Support » Plugin: Ultimate Member - User Profile & Membership Plugin » This Plugin is Vulnerable to Malware

  • This plugin is, unfortunately, vulnerable to a very destructive malware. I’ve been fighting it for 1 month now (on SiteGround: don’t get me started). Don’t install this unless you are protected by Sucuri or hosting with WPEngine. Siteground, Bluehost, and Hostgator ALL allowed the malware to get in. Even with All In One WP Security and/or Wordfence. Not worth the risk.

    • This topic was modified 1 year, 2 months ago by incart.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Hristo Pandjarov

    (@hristo-sg)

    SiteGround Representative

    We at SiteGround monitor popular plugins and when and if possible we apply protection rules in our Web Application Firewalls. However, it’s not up to the hosting provider to patch and fix security problems withing plugins.

    I would recommend that if you’re aware of the vulnerability to contact privately the plugin developers providing them with the necesary information so they can patch it. If they do not react, I would say that you just start using a different plugin.

    True, it’s not up to the host to patch and fix security problems with plugins. I don’t think that was the point of my post. Hence why I recommend using Sucuri (SiteGround recommends them as well) for security protection on your WordPress site. WPEngine, however, doesn’t allow plugins with vulnerabilities to be added to your site in the first place, which SiteGround doesn’t do, which is why I recommend WPEngine first, SiteGround second.

    The plugin developers of the two vulnerabilities (twentyseventeen theme by WORDPRESS, and Ultimate Member plugin by UltimateMember) had already provided a patch, but it was AFTER infections occurred, and there was no offer from them to fix the problems that their vulnerability issues caused. This started back in 2017, and that SiteGround couldn’t even find the malware the first time I asked for assistance says a lot about the lack of security SiteGround has. It doesn’t mean SiteGround is the worst, but if you want a secure environment for your WordPress site, WPEngine is the only host I am aware of that protects WordPress sites by not allowing vulnerable plugins to be uploaded to their servers.

    Thanks for your feedback.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘This Plugin is Vulnerable to Malware’ is closed to new replies.