umeckzki

Asked Hostinger regarding this issue and I got an answer from them which isn’t helpful at all.

Regarding the must-use (MU) plugin, it’s installed to integrate with affiliated plugins and themes, such as Astra, WPForms, and All in One SEO, to provide streamlined functionality and simplify the process for our users!

If you have any further concerns or questions, please feel free to reach out to us directly at [email protected]. We’re here to assist you.

Looks like it’s been installed on sites with Astra theme, AIO SEO, WPForms, MonsterInsights, Neve, and some other plugins.

I have just checked all my sites and the plugin didn’t come back again.

If the plugin keeps coming back despite deleting it, and if you don’t have access to human support from Hostinger, you’ll need to take additional steps to ensure the plugin doesn’t reappear. Here are some further actions you can take:

1. Check File Permissions: Ensure that the permissions on your WordPress files and directories are properly configured. Make sure that only the necessary users have write permissions, and restrict write access as much as possible to prevent unauthorized changes.
2. Scan for Malware: Use a reputable security plugin or an online scanning tool to thoroughly scan your WordPress installation for malware. Some plugins can detect and remove malicious files automatically.
3. Monitor File Changes: Set up file integrity monitoring to detect any unauthorized changes to your WordPress files and directories. Some security plugins offer this feature, or you can use server-side tools to monitor file changes.
4. Implement Web Application Firewall (WAF): Consider using a web application firewall to filter and monitor HTTP traffic to and from your WordPress site. A WAF can help block malicious requests and protect against various types of attacks.
5. Review Access Logs: Check your server access logs to see if there are any suspicious IP addresses or unusual patterns of access. This can help you identify potential attackers and take appropriate action.
6. Review WordPress Core and Plugins: Check for any vulnerabilities or outdated software in your WordPress core installation and plugins. Remove any unused plugins and themes, and keep everything updated to the latest versions to patch security vulnerabilities.

If you’re on cPanel, please check the security settings on WordPress Toolkit app. There are some settings regarding securing “wp-config.php”

Yes, it’s safe to delete that file. It will be removed from your site. It’s only one PHP file and designed to automatically insert affiliate links into your website for certain plugins and themes, like Astra, MonsterInsights, etc.

Reach out to Hostinger’s support and inquire about these “Affiliate Plugin” file. Ask them why they were installed, their specific purpose, and if they were meant to be there without your knowledge.

No, I’m sure it’s not from your developer but I think Hostinger did that! I have already checked on two sites I hosted on their servers. I think WordPress needs to take action to that bad practice.

Here’s the code I copied from one of the sites:

<?php
/**
 * Plugin Name: Affiliate Plugin
 * Description: "Affiliate Plugin" serves the purpose of integrating affiliate links into the WordPress website.
 * Version: 1.0.3
 * Text Domain: hostinger-mu-affiliates-plugin
 */

defined( 'ABSPATH' ) || exit;

if ( ! defined( 'ABSPATH' ) ) {
    exit;
}

class Hostinger_MU_Affiliates {
    const MONSTERINSIGHTS_AFFILIATE_ID = '3107422';
    const ASTRA_AFFILIATE_ID = '12425';
    const WPFORMS_AFFILIATE_LINK = 'https://shareasale.com/r.cfm?b=834775&u=3107422&m=64312&urllink=';
    const AIOSEO_AFFILIATE_LINK = 'https://shareasale.com/r.cfm?b=1491200&u=3107422&m=94778&urllink=';
    const HESTIA_AND_NEVE_AFFILIATE_LINK = 'https://www.shareasale.com/r.cfm?b=642802&u=3107422&m=55096';

    public function __construct() {
        if ( is_admin() ) {
            $this->define_admin_hooks();
        }

        add_action( 'init', array( $this, 'schedule_weekly_cron_job' ) );
    }

    public function affiliate_astra() {
        add_option( 'astra_partner_url_param', self::ASTRA_AFFILIATE_ID, '', 'no' );
    }

    public function affiliate_monsterinsights( $id ) {
        return self::MONSTERINSIGHTS_AFFILIATE_ID;
    }

    public function wpforms_upgrade_link( $link ) {
        return self::WPFORMS_AFFILIATE_LINK . rawurlencode( $link );
    }

    public function aioseo_upgrade_link( $link ) {
        return self::AIOSEO_AFFILIATE_LINK . rawurlencode( $link );
    }

    public function neve_or_hestia_upgrade_link( $utmify_url, $url ) {
        if ( strpos( $url, 'themes/neve/upgrade' ) !== false || strpos( $url, 'themes/hestia-pro/upgrade' ) !== false ) {
            return self::HESTIA_AND_NEVE_AFFILIATE_LINK;
        }

        return $utmify_url;
    }

    private function define_admin_hooks() {
        add_filter( 'optinmonster_sas_id', array( $this, 'affiliate_monsterinsights' ) );
        add_filter( 'monsterinsights_shareasale_id', array( $this, 'affiliate_monsterinsights' ) );
        add_filter( 'wpforms_upgrade_link', array( $this, 'wpforms_upgrade_link' ) );
        add_filter( 'aioseo_upgrade_link', array( $this, 'aioseo_upgrade_link' ) );
        add_filter( 'tsdk_utmify_url_neve', array( $this, 'neve_or_hestia_upgrade_link' ), 11, 2 );
        add_filter( 'tsdk_utmify_url_hestia-pro', array( $this, 'neve_or_hestia_upgrade_link' ), 11, 2 );
    }

    public function schedule_weekly_cron_job() {
        if ( ! wp_next_scheduled( 'run_weekly_affiliate_astra' ) ) {
            wp_schedule_event( time(), 'weekly', 'run_weekly_affiliate_astra' );
        }
        add_action( 'run_weekly_affiliate_astra', array( $this, 'run_weekly_affiliate_astra' ) );
    }

    public function run_weekly_affiliate_astra() {
        if ( ! get_option( 'astra_partner_url_param' ) ) {
            $this->affiliate_astra();
        }
    }
}

new Hostinger_MU_Affiliates();

I’m sure it’s not mine! I don’t have affiliate links to those site at all!

PS: You can remove it from your cPanel or hPanel (if you’re already use their own Panel) File Manager or FTP if you have access to it.

• This reply was modified 9 months, 1 week ago by umeckzki. Reason: Add the answer to the question about deleting the plugin

Looking for the same answer too ??

Hello @obehii

Have you checked the Off-Canvas menu in your menu settings? I had the problem with my menu not showing in mobile browser too and had it solved.

plugins conflict could be the cause or your problems.
Try deactivate other plugins and run the W3TC with standard configuration. And check your hosting specification for more troubleshooting.
Hope it will be helpful.
Have been using this plugin for years with various shared hosting and got no serious problems so far. It’s complicated at first, I admit but once you know exactly what you’re doing, it will be very helpful.

I think it’s not the theme problem..
I too have the same problem if I wanted to customize any themes using customize feature. May be you should try to customize any other themes.
May be it’s a cookies issue?