The issue type is: Backdoor: PHP/createadmin.8711

  • Hey there,

    Please, find below a message from Wordfence about Backdoor from Slick Popup I am afraid about it because my website was invaded last days ago. I installed all thing again (together new the version Slick Popup PRO), I don’t know if this is a false warnin’:

    File Type:?Not a core, theme, or plugin file from www.remarpro.com.

    • Details:?This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is:?!username_exists($newusername) && !email_exists($newemail) )\x0d\x0a\x09\x09{\x0d\x0a\x09\x09\x09// Create user and set role to administrator\x0d\x0a\x09\x09\x09$user_id = wp_create_user( $newusername, $newpassword, $newemail);\x0d\x0a\x09\x09\x09if ( is_in…

      The issue type is:?Backdoor:PHP/createadmin.8711
      Description:?A script used to create admin accounts. This is typically done with malicious intent, but could also be indicative of a vulnerable plugin.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Tanjot Singh

    (@tjomak)

    Hello,

    Yes, we are aware that Wordfence considers the “Grant Access” feature in the Pro version as Backdoor, but it is not.

    It is a code block in the plugin, which helps the user to provide access to our team with one click.

    The reason Wordfence considers it as a backdoor is because it has wp_create_user() function to create user for our support team.

    You can ignore this warning, so it is excluded in the future scans.

    Hi there,

    I appreciate your fast reply!

    Cheers,

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘The issue type is: Backdoor: PHP/createadmin.8711’ is closed to new replies.

Tags