month ago

    tl;dr Check with your web hosting tech support.

    If you have a dedicated (or virtual) server and only one web site, set up sSMTP on the server and then protect the file that has the password. The only reason to use this plugin is if you need to send email via several different accounts from several different WP installs/multi-sites.

    On shared hosting, the SMTP server should be active for local programs. Your control panel should have a place to put in your SMTP settings. Some shared hosting also allows send email via their SMTP daemon, but you are highly likely to get snagged in spam filters if you do this (and/or the email may not appear to be coming from you).

    Thread Starter blueeventhorizon

    (@blueeventhorizon)

    5 years, 1 month ago

    Thanks for replying @mbrsolution and @samatva.

    I guess I can remove the plug-in since the only emails sent FROM my site are to me. I use Mailchimp to email anyone who signs up to my list.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Did the mission for Easy WP SMTP change?’ is closed to new replies.