Support » Plugin: UpdraftPlus WordPress Backup Plugin » PHISHING URL in UpdraftPlus file

  • Resolved Stevo



    The following file was correctly found in UPDRAFTPLUS by Wordfence this morning as containing a blacklisted URL:


    Filename: wp-content/plugins/updraftplus/includes/class-onedrive-account.php
    File Type: Not a core, theme, or plugin file from
    Bad URL:

    Details: This file contains a URL that is a suspected phishing site that is currently listed on Google’s list of known phishing sites. The URL is:

    If you try to load this page, a RED WARNING from Google appears, saying that this is a phishing URL.

    I’m awaiting a response from Updraft Plus regarding the issue.


    The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)
  • same here :
    Wordfence found the following new issues
    * File contains suspected phishing URL: wp-content/plugins/updraftplus/includes/class-onedrive-account.php

    I’m seeing the same warning as well . . . so far for three sites.

    I just updated one to UpdraftPlus version, cleared the Wordfence warning and then ran a full scan. The warning re-generated.

    Plugin Contributor aporter



    It’s an official site of Microsoft Germany:

    The URL appears in the source code, because it’s used to authenticate with Microsoft Germany when using OneDrive for Germany.

    Please do report this false positive to Wordfence so that they can fix it.

    You can also report this as a false positive to Google via

    Best Wishes,



    Well, maybe it is the official link and a false positive or maybe it’s not!

    The BETTER approach is for UndraftPlus to sort this out on behalf of all of its Customers working with Google and/or Wordfence and then to let us know what the resolution is.

    Thank you, in advance.


    Plugin Author David Anderson


    Since this issue only applies to paid customers (OneDrive support/code is not in the free version of UpdraftPlus), the following requirement of for use of their forum applies: .

    Therefore, I will mark this topic as resolved.

    P.S. We’ve asked Wordfence in the past to run their scanning code against popular plugins to prevent alerting their users of false positives in UpdraftPlus and other plugins. But, we have no power to actually force them to do anything.

    Thread Starter Stevo


    David – It’s an issue that, regardless, is affecting ALL UpdraftPLus users – free and premium, whether they use One Drive or not, as crucially its an integral file, so it seems a bit premature to just shut it off.

    I’m hoping Wordfence will mark this as a false positive in the near future!


    Plugin Author David Anderson


    David – It’s an issue that, regardless, is affecting ALL UpdraftPLus users – free and premium

    Hi Steve,

    As I say, not so – OneDrive support/code is not in the free version of UpdraftPlus (verify the non-existence of the indicated file class-onedrive-account.php here: ).

    I don’t run, but we (as all users of their forums) are obliged to obey their rules in order to have an account on, and they don’t offer any room for negotiation on that.


    Thread Starter Stevo


    OK 🙂

    Thread Starter Stevo


    I note that you informed Wordfence of a probable fals positive anyhow, so thank you for that 🙂

    Over and out!

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘PHISHING URL in UpdraftPlus file’ is closed to new replies.