Hey Pascal, thanks a lot.
“The Disable Embeds plugin is very simple, stable and does not require a lot of updating.
It contains no real attack surface for intruders.”
That’s what I supposed, o.k., “done”.
“I recommend you to change your passwords, and scan your site for any installed backdoors. This will be much more fruitful than checking old plugins.”
Yes, you think intuitively right (how do you know?). There are several strange cryptic sounding “fdvor8”.phps ect. in main folders, and some of them recognized my PC-scanner as “Backdoor.PHP.Workshell.EH” (whatever a backdoor means).
There are also added “index2.php”, “xindex.php” in many folders, changed index.php and htaccess appear in many folders.
“Since you mentioned UpdraftPlus, it contained a few security vulnerabilities in the past. Might be good to verify you were not on one of those versions.”
Again you could be right, though I’m a little bit shocked about UpdraftPlus… The Malware-Scan of my hoster found in every site among other things the same following issue:
…plugins/updraftplus/central/listener.php
#######################################
Changed -> 13.06.2020 14:45:36 +0200
Zeile -> SuchMuster -> FUND (Max. 300 Zeichen, gekuerzt, escaped…, angezeigt maximal: 20)
73 -> if (!empty($_GET[.*]) &… -> if\(!empty\(\$_GET\[‘login_id’\]\)\&\&is_numeric\(\$_GET\[‘login_id’\]\)\&\&!empty\(\$_GET\[‘login_key’\]\)\)\{
