:)

I use both Members and MemberPress on a few of my client sites. I love both plugins! One’s not really an upgrade to another, but MemberPress does have a lot better registration, subscription management, and content protection features. Members is more of a roles/capabilities manager without much else.

The notice you’re referring to isn’t false if you ask me. When you stop paying for a paid plugin, then you cannot get access to updates. Software updates frequently include new security patches and compatibility fixes. So by using an old version, you are putting yourself at greater risk with time.

I’ve run servers for several years now and have never had an issue arise such as this. Without pointing fingers, I’ll share what I learned. If it had to do with files not being able to update, why did the threat appear when I was uninstalling MemberPress from the site? There would be no files to update.

Used the same set of 50ish plugins for a solid 6 months testing a build. No problems. Decide to try to add a social media aspect to it, so I install MemberPress. Turns out to not be what I needed, so I uninstall it (getting said threat) and cancel my subscription. Within a week, 3 malwares are found on my server. To this point, I was using trusted, vetted plugins and the MemberPress suite. But those malwares were 100% there and they 100% showed up after MemberPress was removed and refunded.

So I looked into MemberPress. Did you know you can’t download MemberPress from WPOrg? Or from Themeforest? In fact, the only place that seems to sell it is their own site, making them accountable to nobody but themselves. Members is being used as a bridge to funnel clients to their site using a common and necessary and very clean plugin. Again, I’m not saying they did or didn’t do something, just spelling out a specific incident in regard to this company that might help other people.

It’s like the virus programs… how when you remove one they hit you with a virus out of spite. Just like that. Except with plugins. And they hide the offending plugins from any site that can punish them for leaving gaping holes in the structure of a site that an “unaffiliated third party” just so happens to abuse the moment they get opened.

@dephoro I’m sorry for your experience with our plugins. Members and MemberPress are both regularly audited for security. MemberPress is one of the most popular membership platforms for WordPress.

MemberPress is a premium-only plugin, which is why it’s not hosted on www.ads-software.com as only free (or freemium) plugins can be hosted here. There are thousands of such plugins out there, and many more on sites like CodeCanyon.

Members is hosted here as it’s free, and it’s currently used on more than 200,000 websites.

To date there are no known vulnerabilities in either. You can search here: https://www.cvedetails.com/

If your hosting company is able to determine the attack vector came through one of our plugins, please have them submit the POC report to us so we can address it. However, with over 50 plugins, it’s likely it could have been through another vector as well. They would need to comb through their logs to see when/how the attacker was able to get in before that could be determined.

@cartpauj Thank you for the information. I realize that given your pristine track record, and this being a one-off incident, that horribly bad timing may be at play here. Members is an amazing plugin and itself merits a 5 star review for the array of features it provides users with, free of charge. I am unable to alter or change the review to reflect this sentiment.