Pages were hacked

Hi David,

I would have appreciated a private email about this issue rather than a public review.

As the plugin author I take that allegation very seriously. Please could you contact me asap at [email protected] with details of how your site was hacked and why you think my plugin was to blame.

To be clear there has never been another report of a site being hacked via this plugin, the plugin has no known security issues and follows all security best practice.

If you have found an issue then obviously I want to understand and fix it as soon as possible, however until you provide that information then I have no reason to believe that the plugin was at fault.

Hi @david_x and @tom willmot,
I’m very curious about this potential issue. Please advise ASAP, I have deactivated the plugin across all of my sites pending the outcome of your investigation. I could see how this could happen storing the .zip of the entire site/db so I would like to error on the side of caution.

Tom please advise what you find to be the case here,

thanks

Hi all,

I am already in contact with Tom.
Please note that I wrote: “It look likes….”
I am currently checking how the attacker got
access to my web server and how/why he
was focussing on Tom’s Plug-in.
It takes time to audit and I will get back to you as soon as I receive
some news.
Thanks

Cheers
David

I’m also curious about this issue, and would appreciate you guys posting a follow up here or in the appropriate support forum.

So despite the facts that: A) you’re still investigating the hack; B) even if they did come in through a particular plugin’s folder, that wouldn’t automatically mean that the plugin has a security hole; and C) you’ve benefitted from using this plugin/software for four years, free of charge… You thought the right thing to do was to publicly accuse the developer, condemn the plugin, and post a 1-star rating.

Seems a tad bit unfair. Just sayin.

Just to follow up here.

I have never actually heard from David_x regarding his issue.

As things currently stand there are no known security issues with BackUPWordPress and other than this one review, no other reports of anyone having their site hacked.

just an FYI, If you install WP and do nothing to secure it, you may very well get hacked… have you done the things listed here? if not you should. ??

https://www.mastermindblogger.com/2011/14-ways-to-prevent-your-wordpress-blog-from-being-hacked/

https://wp.tutsplus.com/tutorials/11-quick-tips-securing-your-wordpress-site/

If you install WP and do nothing to secure it, you may very well get hacked

Sorry but that’s simply not true. See https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

I said you could get hacked. any website could get hacked. nothing untrue about that statement.

you may very well get hacked

Let’s not start panicking people. All you have to do is take sensible precautions – like choosing a good host, downloading themes & plugins from a reputable resource and keeping everything upgraded.