File appears to be malicious: /plugins/wp-optimize/templates/settings/

  • Resolved Amaravati

    (@amaravati)


    5 years, 6 months ago

    Hi,

    Just checking, Wordfence says this:

    Filename: wp-content/plugins/wp-optimize/templates/settings/config.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: eval(base64_decode(

    The issue type is: Suspicious:PHP/evalB64.4068
    Description: Suspicious eval with a base64_decode

Viewing 5 replies - 1 through 5 (of 5 total)
  • Marc Lacroix

    (@marcusig)

    5 years, 6 months ago

    Hi there,

    WP-Optimize does not have a file called config.php in wp-content/plugins/wp-optimize/templates/settings/. So it may well have been added by a hacker.

    Marc.

    Thread Starter Amaravati

    (@amaravati)

    5 years, 6 months ago

    Dear Marc,

    I deactivated the plugin, deleted in on ftp and reinstalled it. The file indeed did not re-appear. It seems it was installed on a package with an update around 14 July 2020.

    Thanks for the trouble to answer us… kinda shocking!

    A.

    Marc Lacroix

    (@marcusig)

    5 years, 6 months ago

    You may want to find out how it was added, and if there are other infected places. If it happened once, the vulnerability could still be there.

    It’s the first time someone reports WP-Optimize being targeted like this. So if you have any more details on how this happened, we would be grateful if you were able to send us details here: https://getwpo.com/ask-pre-sales-question/

    Best wishes,
    Marc.

    Plugin Author David Anderson / Team Updraft

    (@davidanderson)

    5 years, 5 months ago

    Speaking as the lead developer of UpdraftPlus, it appears to be common for hackers who’ve broken in to drop their files into the directories of popular plugins. That makes sense, as such plugins are more likely to be present than obscure ones. So, with 900,000 active installs, I don’t think it’s that surprising. N.B. Some hacks just drop files in *all* your plugins, so if you’ve not already scanned the whole site, you should do so.

    Thread Starter Amaravati

    (@amaravati)

    5 years, 5 months ago

    hi there,

    thanks for responding. Just for completeness sake, I did find the same kind of file/code in another plugin reported here:https://wordpress.org/support/topic/file-appears-to-be-malicious-plugins-wp-optimize-templates-settings-2/

    So it was useful to have WordFence installed and doing a scan on the website which have discovered these.

    I have removed all of those files (also in other areas).

    Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘File appears to be malicious: /plugins/wp-optimize/templates/settings/’ is closed to new replies.