Is there a possibility that your plugin might have a new vulnerability? We have a server on wpengine and about 3 days ago every site got injected with malware – it was the same malware on each site where a file like this: sw-check-permissions-b90e6.js would get injected on the root of the site or sometimes in an upload folder. Then all theme header.php files would be updated with a script pointing to that file and causing the site to have the desktop notification popup appear on the site and in rare cases some sites were redirecting to spam sites – usually the domain the main script was pointing to wss: deefauph.com – The reason I mention this plugin is out of about 80 sites we had about 73 infected and each site had one thing in common wps hide login plugin – and the only 7 sites that were not infected did not have the plugin? We had installed the most recent version of your plugin at the time of the malware injection.
↧
