Support » Plugin: Database Backup for WordPress » Latest Update | Active again?

  • Resolved Rhand

    (@rhand)


    Just saw there is an update again. Hasn’t been one in quite some time. Does this mean the original author is doing updates again? Rather paranoid these days about plugins getting sudden updates. Often these days hackers buy them to spam people or take over their sites..

Viewing 7 replies - 1 through 7 (of 7 total)
  • Checking readme-txt says “Sanitize user-supplied data” and diff of source code changes shows the same.

    i follow

    @rhand,
    is there a list of plugins getting that sudden gets updated / hacked?

    Looks to me like the update is legit – this page seems to show the update was done by Austin: https://profiles.wordpress.org/filosofo#content-activity

    The plugin on his github account also shows the update: https://github.com/matzko/wp-db-backup/blob/master/readme.txt – well, the version number has been changed and it shows tested up to 4.9.2 but that actual 2.3.3 update details haven’t been entered.

    My guess is that this plugin is essentially still abandoned but the author pushed this update through as a kindness to all those still using it as WordPress was going to remove it otherwise (or actually did briefly hence the WordFence notice).

    Be nice to hear from WordPress.org or the author on this, but in any case, thanks Austin 🙂

    Thread Starter Rhand

    (@rhand)

    Yeah @websicherheit @bob33. I checked the code just now. It is a version update, plus constructors have been updated. So all good. @kletskater Wordfence keeps me in the loop of plugins that are sold to nefarious people. But it is always good to check when a plugin that has not been updated in ages is updated with benign code. Malicious code has slipped through from time to time and with som many plugins it is hard for the WordPress team to remove the bad code as it is added. So that means that sometimes a plugin with bad code is on offer for a while..

    • This reply was modified 4 years, 10 months ago by Rhand.
    • This reply was modified 4 years, 10 months ago by Rhand.

    Thanks @rhand @bob33 – your info gives me confidence to start using this plugin again. I deactivated it on my sites after the Wordfence alert and I’ve been using All-In-One WP Migration as a belt-and-braces stopgap since. Since some of the recent Wordfence disclosures about plugins being bought by dodgy people I’m very wary of any plugin removed from the WP repository. Thanks to Austin for the update.

    I wrote wordpress.org in December 2017 that the author of a Top 100 plug-in had not shown a sign of life on the web for almost 2 years (as far as I could tell). One reason for me to do this was a recent case where a popular plug-in was silently taken over by spammers.

    They wrote back in January this year that they would try and look into this and that was the last I heard of them.

    It seems they managed to contact Austin.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Latest Update | Active again?’ is closed to new replies.