Support » Plugin: Shortcodes Ultimate » malware in your code????

Viewing 5 replies - 1 through 5 (of 5 total)
  • What alerted you to that? Do you know that it is suspicious and have experience with these things, or did you just get a warning from some security software you use?

    My understanding is that only when one finds an eval() function and base64() decoding function on the same line is it potentially dangerous…

    Would love to know the reason behind your suspicions?

    Would be even better if the developer responded…

    i agree with this suspicions, i don’t know it the autor knows about this but my site just got hacked and it tells me now that the website is hosting suspicious software,

    what a funny coincidence, a plugin name shortcodes ultimate had the same problem in the past:

    Plugin Author Vladimir Anokhin


    This is just an base64-encoded image in timthumb.php library.

    You can try it yourself:



    Forum Moderator

    @jedounet: Your site being hacked does not, of itself, implicate this plugin. The topic you refer to is over a year old and probably refers to an issue that affected all timthumb scripts. Please do not make accusations – inferred or otherwise – without concrete evidence.

    I must agree.

    WordPress sites all over the world are subject to constant attacks, and ultimately it is the responsibility of the user to ensure they follow best practice to harden their sites against mischief, and keep their plugins up to date.

    I’ve never yet had a problem with a hacked site which is related to a plugin where it is certified to work with the most recent version of WordPress.

    You can learn more how to protect yourself by doing some research.

    This is a good place to start:

    One of the most common methods a site is hacked is through brute force attacks that use the “admin” username for their administrator account, especially when combined with a weak password.

    Anyway, thanks for confirming what the base 64 string relates to, @gn. I had been hesitating to try the plugin until the question was answered.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘malware in your code????’ is closed to new replies.