Cannot remove plugin (update)

  • Resolved Carl Gross

    (@carlgross)


    5 years, 2 months ago

    Hello. Three months ago I posted here about an issue I was having with your plugin (see post here). The issue was that even after removing your plugin from my site, it would eventually automatically re-install and re-activate on my site. At the time someone in this forum made it clear that if I remove the plugin via FTP, then it will not return. At the time, I did just that. I checked back after a month, and the plugin still had not returned. I checked back after two months, and the plugin still had not returned. But now it has been three months, and the plugin has returned to my site–it is both installed and activated. How can I resolve this issue?

    I am the only admin on this site, and have been the admin for ~5 years now. Not to offend, but I have never heard of your plugin, nor have I ever knowingly installed it. So I’m not sure how it appeared on my site in the first place.

    Thanks in advance.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)

  • If that plugin is being installed on you site, it’s likely maliciously, as it gives full access to your files AND DB.

    I suggest you at the very least change all passwords associated with the site, up to and including the mySQL database file (from wp-config.php).

    One thing I consider a minus about this plug-in is that, in addition to being a file manager, it’s ALSO a database manager, providing full access to the DB.

    If this is on your site, someone has 100% access to everything about your site. That means they can have pulled all your user information as well as all your files. They have everything. you’re hacked.

    Thread Starter Carl Gross

    (@carlgross)

    Good info, thanks. Not what I wanted to hear, but perhaps what I needed to hear. I’ll speak to my server admin about this, thanks. I’d like to hear from plugin support if they think this is a possibility, and if so, what steps I might be able to take (other than a full site cleaning).

    edit: With this plugin installed, how would a bad guy access my files/database? He would need to login to WordPress, or have SSH/SFTP access to my server–correct?

    • This reply was modified 5 years, 2 months ago by Carl Gross.

    The reason I stopped using this plugin was precisely because it also gives full DB access (not functionality I want in a file manager). Plugin support or not, that’s 100% compromised across your entire platform.

    If the app installed without you doing it, it doesn’t have the ability to install itself. It unquestionably was installed from somewhere, or, more accurately, someone. If it was installed previously, and you didn’t change passwords, they already had access, so easy to get again.

    Plugin Author mndpsingh287

    (@mndpsingh287)

    Hey @carlgross,

    Again, the issue is not related to our plugin, maybe you have shared your details with any developer and he is using our plugin. If not then please change your admin login details and use wordfence plugin to scan your website.

    Regards,
    Mandeep

    Thread Starter Carl Gross

    (@carlgross)

    OK I understand. I did some asking around, and found out that a plugin dev did indeed install this plugin without notifying me, nor did he remove it after his work was done. So we can consider this resolved.

    Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Cannot remove plugin (update)’ is closed to new replies.