Destroyed site from vulnerable plugin

  • This theme – whilst beautiful – is unsafe. Very easy to hack – check the reviews below or go to thehackernews website and search for “Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers”. Wiped my site out – fortunately I had a backup and noticed it in time.

    AVOID! The developers of the theme clearly have no interest in addressing the issue.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author ThemeGrill

    (@themegrill)

    Hi @ahatandacoat,

    The issue is already resolved in the version 1.6.2 (released on Feb 16) and followed by version 1.6.3 with more security enhancement.

    Sorry for the inconvenience caused. We understand it is a difficult situation for our users but where we stand we can only look forward, we are doing our best now. As per our request, wordpress(dot)org plugin team has now helped us to auto-update some of the last versions to the latest version so more users are not affected by this.

    The best approach to tackle this issue is: please contact your hosting service provider and ask them to restore to last working backup they have. These days most hosting service provider do have this backup service. Once you do this, please delete/deactivate the ThemeGrill Demo Importer plugin if you are not using it, if you need to use it, please make sure you are using the latest version 1.6.3.

    Thanks.
    Sanjip S.

    Thread Starter ahatandacoat

    (@ahatandacoat)

    I appreciate your response Sanjip.

    debbietechforceonsite

    (@debbietechforceonsite)

    Sanjip, I’m another person whose site is now completely useless…and I can’t even log-in to begin trying to fix it. My host provider is skeptical about restoring to an earlier version because… ” If we simply rollback the site it is possible that the hacker can access it again though a backdoor he could have left somewhere in the files. This is the reason why restoring the site is not really a solution in your case since most likely it would just lead to it getting compromised again.” If we restore it and simply delete the ThemeGrill Demo importer plug in, is it true they likely have infected the files to the point that it they can continue to infect the site again, or does the new updated plug-in fix any outlier “backdoor” hackers created? Thank you.

    Hi @debbietechforceonsite,
    Since the resetting the site, removes the users, the hacker will not able to login to your site after reset. Also, if you restore the site from complete backup along with WordPress files, you’ll get back to previous state by removing any code in case hacker has inserted for other vulnerability on your site.

    I recommend you to follow some security measures once backing up your site: https://themegrill.com/blog/category/security/

    I hope this helps.

    Regards,
    Ashish S.

    Plugin Author ThemeGrill

    (@themegrill)

    Hi @debbietechforceonsite,

    We have checked and restoring is the best approach. When you restore, all theme/plugins files are restored to the unaffected point. Then you simply, delete or update the ThemeGrill Demo Importer plugin and there’s no backdoor left.
    Also, once you restore, just for assurance you can also use Sucuri plugin to scan your whole site.
    And, we are sorry for the inconvenience caused and if you any more confusion, please use this contact page and we will get back to you in detail.

    Thanks.
    Sanjip S.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Destroyed site from vulnerable plugin’ is closed to new replies.