Disable UM-API to improve security?

This was sent to me by UM, you may find it useful. We also completly removed the plugin due to ongoing issues and switched to another Member plugin.
From UM:

“There is a doc with the list of infected files
Doc Link
and steps what you need to do.
Also, you may use WordFence plugin to clear all infected files at your site.”

Good Luck.

Hi, thanks for the information. However the infection had a different pattern, probably due to different payload. The infection is cleaned now by a complete restore of a backup.

My concerns are that UM still contains an API that I am not actively using and which obviously imposes a risk to the webpage.

Therefore I would like to disable it. Alternative would be to dump UM and find a safer plugin.

You may try this, a response from UM when I pressed for more information about removing the plugin:

I’m sorry to hear that you have malware issues due to a security vulnerability that we’ve patched earlier. We take this issue very seriously and ask you to submit a new support ticket on our website so we can help you to fix this issue and remove malicious files. Please go to this page on our website and click on “I’ve read the pre-purchase FAQs & want to ask a question”

It seems odd that they would want you to go the their ‘Pre-Purchase’ page to ask about removal issues, but it is what it is and they did respond to my requests for support even though we had the free version of plugin.

We went with your Alternative.

Good Luck

Which alternative did you choose? Can you recommend it?