Is this plugin really safe?

  • Resolved francc

    (@froolz)


    4 years, 2 months ago

    Hi!

    I’m trying to help a friend of mine who has a wordpress site that uses your plugin powered cache.
    However, when google searching for the company name, some inappropriate google snippets is indexed.

    I began searching through the source code on the webserver that hosts this site and found some malicious code in a file named “powered-cache-wpx.php”. This script causes the served index.html to be injected with unwanted html-content.

    Is this something that you are aware of?
    Can you please shed some light as to how this can happen?

    Regards

    Fredrik

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Mustafa Uysal

    (@m_uysl)

    4 years, 2 months ago

    Hi @froolz,

    First of all sorry for your friend’s website that was affected by malicious code. Powered Cache doesn’t have any known security flaw, and we didn’t get such an issue reported before.

    I began searching through the source code on the webserver that hosts this site and found some malicious code in a file named “powered-cache-wpx.php”. This script causes the served index.html to be injected with unwanted html-content.

    Based on my personal experience, I’ve seen such a situation (not particular with Powered Cache), and usually, the root cause was the outdated 3rd party “premium” plugins. They can be really sneaky when injecting malicious code. (I’ve seen infected core files, and the malicious code was injected after leaving hundreds of blank space)

    I’d recommend verifying the checksum of all software that the site is using – https://developer.wordpress.org/cli/commands/core/verify-checksums/. If you don’t have CLI access, you might give it a try to Wordfence scanner (it’s good at detecting malicious code and contents)

    In addition to following the guide here – https://wordpress.org/support/article/faq-my-site-was-hacked/

    If you still have a security concern, you can also reach us at support@poweredcache.com

    I hope it helps,

    Regards,

    Plugin Author Mustafa Uysal

    (@m_uysl)

    4 years, 1 month ago

    Marking this thread as resolved. Feel free to reach us if you have security concerns.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Is this plugin really safe?’ is closed to new replies.