et_temp folder in uploads – hacked?

  • [email protected]

    (@russellirondogmediacom)


    5 years, 4 months ago

    I recently discovered a folder in my /wp-content/uploads directory called et_temp. It contains a few small images that I did not upload. I looked through other folders in my uploads folder and they also have several images in each that were not uploaded by me.

    I did a search for “et_temp” and it seems that this folder grants anyone access to all the files in a site’s uploads folder with no user verification.

    Anyone fixed this before? I would be most grateful for information to help prevent this folder from reappearing on my site.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator James Huff

    (@macmanx)

    Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

    Thread Starter [email protected]

    (@russellirondogmediacom)

    @macmanx Thank you for that. I always maintain a backup on a local drive not connected to the internet, so I’m good there. Also, I’m familiar with the scanning and security plugins you have mentioned, but thank you in case anyone else needs that information.

    I was more interested in knowing if anyone knows anything else about the et_temp folder. Seems the internet is full of sites with that folder and all their upload data (even multisite upload data) is freely available because of it. Massive hole in security, in my humble opinion.

    Is there any information specifically about what plugin, or security flaw is responsible for the et_temp folder? There doesn’t seem to be much documentation of it online.

    Any knowledge you might be able to share would be wonderful.

    Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘et_temp folder in uploads – hacked?’ is closed to new replies.