Warning! Malicious! This plugin Hack my wordpress!

  • Warning!
    My website is under constructing and we are designing theme and no-one has my website address!
    just one day after i installed this plugin my WordPress hacked and two plugins added to my WordPress!!! 1. Xwp Backdoor !!! 2. wp-file-manager !!!
    I think author of this plugin hack my website because I find security issues in this plugin! and no one else has my website address!!

Viewing 1 replies (of 1 total)
  • Plugin Author David Vongries

    (@davidvongries)

    Hi @mahdiparsi,

    my apologies that your website has been hacked.

    All plugins in the WordPress repository go through a check by the WordPress plugins team where they also check for vulnerabilities in the codebase. We are not aware of any vulnerabilities nor have any been reported to us in the past.

    Let me assure you that we have definitely not nacked your site. Simply because this is the plugin you’ve installed just yesterday doesn’t mean it’s the cause for your site getting hacked.

    Nobody having your address doesn’t mean your website is actually hidden. Bots might have crawled it for instance. A weak password or installing nulled software are just 2 examples to get a website hacked in no time.

    What I’m trying to say is, it could’ve been everything. Simply blaming it on the plugin you’ve installed yesterday with no evidence isn’t really helpful to anyone.

    I understand your frustration and I’m happy to fix any security issues there might be in the plugin if you can point them out to us.

    Thank you.

Viewing 1 replies (of 1 total)
  • The topic ‘Warning! Malicious! This plugin Hack my wordpress!’ is closed to new replies.