Checkout Malicious Code Injection

Hi @erroltuds

WE have WC 4.1.2 and added the patch after the security issues has been identified last year…

I see that you are using a pretty old version of WC. We do not recommend using outdated versions due to security and functionality reasons. If you’re interested, here’s a good post on why it’s important to keep your store up to date: https://woocommerce.com/posts/why-keep-woocommerce-updated/.

I suspect that WooCommerce not being up-to-date the site was vulnerable and that was a major factor behind the attack been possible. Hence, our first recommendation is to update your WooCommerce version. Here’s a helpful guide: https://woocommerce.com/document/how-to-update-woocommerce/

Updating the plugin is not in the options since we have custom function that is not tested in the latest version of WC.

You may want to consider testing the custom function with the latest version of WooCommerce, and modify as required. You may duplicate your site to a staging environment and performing tests without modifying your live site. Many hosting providers offer site staging facilities, but if you don’t have such a feature, you can create one with the WP Staging plugin.

Let us know how it goes.

• This reply was modified 3 years, 1 month ago by Margaret S. woo-hc.

You need to find our HOW the malicious code was added – could be from a number of sources! Infected plugin or theme, somebody accessing your server directly etc

Are your WordPress admin, Cpanel, FTP etc logins secure? Is your database secure? Are you using plugins from ‘unofficial’ sources?

Hi @margaretwporg , we have alot of custom plugins that is integrated with the ther version that we have, we have tried to update it before but it causes of alot of error on our end we will need to do a total revamp of the site when we did that so reverted back out staging environment to the previousr version, when a vulnerability issue was identified last year of July we updated our version 4.1.2 to the patched version that WC released to resolve the velnerability issue that they have identified. is there any other way aside from updating th plugin to the latest version? we are also using WP 5.4.9 so updating woocommerce to the latest version might not be compatible with our WP version.

@seank123 Yes we did try to find out where the backdoor injection was being done, but no luck, we have secured our admins and constantly changing the passwords, we also secured the file in the wp-contents folder and our databases

Hi @erroltuds

It’s very important to keep everything updated, from your PHP version to your WordPress and all of your plugins/add-ons!

I’d recommend checking the article below:

https://jetpack.com/2021/03/23/how-to-secure-your-woocommerce-store/

And also using a plugin like Jetpack to scan everything for you!

Jetpack Security takes care of multiple tasks: free and paid features include everything from brute force attack prevention to downtime monitoring, backups, malware scanning, spam protection, and more.

These features combine to create a holistic WordPress security plugin.

I hope that helps! My very best!