Support » Plugin: Jetpack by » My site got hacked 2 times via JetPack security issue

  • Hello,

    my site got hacket 2 times via JetPack security issue by hijacking the JetPack files and injecting illegal code into the JetPack files.

    Second time the same happened, these files were modified and illegal code was injected into them – Packed font backdoor.

    * Modified plugin file: wp-content/plugins/jetpack/_inc/jetpack-strings.php
    * Modified plugin file: wp-content/plugins/jetpack/changelog.txt
    * Modified plugin file: wp-content/plugins/jetpack/class.jetpack.php
    * Modified plugin file: wp-content/plugins/jetpack/css/jetpack-rtl.css
    * Modified plugin file: wp-content/plugins/jetpack/css/jetpack.css
    * Modified plugin file: wp-content/plugins/jetpack/jetpack.php
    * Modified plugin file: wp-content/plugins/jetpack/modules/contact-form/admin.php
    * Modified plugin file: wp-content/plugins/jetpack/modules/sharedaddy/sharing-sources.php
    * Modified plugin file: wp-content/plugins/jetpack/modules/widget-visibility/widget-conditions/widget-conditions.js

Viewing 3 replies - 1 through 3 (of 3 total)
  • Because JetPack is so commonly installed, hackers often target this and other popular plugins malware injection wise.

    Because a plugin has malware “in it” that does not mean the plugin was the entry point.

    Are you stating that there are no malware scripts within any other directory on your website?

    It happened today third time, so I restored the whole web page and deleted JetPack 🙁

    Other files are OK and they were not modified. Then I scanned also with the provided script checker from my webhosting provider, only these files had the injected virus code.

    Third time the same virus and same files, same logs. In the access log of the files I saw these files only, so which were loaded by the attacker, so I am sure one of these files has also the security problem…

    Now I also installed wordfence firewall, I am curious if it would happen again.

    • This reply was modified 2 months, 2 weeks ago by  xherics.
    Plugin Contributor Stef


    Hello @xherics! I’m sorry to hear about your troubles there.
    What @hackrepair makes sense, and installing WordFence can definitely help you avoid hack injections in the future.

    The Jetpack Premium and Professional offer security plans that can surely make a difference in such situations. You may be interested in give them a go as well.

    Could you contact us via this contact form and mention this thread? We’d love to discuss this with you 🙂

    • This reply was modified 2 months, 2 weeks ago by  Stef.
Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this review.