[Resolved] Security Warning on GP Premium Version: 1.7.5

Home Forums Support Security Warning on GP Premium Version: 1.7.5

This topic contains 9 replies, has 3 voices, and was last updated by  Tom 1 week ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #749661

    Clayton

    Hey Guys,

    I’m getting a couple security warnings via ValutPress on the GP Premium plugin. The odd thing is I have GP Premium on another site being protected by VaultPress and I haven’t seen this warning on that site yet. Just wanted to make sure there isn’t something fishy going on here. Let me know if you need any additional information.

    Screenshots – https://imgur.com/a/8mtYSyY

    Thanks

    GeneratePress 2.2.1
    GP Premium 1.7.5
    #749785

    David Customer Support

    Hi there,

    i think the fact it is not reporting the warning on the other Site says that something has happened to that installation. Check any recent changes you have made like adding new plugins.

    #749792

    Clayton

    The odd thing is that those warnings are coming from within GP Premium. Could a plugin modify GP Premium?

    #749814

    David Customer Support

    Possible if there is some malicious code in the plugin. Or it allowed malicious code to be injected.

    i’ll get Tom to take a look

    #749815

    Clayton

    Got it. I’ll do some testing and see. I’ll also try reinstalling GP Premium.

    #749817

    David Customer Support

    I have passed on to Tom as well so he can take a look.

    #749821

    Clayton

    I’m fairly certain it’s been inserted via a malicious plugin. The only thing different from this site and the other one running the same setup is some of the plugins this client is using. Thanks for looking into it and passing it on.

    #749879

    Tom Lead Developer

    Yes, that looks like a typical hack. You’ll want to:

    1. Delete the plugin (and any other infected plugin), and upload a fresh copy.
    2. Change all passwords (WP, hosting, FTP etc..)
    3. Make sure everything is up to date.
    4. Make sure none of your plugins are super old/haven’t been updated in years.

    It could also be hosting if you’re on shared hosting. One of the issues with shared hosting is someone else on your server could be hacked, which can give hackers a way into your site as well.

    #749912

    Clayton

    Thanks Tom. Yeah that’s what I suspected. I’m in touch with VaultPress and they are going to help me make sure I’m protected again. This was a transfer from another hosting provider so there were likely vulnerabilities that I never have to deal with on sites that I produce brand new. I appreciate you guys looking into it and the detailed response!

    #749943

    Tom Lead Developer
Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.