Support » Plugin: codoforum-sso » What is “must use” SSO by garth mortensen?

  • Not sure where to start to find the answer to my question. Any guidance would be much appreciated.

    I noticed a plugin under the “Must-Use” tab called: SSO version 0.3 | By Garth Mortensen, Mike Hansen. Does anyone know that this plugin is for?

    It’s not a plugin that one can activate/deactivate. Just curious.

    Thanks so much.:)

Viewing 10 replies - 1 through 10 (of 10 total)
  • Do you have Bluehost hosting? It looks like it was installed by them in order to force your site to update, then break everything.

    What do you mean by “break everything” and is this nefarious? Why would BH need to force my site to update?


    I happened to one of my sites hosted in BlueHost. It was destroyed; I made a backup restore and was able to recover part of my work.

    Bluehost denies it, arguing WordPress installs it, but here is an article where Matt Mullenweg itself tells Bluehost’s story of updating outdated WordPress sites.

    Mike Hansen is one of the plugin developers, and he has a twitter account where he claims to be THE WordPress Core Contributor @bluehost.

    Shame on BlueHost.

    • This reply was modified 2 years, 3 months ago by Dinamicore.
    • This reply was modified 2 years, 3 months ago by Dinamicore.

    So basically it’s a backdoor, put in by BlueHost, used to update WP and plugins automagically?

    Even if it were okay for them to update your site, the idea of a backdoor installed by the host, scares the shit out of me.

    I just found this plugin on my Hostmonster hosted site as well.

    Is it safe to delete it via FTP?



    Hi kbjanthro, thanks for this question as I also have the same problem. I’ll ask the question on Kadence theme support and see what they come up with. will then give feedback what they suggest.

    Why has this thread not been updated? Anyone come up with a solution can it be removed by ftp or is BH intent on reinstalling?

    Hi, I’m Garth Mortensen.

    I wrote this plugin years ago when I worked at Bluehost. Since I haven’t worked there for years, I don’t know if the plugin code has changed or not, but when I wrote it, it’s sole purpose was to allow someone to login to their WordPress site from the Bluehost control panel. That’s it. It had nothing to do with updating sites.

    I don’t know what the current process is, but last I knew it was completely safe to remove the plugin. However it would be reinstalled if you ever used the WordPress section of the Bluehost control panel.

    Like I said, I have no clue how things currently work.



    Thanks for your confirmation, Garth. I’ve renamed the ‘mu-plugins’ folder and also changed sso.php to sso.txt and given it perms of 000.

    And so far, no worries on the site. I have a feeling this site WAS on bluehost a long time ago, but since its not, I made the changes. Once I KNOW no issues exist, I’ll delete the file from the server.


    Thanks for explanations.

    I maintain one small site on Bluehost for friend.

    Although site was installed six months ago, sso.php appeared on today’s Wordfence report as a new file.

    I guess someone logged in from BH dashboard.

    Best wishes,

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘What is “must use” SSO by garth mortensen?’ is closed to new replies.