[Resolved] Security Warning on GP Premium Version: 1.7.5

Home Forums Support [Resolved] Security Warning on GP Premium Version: 1.7.5

Home Forums Support Security Warning on GP Premium Version: 1.7.5

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #749661
    Clayton

    Hey Guys,

    I’m getting a couple security warnings via ValutPress on the GP Premium plugin. The odd thing is I have GP Premium on another site being protected by VaultPress and I haven’t seen this warning on that site yet. Just wanted to make sure there isn’t something fishy going on here. Let me know if you need any additional information.

    Screenshots – https://imgur.com/a/8mtYSyY

    Thanks

    #749785
    David
    Staff
    Customer Support

    Hi there,

    i think the fact it is not reporting the warning on the other Site says that something has happened to that installation. Check any recent changes you have made like adding new plugins.

    #749792
    Clayton

    The odd thing is that those warnings are coming from within GP Premium. Could a plugin modify GP Premium?

    #749814
    David
    Staff
    Customer Support

    Possible if there is some malicious code in the plugin. Or it allowed malicious code to be injected.

    i’ll get Tom to take a look

    #749815
    Clayton

    Got it. I’ll do some testing and see. I’ll also try reinstalling GP Premium.

    #749817
    David
    Staff
    Customer Support

    I have passed on to Tom as well so he can take a look.

    #749821
    Clayton

    I’m fairly certain it’s been inserted via a malicious plugin. The only thing different from this site and the other one running the same setup is some of the plugins this client is using. Thanks for looking into it and passing it on.

    #749879
    Tom
    Lead Developer
    Lead Developer

    Yes, that looks like a typical hack. You’ll want to:

    1. Delete the plugin (and any other infected plugin), and upload a fresh copy.
    2. Change all passwords (WP, hosting, FTP etc..)
    3. Make sure everything is up to date.
    4. Make sure none of your plugins are super old/haven’t been updated in years.

    It could also be hosting if you’re on shared hosting. One of the issues with shared hosting is someone else on your server could be hacked, which can give hackers a way into your site as well.

    #749912
    Clayton

    Thanks Tom. Yeah that’s what I suspected. I’m in touch with VaultPress and they are going to help me make sure I’m protected again. This was a transfer from another hosting provider so there were likely vulnerabilities that I never have to deal with on sites that I produce brand new. I appreciate you guys looking into it and the detailed response!

    #749943
    Tom
    Lead Developer
    Lead Developer

    No problem! 🙂

Viewing 10 posts - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.