incart

True, it’s not up to the host to patch and fix security problems with plugins. I don’t think that was the point of my post. Hence why I recommend using Sucuri (SiteGround recommends them as well) for security protection on your WordPress site. WPEngine, however, doesn’t allow plugins with vulnerabilities to be added to your site in the first place, which SiteGround doesn’t do, which is why I recommend WPEngine first, SiteGround second.

The plugin developers of the two vulnerabilities (twentyseventeen theme by WORDPRESS, and Ultimate Member plugin by UltimateMember) had already provided a patch, but it was AFTER infections occurred, and there was no offer from them to fix the problems that their vulnerability issues caused. This started back in 2017, and that SiteGround couldn’t even find the malware the first time I asked for assistance says a lot about the lack of security SiteGround has. It doesn’t mean SiteGround is the worst, but if you want a secure environment for your WordPress site, WPEngine is the only host I am aware of that protects WordPress sites by not allowing vulnerable plugins to be uploaded to their servers.

Thanks for your feedback.

Same issue here. The malware struck thru this plugin and infected the rest of my sites on my Siteground server. I’ve replaced wp-includes folder 5 days in a row… the malware reached woocommerce js files & theme js files. It strikes thru a non-specific jquery callout, and opens cdn.allyouwant.online up for a direct port to update the malware. Here’s the write-up from 8/22/18: https://blog.sucuri.net/2018/08/massive-wordpress-redirect-campaign-targets-vulnerable-tagdiv-themes-and-ultimate-member-plugins.html. The article says TwentySeventeen noticed the infection and was corrected with an update. However, I found the injected code in this file: /wp-content/themes/twentyseventeen/assets/js/jquery.scrollTo.js just now & my site(s) have the most current theme. I don’t even have that activated, but it resides on the server, so it still apparently can attack the site.

@codepeople: No, I cannot post a ticket as I only have the free version. I know it’s weird, but as soon as I update your plugin (I’ve tested this), the problem goes away. There have been so many updates over the past month, every time I visit my site, it looks terrible! I’m about to go looking for a new way to get what I’m after.

I do not use caching plugins.

I am interested in storing multiple addresses, but not only when users want to ship to multiple people on the same order. Sometimes they send 1 product out at a time to different people as gifts, and the current WooCommerce system only stores the last address they shipped to for them. Seems like this shipping-multiple-addresses plug in could add one more step to allow users to just access the address book that they’ve already created for the instance when 2 items are placed in a cart. If anyone knows of another plug-in that works with WooCommerce for WordPress, please let me know.