Solution to recent security issue?

Viewing 8 replies - 16 through 23 (of 23 total)

  • i thought everything was fixed, but no, today i saw my site still getting redirected, i am still fixing each component to rule out what is the real security cause…one of that comes from the “automatic plguin”

    Hi,

    I had the same issue. I fixed it by:

    -deleting the users that were added
    – changing the home page url in the wp_options table
    – upgrading the pludin

    Is this enought I don’t have to restore a pre dec 7th version of the website, right?

    In addition: after updating the plugin to the secure version, an admin user was again automatically added. How is that possible?

    Plugin Author Steve Burge

    (@stevejburge)

    Hi. I’m one of the PublishPress team.

    With the earlier versions of the plugin (2.3.0 and earlier), there was a security issue that was found and reported.

    That’s not true with version 2.3.2 yet. There are several possibilities:

    – Another vulnerable plugin on these sites. The issue with Capabilities was part of a much bigger campaign targeting many plugins and themes: https://www.wordfence.com/blog/2021/12/massive-wordpress-attack-campaign/
    – The hacker left some way to access these sites after the original issue.
    – A second security issue in the Capabilities plugin.

    If you use PublishPress Capabilities, we’re happy to help, no matter which of these three options is true.

    The best approach is to email [email protected], please. Our team can help more directly with your sites than they can on a public forum.

    In addition to:

    -deleting the users that were added
    – changing the home page url in the wp_options table
    – upgrading the plugin

    …make sure you go into your database in the wp_post table and remove the “autodraft” entry.

    I just want to point out (for those of you who don’t have a backup and are trying to clean it up manually) that by me the header.php file and theme directory in wp-options table were also changed.

    Can you tell us what changes they have had, just to know if there have been any changes in mine?

    Thank you!

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    For the record: If you’ve been hacked, get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

Viewing 8 replies - 16 through 23 (of 23 total)
  • The topic ‘Solution to recent security issue?’ is closed to new replies.