WARNING – don’t install with WooCommerce!!!

  • Our business website running the latest version of WooCommerce has been running with the popular Wordfence security plugin, which was deactivated while I tested this plugin.
    Everything was fine for a few weeks, then I noticed orders were coming in but no PayPal payments. So checked the PayPal email address in WooCommerce settings, sure enough it’s been changed to another email address of someone who’s been happily receiving our money.
    Changed it back and tried to recoup the money, nope PayPal is all about protecting the buyer… a day later the email address is again changed back to our malicious friend.
    Changed it back and checked all logins, security settings etc, nothing of note.
    This email address changed 4 times during my brief stint with All In One WP Security & Firewall plugin. To 2 different indian-sounding email addresses.
    When I uninstalled All In One WP Security & Firewall, and changed the PayPal email address back to ours, the activity stopped.
    So now I’m receiving the money that my customers are paying through PayPal, and not some clever scammer.
    I would suggest that perhaps this plugin allows a backdoor for the PayPal email address to be changed, either that or the plugin authors have abused their privileges for their own gain. In any case I’ve uninstalled it, reinstalled Wordfence, and not experienced any trouble. I’d advise against this plugin for a financial site with either WooCommerce or PayPal.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor wpsolutions

    (@wpsolutions)

    I would suggest that perhaps this plugin allows a backdoor for the PayPal email address to be changed, either that or the plugin authors have abused their privileges for their own gain.

    Absolutely not true. This plugin has no backdoors nor does it have anything to do with paypal or changing email addresses.

    I suspect that your site is or was probably infected and I advise that you look into cleaning it up.

    Thread Starter Selby

    (@jselby)

    It’s been 3 months since I uninstalled your plugin, and we have had no issues since then.
    Your plugin was installed for 4 weeks, and our site was hacked 4 times.
    Prior to this, the site had been active for 3 years, and nothing like this had happened before.

    That’s what makes me think your plugin had something to do with it.
    And to clarify, I only (ever) install and trial one plugin at a time.

    If this came across as a bit of a rant, so be it. I hope people are warned about it though.

    We lost a substantial amount of money through the actions of the scammer/s using your software to gain access to our website.

    And from what you say above, it doesn’t look like you’re even going to check it out in detail. That’s exactly the level of responsibility one would expect from a security plugin developer (not)!

    wordpresspluginreview

    (@wordpresspluginreview)

    This review worries me a good deal … . I have been testing out the All in One plugin, but I’m also going to be using WooCommerce … . Is it alright to ask here if anyone else has had the same experience with PayPal and this plugin? The plugin has a really nice interface and seems really thorough, so I would really like to keep using it, but PayPal … money … oh, dear.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    @wordpresspluginreview,

    Please create a support ticket if you have any issues or questions with our plugin. We are happy to assist you with any issues or questions you may have in regards to our plugin and WooCommerce plugin.

    Thank you

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘WARNING – don’t install with WooCommerce!!!’ is closed to new replies.