elyptic

Also I should add that I’ve disabled the WP_CACHE and here are the other settings in my wp_config.php:

// define('WP_CACHE', true); //Added by WP-Cache Manager
// define( 'WPCACHEHOME', '/home/off/public_html/dev/wp-content/plugins/wp-super-cache/' ); //Added by WP-Cache Manager
define('WP_DEBUG', true);
define('WP_DEBUG_DISPLAY', true);
define('WP_ALLOW_MULTISITE', true );
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', false);
define('DOMAIN_CURRENT_SITE', 'off.com');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);
/* That's all, stop editing! Happy blogging. */

I just want the team to know I’ve seriously tried everything in the forums to get it back, but nothing has worked.

The plugin was written with malicious code hidden at the end of the file. The plugin isn’t exploitable, it’s an exploit. Installing these plugins begins the exploit. Exploitable just means insecure / poorly written code. But I know what you mean about people posting possible false alarms.

I see that they have been removed from the listing which is good, but does that notify the users of the plugin? Or are they all still in the dark?

Maybe a good routine to start is checking your plugins’ “View details” link, and if it’s gone then it’s probably a good idea to uninstall the plugin as well.

Great thanks Andrew, sent.

I have not been able to find where to report it to the plugins team. All I have been able to do so far is rate it a 1 star, and review it descriptively on the plugin’s page.

I also subscribed to updates from the author’s page, which brought the topic up again, as he is recruiting his friends (or possibly just creating new emails) to positively review the scam to boost ratings. I see thousands of downloads of this plugin.

Note the above code will not work as expected, as this will never evaluate to true, in fact it should throw an error:

if($_SERVER['REMOTE_ADDR'] == 127.0.0.1)

That IP address needs quotes.