What does a security risk in a plugin look like?

Personal Opinion: I had the same thing with (mt) mediatemple twice last year. They told me/us that it was a wordpress issue, but it wasn’t. I heard the same from dreamhost last year. So: don’t think about it too much, just remove the hack and blame your host (again).

Anyway: You could read this thread. If your DB got “infected”: There’s also a link to the plugin I wrote to remove the inserted links from my database. Give it a try.

Related Posts:

  1. Security and .htaccess
  2. Headers Content-Security-Policy CSP Major Issue
  3. My WP site and password was hacked, what to do? [closed]
  4. I found this in a plugin. What does it do? is it dangerous?
  5. Disabled plugins are they security holes – rumor or reality?
  6. What could a hacker do with my wp-config.php
  7. How Can I Securely Implement a Password-less Login Feature?
  8. Are there procedures to prevent malicious plugin updates?
  9. Should we use plugins that aren’t available from the official WordPress site?
  10. Why allow overriding crucial pluggable functions wp_verify_nonce and wp_create_nonce?
  11. Where should my plugin POST to?
  12. Security error WP 4.0 + WP phpBB Bridge [closed]
  13. Should I install plugins to my WordPress installation from web sites having in URL “nulled” or, “null”?
  14. Add .html extension to custom post type taxonomies
  15. Disabled plugins are security holes – rumor or reality?
  16. Leverage browser caching not working after updating .htaccess
  17. Should I use RIPS tool to test my themes and plugins?
  18. Prevent Brute Force Attack
  19. Upgrading WordPress 4.0 asks for FTP password
  20. How to install WordPress Multisite with different domains under the same subdirectory?
  21. 403 Forbidden – You don’t have permission to access /wp-admin/admin-ajax.php on this server
  22. How Restrict access to admin dashboard by specific static ip?
  23. Error Message from W3 Total Cache when .htaccess Rules Cannot Be Modified? [closed]
  24. When is it useful to use wp_verify_nonce
  25. Protecting against malicious code in WordPress plugin updates
  26. htaccess and wordpress config files are regularly over written
  27. How to expire all wordpress user passwords instantly?
  28. Weird problems after recovery from security breach
  29. How can we deal with unmaintained plugins with vulnerabilities?
  30. Security issues with WP sites
  31. Escape when echoed
  32. Should you escape hardcoded URLs?
  33. Preventing BFA in WordPress without using a plugin
  34. 500 Internal Server Error when updating htaccess
  35. Write to / remove from default .htaccess file from plugin?
  36. How can I make uploaded images in the editor load with HTTPS?
  37. Changed permalink structure. Need help with redirecting old posts
  38. How to stop xmlrpc attacks without disabling component to allow JetPack to work in WordPress?
  39. Landing Page Redirect Chain | http->https->https www
  40. Possible htaccess configuration issue for HTTPS websites by WP Fastest Cache plugin? [closed]
  41. WordPress filter that hook after each action/filter hook
  42. How to delete Passwrd Protected posts cookies when a user logged out from the site
  43. The safest way to automate WordPress backups
  44. Does WordPress validate inputs to all functions? (such as get_user_meta and insert_user_meta)
  45. How to block plugin activations with no known user or coming from unknown IP address range?
  46. Check for security updates
  47. Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
  48. Why can’t I access my Intranet LDAPS with NADI?
  49. admin-ajax.php warning max input vars exceeded on layered pop plugins [closed]
  50. Malicious File Upload [closed]
  51. Reoccurring 404 Errors on all subpages
  52. Stop Plugin Enumeration [closed]
  53. plugin links not working [closed]
  54. Hack-Proof OR Security in WordPress — is it real?
  55. Redirect to another page using contact form 7? [closed]
  56. Security and Must Use Plugins
  57. Is Timthumb still broken? What security measures should be taken?
  58. Is it safe to use admin-ajax.php in the frontend?
  59. How to protect WordPress from security scanner [closed]
  60. Specific way to allow WordPress users to view their current password? And edit it?
  61. Custom url rewriting
  62. Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
  63. How to prevent plugins from sniffing/stealing other plugins’ options?
  64. Custom API plugin to execute 3rd party API to retrieve data
  65. How to deal with Slow HTTP POST (slowloris) vulnerability
  66. Running multiple security plugins
  67. WordPress rewrite rules not working
  68. Do rewrites added with add_rewrite_rule() persist after plugin deletion?
  69. If I use an alternative login (e.g. CAS or other SSO) plugin, is my site protected from the recent brute force login attempts?
  70. WP Insert Post If user refreshes override new post
  71. 404 errors when updating options in admin dashboard
  72. Website Captcha Error: The reCAPTCHA wasn’t entered correctly
  73. Hide plugins and theme from public
  74. WordPress search shows protected content
  75. Can I disable xml-rpc by setting it to false?
  76. Help to Create a Simple Plugin to make a post
  77. Add a parameter at the end of the url and prettify
  78. www redirects to another directory in wordpress
  79. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  80. “Fire Secure” menu item
  81. https rewrite not working for All in one security Brute force > rename login url
  82. htaccess question and plugins.php
  83. Help Code Review – I need to write on .htaccess file from theme’s function.php
  84. Redux framework somehow added to my site, can’t locate in plugins
  85. wp_verify_nonce fails always
  86. Site not displaying correctly when re-directing from root to sub-directory
  87. Validating values using Settings API?
  88. How To Rewrite WordPress Pages URL Only?
  89. using .htaccess only for wordpress security no plugins
  90. Apache rewrite rules and wordpress problem
  91. incorrect path of plugin dir on network
  92. Problem with permissions in wp-content/plugins
  93. How to resolve these findings from security audit
  94. How I can hide my wp folders from Inspect Element (Developer Tools)
  95. How to Find WordPress site has backdoor login Codes
  96. How to delete Password Protected posts cookies when a user logged out from the site
  97. How to rename files during upload to a random string?
  98. Rewrite Rule in htaccess convert query string into slashes
  99. WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
  100. Block Root REST API Route using custom &/or iThemes

Leave a Comment