Fake malicious plugin got installed

  • Resolved bendproweb

    (@bendproweb)


    7 years ago

    A couple of weeks ago a client told me she was getting emails saying that core WordPress file may have been modified. She has Shield installed with Hack Guard, Login Guard, Firewall, HTTP Headers, and Lockdown activated. Somehow a file called .index.php (the leading dot is what threw me) and a fake, malicious plugin posing as Akismet both got installed. The .index.php file was just a long string of code starting with: <?php $_F=__FILE__;$_X=’Pz48P3BocA0KQ

    I also installed WordFence and it found the issue and cleaned it right up.

    I don’t usually use Shield on my sites. Is Shield supposed to be able to block files/plugins like this from being installed?

Viewing 1 replies (of 1 total)
  • Plugin Author One Dollar Plugin

    (@onedollarplugin)

    It really all depends on how it got installed – what exactly gave it access to do so. There are many ways for this to be achieved .

    I’m glad you found the solution with Wordfence and it worked for you.

Viewing 1 replies (of 1 total)
  • The topic ‘Fake malicious plugin got installed’ is closed to new replies.