1. thornway
    Posted 4 years ago #

    I have been made aware of a vulnerability in wp-content/plugins/wp-property/third-party/uploadify/auth.php which is prone to attack from a severe backdoor Trojan.
    Subsequent Malware scans of backups have identified this virus.

    One post suggested modification of .htaccess but then another post said that you should not use .htaccess as a security measure. Also not sure anyway if you can modify certain files with .htaccess (I am a total novice)

    Has anyone come across the above and discovered a suitable solution


  2. mikeotgaar
    Posted 3 years ago #

    At the very least you should do the following:

    1) Create a blank file (using notepad or a similar text editor) - rename the file index.php and place it in the wp-content/uploads folder

    2) Also create a .htaccess file (also with notepad - rename it manually after saving to .htccess) with the following code and place it in the same folder:

    order allow,deny
    deny from all
    Options All -Indexes

    3) Also - If at all possible use SSL.

    .htaccess is essential!!!
    (If you let me have an e-mail address - I can send you these files) - use the contact form on my website - click my name next to this comment)

  3. ditikos
    Posted 3 years ago #

    Does this work for nginx too?

  4. Uploadify has been removed from the current version of this plugin. You need to update.

  5. rtCamp
    Posted 3 years ago #


    You can secure nginx:

    location /wp-content/content/ {
                    	location ~ \.php$ {
                            	deny all;

    Above will prevent access to php file from web-browser. Applications that use old style-ajax may break (but its better they break today than rather create havoc tomorrow!)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic