Was Hacked Twice

I am sorry to the author that I have to give this one star review, but I feel it’s important to warn others about potential dangers of using this plugin.

Truth be told: I used this plugin for a long time and it was perfect. Then something happened after last update. The plugin stopped working, but I was too busy to figure that out. So I left it without deleting and forgot about it.

Then after some time Wordfence alerts me about admin login from another country with an administrative username I never created. Hacked!

I was alerted only one hour after they broke into my site, so I it wasn’t hard to undo the damage. That’s when I began to suspect that “Delete All Comments” was used as a backdoor to my site. I have a similar set up across several sites, but only the one with “Delete All Comments” was hacked.

I cleaned up their files and deleted “Delete All Comments”. For about 3 weeks I lived peacefully. But today again, Wordfence alerted me about administrator’s login but this time with MY username but from India! (I am not in India and I just woke up when I was alerted).

Thankfully, it happened so that only two minutes passed since their login and till I noticed the problem. Again, I rushed to create a new administrator and deleted the old one. They had not much time to do the damage, but they were fast enough because in my cPanel the latest modified file was in plugins folder and belonged to “Delete All Comments” (which was definitely deleted, so they installed it again!).

I cleaned up everything again but still need to spend some time figuring out how they were able to enter again this time. It must be that simply deleting “Delete All Comments” doesn’t remove everything that needs to be removed and leaves some type of a backdoor.

So no, don’t install it. Thanks to the author for all the type (about two years) that I was able to use it without problems, but now I wouldn’t recommend this plugin.