Title: Vulnerable to attacks ? Last modified: September 1, 2016 --- # Vulnerable to attacks ? * Resolved [spespam](https://wordpress.org/support/users/spespam/) * (@spespam) * [9 years, 11 months ago](https://wordpress.org/support/topic/vulnerable-to-attacks/) * Hello, * Is it me or is wppa very vulnerable to attacks ? * I regularly scan my website with wordfence, and the files under wppa are regularly changed from the original files, not the other plugins. * Is there something unsafe with this plug in ? * Note : I’m always using the last version of wordpress and wppa. They are all up to date. * [https://wordpress.org/plugins/wp-photo-album-plus/](https://wordpress.org/plugins/wp-photo-album-plus/) Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Author [Jacob N. Breetvelt](https://wordpress.org/support/users/opajaap/) * (@opajaap) * [9 years, 11 months ago](https://wordpress.org/support/topic/vulnerable-to-attacks/#post-7546789) * WPPA+ creates (optionally) a css file (wppa-dynamic.css) and js files for each installed language (wppa-init.en.js etc.) in the plugin folder. Wordfence erroneously reports this as an issue. * Thread Starter [spespam](https://wordpress.org/support/users/spespam/) * (@spespam) * [9 years, 11 months ago](https://wordpress.org/support/topic/vulnerable-to-attacks/#post-7546844) * Actually, Wordfence detected that some files have changed from the original files. Some php files under wppa. It only happens with wppa and not with my other plugins. * That is the reason why I wonder if it’s vulnerable to attacks. * Plugin Author [Jacob N. Breetvelt](https://wordpress.org/support/users/opajaap/) * (@opajaap) * [9 years, 11 months ago](https://wordpress.org/support/topic/vulnerable-to-attacks/#post-7546845) * Do you know what files? I may have applied a tiny patch after release, too small for another update. * Thread Starter [spespam](https://wordpress.org/support/users/spespam/) * (@spespam) * [9 years, 11 months ago](https://wordpress.org/support/topic/vulnerable-to-attacks/#post-7546853) * I restored the original files, as Wordfence suggested, so I’m not able to tell you right now but I will tell you when Wordfence will detect the next threats. * Plugin Author [Jacob N. Breetvelt](https://wordpress.org/support/users/opajaap/) * (@opajaap) * [9 years, 11 months ago](https://wordpress.org/support/topic/vulnerable-to-attacks/#post-7546856) * Ok keep in touch * Thread Starter [spespam](https://wordpress.org/support/users/spespam/) * (@spespam) * [9 years, 11 months ago](https://wordpress.org/support/topic/vulnerable-to-attacks/#post-7546936) * hi Jacob, * Here is the list of the files detected as changed by wordfence * wp-photo-album-plus/wppa.php wp-photo-album-plus/wppa-utils.php wp-photo-album- plus/wppa-settings-autosave.php wp-photo-album-plus/wppa-date-time.php * Plugin Author [Jacob N. Breetvelt](https://wordpress.org/support/users/opajaap/) * (@opajaap) * [9 years, 11 months ago](https://wordpress.org/support/topic/vulnerable-to-attacks/#post-7546938) * Yesterday i uploaded new versions of these files into the development version( was 6.5.00.005 .. 6.5.00.007 ). * The developmet version may be updated dayly, or even more than once a day; that is how it works with wp and svn. * _Wordfence should not compare your installation with a constantly evolving development version._ * Please update to the release version: de-activate and delete the plugin, and re-install as if it is a new plugin. Version 6.5.00 has been released today. * Ergo Conclusio: nothing wrong with wppa, you could inform the Wordfence developers of this. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Vulnerable to attacks ?’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/wp-photo-album-plus.svg) * [WP Photo Album Plus](https://wordpress.org/plugins/wp-photo-album-plus/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-photo-album-plus/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-photo-album-plus/) * [Active Topics](https://wordpress.org/support/plugin/wp-photo-album-plus/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-photo-album-plus/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-photo-album-plus/reviews/) * 7 replies * 2 participants * Last reply from: [Jacob N. Breetvelt](https://wordpress.org/support/users/opajaap/) * Last activity: [9 years, 11 months ago](https://wordpress.org/support/topic/vulnerable-to-attacks/#post-7546938) * Status: resolved