Support » Plugin: Exploit Scanner » this plugin killed my wp-admin told me to remove non infected core files!!!

  • This plugin spewed out a list of 533 threats stating Level:severe. I started going through the list as I have done before when I get them from iPage, deleting the dodgy files. Luckily i thought to download and check one, see what code these infected files contained – nothing! they were clean! I panicked and checked the site. It was now a 500 error, my wp-admin was gone!!! I tried copying 4.7 wp-admin files then found the 4.x wp folder from the websites install and copied them accross, no change. I had to wait two days for dreamhost to get back to me and do a restore.

    This plugin is terrible!! How could you design something that lists core files as infected files? I had to find a list of wp-admin files and cross reference them – of the 32 or something I had deleted only 5 were spammy hack files – the rest core wordpress files! I dont trust you, this plugin or anything you do. Sorry bout the bad review but no-one should use this plugin. My clients site is over 1400 pages!!! It was an epic construction – the further id gone through the list the more damage I could have done to it!! Lucky for restore hey?

    • This topic was modified 1 year, 9 months ago by  shane_idc.
    • This topic was modified 1 year, 9 months ago by  shane_idc.
Viewing 2 replies - 1 through 2 (of 2 total)
  • You do realise that the author works at Automattic, the company behind WordPress?
    If any wp-admin or wp-includes files are infected just replace both folders for a fresh downloaded copy of WP. No need to cross reference the files..

    Re: How could you design something that lists core files as infected files?

    I’ve just been disinfecting a site that had been hacked. Both wp-login.php and wp-blog-header.php had been changed.

    The disclaimer does say:

    and it’s all too easy to catch false positives (show a file as suspicious when in reality it is clean).

    Note: I discovered the changes by a manual method, comparing with a clean version of core, not by using any plugin.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘this plugin killed my wp-admin told me to remove non infected core files!!!’ is closed to new replies.