Base64_decode Malware WooCommerce 8.30

Hello? Is there any support here? It’s a virus, so something to take serious as a developer of this widely used plugin.

Hi @rl_stine

Thanks for reaching out!

Firstly, I want to assure you that WooCommerce is a secure platform and we take security issues very seriously. It’s unlikely that WooCommerce is the source of the malware. However, it’s possible that a third-party plugin or theme may have vulnerabilities which allow the malware to infect your site.

Here are a few steps to help resolve this issue:

1. Update all your plugins, themes, and WordPress to the latest versions. This will ensure that you have the most recent security patches.
2. Delete any plugins or themes that you’re not using. They could potentially be a source of the issue.
3. Consider using a security plugin like Wordfence or Sucuri, which can help you detect and remove malware.
4. If you’re comfortable with it, you could also manually inspect your site’s files and database for any suspicious activity.
5. Finally, contact your hosting provider. They may be able to assist with removing the malware and securing your site.

Meanwhile, please provide us with a clear screenshot of what you’re seeing on your end to help us better understand your situation and address your concerns more effectively.

If you don’t already have a screenshot service installed, you can try https://snipboard.io. You can share the direct link to the image as a response to this topic.

Hello,

Like I said. All the other websites have the same plugins and themes. I did a test by disabling the WC plugin on one site, and the malware didn’t come back. In the other websites, where WC was enabled, the malware did come back.

So, out of this the conclusion is not so difficult I think? It means it’s coming from WC?

Hey @rl_stine,

If I understand correctly, you are seeing this folder in your sites plugin directory, correct?

While I am unable to find any file with the names you mentioned when checking my site files’ plugin directory, I’d be happy to take a closer look.

Please can you clarify the following:

• When did you first notice the plugin folder in question? Was this after any updates or changes made to your site or server?
• Was WooCommerce already installed on your site, or is WooCommerce newly installed?
• If the latter, how was WooCommerce installed? Was it downloaded directly from Plugins → Add New, or was this downloaded and then uploaded?
• If all plugins are deactivated with only WooCommerce active, and a default theme, such as Storefront active, does the plugin folder return?

Additionally, I’d like to get a better understanding of your sites current environment, can you please share a copy of your sites System Status Report which you can find via?WooCommerce?→?Status.

Select Get system report and then Download for Support. This will download a TXT file that has the contents of the SSR which you can then share with us here.

Cheers!

Howdy,

We haven’t heard back from you in a while, so I’m going to mark this as resolved – we’ll be here if you need any further help with this.

Cheers!