Support » Plugin: User Role Editor » IT GETS YOUR SITE HACKED!!!!!!!! DON’T INSTALL


    Installing this plugin lead to hacking my site. the hacker created a SuperAdmin user, deleted my site content, broke my theme functionality and sent 36023 spam emails and my hosting service suspended me because of the burden the hacker caused on their server!!!


    • This topic was modified 3 years, 1 month ago by Afrooz.
Viewing 8 replies - 1 through 8 (of 8 total)
  • Andrew Nevins


    WCLDN 2018 Contributor | Volunteer support

    Hi @afrooz, Sorry to hear that you’ve been hacked. Can you outline the steps taken between installing this plugin and seeing the hacked symptoms? Often, hackers will install malware inside of plugins after they have already gained access to your installation.

    Thread Starter Afrooz


    Hi @anevins
    I got messages from my hosting service support saying your site is sending spam messages wildly so they had suspended me.
    I asked them to unsuspend me so I can check my site. I saw users have been added with super admin roles. then I saw my menu, logos, media files, main page contents , sliders and …. have vanished. my theme didn’t work at all and I was unable to retrieve my data because my theme was broke.
    I immediately deleted users and plugin, so the attack was stopped. But since I couldn’t retrieve my data due to a broken theme, I had to delete wordpress and install it again.

    Plugin Author Vladimir Garagulia


    As a User Role Editor (URE) plugin developer I confirm, that the evidence should be shown, that URE is involved into the issue before send such awful title.

    I tried to put for @afrooz the information that site may be hacked earlier, before he installed URE, and there are a plenty ways, how site may be hacked, but without luck.

    To @afrooz: You may hate the plugin and send zero review, it’s your right. But any blame should have evidence, that attack via plugin is possible on the clean (not hacked) WordPress installation, not just a capital letters in the title.

    Thread Starter Afrooz


    If I hate any plugin be sure that I will delete it. Never comment about it this way. You may say I have no evidence, but I know it was your plugin that crashed my site. totally destroyed it!!!
    I am a web developer and I use wordpress for many clients. I keep track of everything. I know which plugins are installed for any of them. The only site using your plugin, was hacked and the first thing I noticed about it was new users with top level authority added by themselves!!!

    How dare you ask me for evidence when I say 36023 spam emails was sent and my site was suspended. I replied to @anevins how much damage was caused and I could only delete the plugin so I can unsuspend my site! You are so irrational.

    If I were you, and I know you are mad at me as well as I am Mad at you, I would try to close any backdoor that would lead to such problems as @sologhost and I had experienced. It doesn’t mean your plugin is okay, because just the two of us have reported this to you. Others may not report it at all or just try to delete spam posts!

    You must consider reviewing your code. I trusted your plugin and it has destroyed everything. I am not your enemy and I don’t know you, so don’t take that personally.

    Plugin Author Vladimir Garagulia



    That’s my mistake, that I mixed up the authors of this review and post to the URE support forum. I apologize for that.

    Yes, I am not your enemy too, nothing personal, just a business.

    I just tried to tell you that, you wrote here about the result only – your site was hacked and SPAM was sent. But you wrote nothing about a reason of this bad and sad event, except that you think that it may be linked to the fact that you installed User Role Editor recently.

    Is it the only plugin installed at your site?

    Do you know that there are a lot of other ways to place to the site a .php file with malicious code and not always this is made via installed plugins? It’s possible via holes in a operating systems, vulnerabilities inside HTTP or database servers. If site is installed at the shared hosting, intruder can get access to yours and other sites after he hacked the weakest site (not updated for the years) placed at the same host. There are users with administrative privileges, access to hosting control panels, FTP access, but very weak passwords. Etc., etc., …

    Do you know when your site was hacked really? Thousands of hacked sites do nothing suspicious for decades. Potential SPAM senders just sleep until their owner (hacker) will have a new SPAM sending deal paid and send a command for the bots net to start a new campaign.

    This is a reason, why I asked about the evidence that User Role Editor is really involved to the described issue. Without that “awful plugin” capitals at your review note is just aggressive emotions. Similar as a call do not use (for example) Windows or Linux, be cause of vulnerabilities are discovered and fixed at this software from time to time.

    I look at the security of the code very seriously and react on any related issues with the highest priority. You should know that plugins review team removes any vulnerable plugin from the repository immediately after they receive a description of vulnerability. Plugin may be returned to repository just after all discovered vulnerabilities were fixed. So serious developer can not ignore this.

    User Role Editor code went through external security audit recently. I follow all security recommendations during development. I understand that as any other software my plugin may have vulnerabilities. I review a code and try enhance it almost permanently. But I can not search a black cat inside a dark room.

    As a developer you understand that thousands of emails are not sent manually. That was made by code. You should understand that, if someone placed a code to your site, it’s easy to add any user with any authority without any plugin.

    Do you have a backup copy of your site in a hacked state? Did you try to check it for the external files which do not belong to WordPress, themes and plugins installed? Did you try to understand how and when they appear at your site file system? May be you have a list of archived backup copies for a month or two and can compare them for the malicious file(s) presence to make conclusion about the approximate date, when site was hacked and how it’s related with URE plugin installation?

    Well replied @shinephp.

    @afrooz – As a self proclaimed “web developer”, you would know to create a backup of your site, uploads and database to protect yourself and your client from such a hack.

    Secondly, as Vladimir has asked, you need to provide evidence that the plugin was the source of you being hacked. Suggesting that there is a “backdoor” is a major allegation. Without any proof, such as apache access.log files, you are just finger-pointing. Was your installation and plugins all up to date?

    I suggest you calm down, apologise and perhaps try and think before you leave reviews and comments such as this.

    Plugin Author Vladimir Garagulia


    @alexholsgrove – Thank you.

    @afrooz this is a serious claim and if you have been hacked in such a way you owe it to the community to do a proper investigation and supply evidence so we can all avoid such misery.

    I came across your post because I found a suspicious super admin on a site recently BUT that site has never had User Profile Editor Installed.

    So I just wasted more of my life reading this thread only to find you have no evidence.

    Please don’t do that, it wastes everyone’s time.

    In 2 or 3 years of using User Profile Editor I have had ZERO problems, and only see excellent support from a fabulous free plugin.

    Thanks @shinephp

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘IT GETS YOUR SITE HACKED!!!!!!!! DON’T INSTALL’ is closed to new replies.