Warning from Wordfence: Updraft Plus plugin hacked?

Hi @wpress2010,

It seems there was a recent update for the UpdraftPlus plugin and apparently it included a modification related to Dropbox.

If you have installed that update of UpdraftPlus, what Wordfence reported appears consistent with the information I found regarding the modifications made to the plugin. However, you might want to check with the plugin authors.

In case you haven’t recently implemented any UpdraftPlus update, please let us know and we will investigate further.

I’d like to recommend this article on how Wordfence analyzes changes in your WordPress files.

Note that you can also choose to exclude directories from the recently changed files report.

I had responded to this message from the WordFence plugin:

Warnings:
* The Plugin “UpdraftPlus – Backup/Restore” needs an upgrade (1.12.35 -> 1.12.37).
The warning was sent on 3/31/2017, which was the same day that I updated this plugin. The Warning that I reported here:

* Modified plugin file: wp-content/plugins/updraftplus/includes/Dropbox2/OAuth/Consumer/ConsumerAbstract.php

arrived on April 4, 2017.

Hi @wpress2010,

If you are using the free version of Wordfence, scans are automatically done once every 24 hours. However you have the possibility to disable automatic scheduled scans.
Is it the case on your site? Do you run scans manually?

Have you made any changes to the Wordfence settings between March 31st and April 4th? For example, removing the exclusion of the wp-content/plugins/updraftplus directory from the scan?

Also, if you check the headers for the email received on April 4th, do you see any delay between the creation and delivery dates?