Hi,
I’ve not had any reports of similar issues for other users. Can you confirm:
The version number of WP Persistent Login you’re using.
The version number of WordPress you’re using.
If you’re using the Free or Premium version of WP Persistent Login.
Thanks,
Luke
Hi
Version of WordPress is 6.0.2
Your free plugin with last version.
Since I have disabled your plugin yesterday, the spam/hacker stopped too.
Please check if something wrong with your plugin.
Thank you
Hi,
Thank you for confirming. I don’t believe there is anything in my plugin that would cause this issue, the most likely problem is that one (or more) of the plugin files has been altered in some way, or that there is a vulnerability elsewhere on your website or server.
Do you have a plugin like Wordfence installed on your website? If not, I would recommend installing that and running a full scan. It will check to see if plugin files have been changed compared to the files that are on the WP plugin directory.
Alternatively, if you want to email me the persistent login plugin folder from your website, I can take a look at it myself to see if there are any differences.
Either way, I would recommend installing Wordfence and running a full scan as that will help you ensure that whoever was trying to get into your website didn’t manage to leave something behind on your server.
As I say, I’ve checked my plugin over, there is no malicious code in it, and I’ve had no reports of similar issues with any other user. I believe this is an isolated problem, either caused by plugin files being changed or downloaded from an unofficial source, or a vulnerability elsewhere on your website or server.
Thanks,
Luke
Hi
I have tested again with the last 30 hours, this time, no one spam or hacker try to login to my site.
Maybe last time was just a coincided. I will test with more time and let you know if something wrong.
Thank you
Hi, glad to hear that there hasn’t been a problem since. Please do let me know if you have an issue in the future.