Support » Plugin: Shield Security: Protection with Smarter Automation » Email when an Admin user is created ?

  • Resolved dimalifragis

    (@dimalifragis)


    Hello.

    I would like to ask if there is an option (or for the future) to be informed when an admin user is somehow created (or switched to admin level).

    This is how we got hacked 3 months ago, from Yuzo Related plugin. And your plugin was installed and active.

    Also i would like to know why emails (alerts) from your plugin don’t follow the traditional WP way in sending ? They seem to be sent differently. They do not follow the queue (via a plugin), as all other do.

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author One Dollar Plugin

    (@onedollarplugin)

    Hi,

    We don’t have notifications for this, but we do have a feature in there called Security Admin which can actually prevent this from happening through the WordPress admin (it can’t currently preventing any modifications made directly to the database).

    Try using the security admin system to prevent admin promotions by anyone except yourself.

    Could you explain what you mean by the emails being sent differently and the queue you’re referring to? Shield uses the standard WordPress wp_mail() function like all other plugins and doesn’t do anything different to what is standard practice. If you’re having email deliverability issues, for whatever reason, then it’s likely you haven’t configured email delivery for your site domain – which is required if you want reliable email delivery. See here: https://onedollarplugin.com/blog/wordpress-email-deliverability/

    Hi and thanks for the reply.

    Would that “Security Admin” prevented the second admin created by YUZO Related security issue ?

    About the emails. We use GD Mail Queue plugin and your emails are sent immediately, not using that plugin queue settings. It also shows in their header, they do not “pass” from the queue.

    Plugin Author One Dollar Plugin

    (@onedollarplugin)

    Hi,

    I doubt that would have prevented it, but it depends on how the particular exploit that a hacker employs would work. We can’t say for sure, but I suspect that if the exploit could be engineered to use WordPress to promote a user to admin, or create an admin, our plugin would have blocked that. It simply blocks those activities unless the request taking those actions is both a WP admin, and is also authenticated with the security admin module. That vulnerability is caused by code that incorrectly identifies a request as ‘admin’-authenticated when it’s not. Our plugin would verify that independently.

    Regarding the queue plugin, we don’t know how that plugin works and have frankly never heard of it. You will need to talk with them as to why, when Shield uses standard WP functions, their plugin isn’t queuing it. WordPress doesn’t have a mail queue, and so the developer of any 3rd party queue functionality will be the one to answer why Shield’s emails don’t go into their queue.

    Hope that helps.
    Paul.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.