Notify administrators upon malicious installation

  • Please consider this as a feature request:

    It’s not a secret that the plugin is often found in compromised websites due to it’s ability to inject any kind of code without much filtering. Nothing wrong with the plugin itself, but it would be great if it was sending an email notification upon installation and activation as this could raise a flag to admins when something fishy is going on.

    Alternative to notifying an administrator upon activation would be whenever an entry is created that contains encrypted or encoded scripts, redirections to external or unclear pages, etc.

    I’ve left a link to an article by Sucuri where you can find an example of how the plugin has been used for exploiting websites.

    Thanks for considering my suggestion!

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Mircea Sandu

    (@gripgrip)

    Hi @vloo,

    Thank you for the suggestion. We will take into consideration to add such an option to help with this situation. Unfortunately, in most cases, attackers are also able to install plugins and make other changes which would also enable them to bypass such protections. The best protection against these situations is to change administrator passwords, use strong passwords and make sure plugins are updated regularly.

    If you encountered such a compromised site and are willing to help us look into specifics to try and find ways to improve this situation please send us a message using the form at https://wpcode.com/contact. We’d greatly appreciate it.

    Plugin Author Mircea Sandu

    (@gripgrip)

    Hi @vloo,

    I wanted to follow-up here with more details. We recently got a report from someone that they did not instal WPCode on their site and they found that the plugin was installed and hidden from the list of plugins.

    When an attacker has this type of access to a website where they can install plugins there’s nothing we can do from inside a plugin to prevent the actions they are taking since our plugin was not even present on the site when they started.

    The best defence is to use strong passwords, set up two-step authentication wherever possible and keep plugins, themes and the WordPress code updated.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Notify administrators upon malicious installation’ is closed to new replies.