phjoy.Claim Your Free 999 Pesos Bonus Today

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)

Forum: Plugins
In reply to: [Google Authenticator - WordPress 2FA, MFA, OTP SMS and Email] URGENT – Lost access to our website

Thread Starter Пулемёт
(@poulimiot)

4 years, 8 months ago

Hi there!

It was predictable that you would deny the evidence, though several checks have proved that your “Google Authenticator – WordPress Two Factor Authentication” plugin is only responsible of the substitution of ALL OUR ADMIN PASSWORDS with your 3 SECURITY QUESTIONS configured method.

As for the integrity of our website, the daily automatic security scan done by Wordfence did not reveal any attacks, except from the switch and the backdoor found JUST AFTER we activated your plugin (knowing that we did not modify or install anything else in the previous 48 hours).

What a shame!

Anton

Forum: Plugins
In reply to: [Google Authenticator - WordPress 2FA, MFA, OTP SMS and Email] URGENT – Lost access to our website
Thread Starter Пулемёт
(@poulimiot)

4 years, 8 months ago
Hello,

Never had to deplore such vicious issues with any plugins but, at last, we have got rid of it.

FYI, after having purged ALL caches via our CDN, the usual WordPress log in window was displayed again, but after some attempts, WordFence was still blocking any access to our website.

So, we were forced to manually uninstall/reinstall WordFence to finally find out that your “Google Authenticator – WordPress Two Factor Authentication” plugin had purely — and without warning — changed/crossed ALL OUR ADMIN PASSWORDS with your 3 SECURITY QUESTIONS configured method… forbidding us to log in as usual!!!

Furthermore, the automatic security scan (regularly) done by Wordfence afterward sent us the following alert:

File appears to be malicious: wp-content/cache/object/3b2/e20/3b2e20bf1659d5942f51eb009ce6ba86.php
Type: File
Issue Found 16 June 2020 21 h 44 min
Critical
Ignore

Details

Filename: wp-content/cache/object/3b2/e20/3b2e20bf1659d5942f51eb009ce6ba86.php
File Type: Not a core, theme, or plugin file from www.remarpro.com.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: wp_set_password( ‘password’, 1 )

The issue type is: Backdoor:PHP/wpinfoajinsert.5689
Description: Hardcoded password reset, common part of WordPress backdoors

Not sure yet that your “Google Authenticator – WordPress Two Factor Authentication” virus plugin is involved in that backdoor, but daring to change/cross ALL ADMIN PASSWORDS without warning your potential customers is a pure infamy and cannot be a coincidence.

The worst being that the excellent Wordfence plugin already offers FOR FREE the Two-Factor Authentication option.

So, do not be surprised that we grant you, for such bad practices + waste of (our) time, a 1 star review, and dissuade our clients to be mislead by your plugin.

Anton
- This reply was modified 4 years, 8 months ago by Пулемёт.
- This reply was modified 4 years, 8 months ago by Yui.

Viewing 2 replies - 1 through 2 (of 2 total)