Security problems?

  • clawver

    (@clawver)


    7 years, 2 months ago

    I’ve had a few sites hacked today, and it appears that they may be getting in through this plugin. In one instance, they were able to create a new username. They appear to be adding a file called “Upgrade” to the wp-content folder and putting php files in a folder called wflog. Just thought you’d want to know…I don’t want to ruin your day or anything.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter clawver

    (@clawver)

    7 years, 2 months ago

    Here’s a screenshot of the wordfence alert:
    https://www.screencast.com/t/7YczaS2z7c

    Plugin Author Mudassar Ali

    (@sahilbabu)

    7 years, 2 months ago

    Hi @clawver,

    I appreciate your concern. I already added some security checks like

    /* * **** SECURITE / SECURITY ***** */
if (!function_exists('add_action')) {
    header('Status: 403 Forbidden');
    header('HTTP/1.1 403 Forbidden');
    exit();
}

/**
 * SECURITE / SECURITY 
 *  if called directly
 */
if (!defined('WPINC')) {
    die;
}

    Using this in code means no one can access direct files. But if your wp instance is compromised then they can do anything.

    Because this plugin is only for WP-admin users no normal user can access this one.

    SO this plugin is fully secure

    If you have further discussion or concern please let me know. thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security problems?’ is closed to new replies.