Must have!

Nopepety-nope-nope – DO NOT install this – it injects malware into your site, and log you out as admin – prepare to be hacked…

@watershare absolutely not mate. I’m an indie developer and use this on over 50 of my own sites. Is there any other issue I could help you identify?

I just spend two days trying to fix my site, and between me and my hosting provider, the only error we found was the code injected by this plugin into my database, which revoked my admin privileges and locked me out of my site – i have to start over again, with a completely new database.

So, thanks, but no thanks. You had done enough already

Can you share the code? It sounds like the plugin was just injected with malware…

Also, did you try just recreating your admin user using a MySQL client like PHPMyAdmin? You shouldn’t have to start over in a new database just because you lost admin access – it’s frustrating to hear your hosting provider couldn’t help you with that.

@watershare All wordpress plugins are open sourced and you can view the code as you like. I use WordPress API to add my own settings to the plugin, which is the method all plugins do, and for admin/priveledges I’m only reading the database level of the current user not updating it. It sucks that you’ve had a hack, highlights the importance of making backups, but do please share any revelations you have about this because if, for some reason that I can’t identify, my plugin _does_ have a vulnerability then I need your help to patch it. I’m here to help, this plugin is my baby so it’s up to you. Good luck

Dear jatacid

My sincerest apologies – it took me a week, and i finally was able to get back up and running, fortunately I did have a backup, so i did not have to start completely from scratch, but the hacker logged me out good from my own database, and replaced my wp_config file, so i had real difficulty logging into my admin panel…

It was not your plugin, it was the one that i installed just before installing yours – it seems that it uses the configuration of the first change after it was installed to inject the malware, which is why my hosting provider said it was this plugin..

Again, please accept my apologies. I am going to install your plugin now on both my sites, because i am sure its awesome ??

P.S – i do have the name of the bad plugin if anyone is interested…

Cheers for following up @watershare – great to hear it wasn’t my plugin. Do share the name of it I’m sure others could find that valuable info if they ever stumble across this.

Good luck, stay safe ??

??

Its actually a very popular plugin, called W3 Total Cache, which is why i did not suspect it initially, but when i now went to go read their 1-star reviews, i am certainly not the first that this has happened to, and i wont be the last..

Thanks again, for your feedback, and your understanding and your patience with me – your plugin is now running on both my sites, and it is AWESOME :-))