Hide my WP Ghost lite v5 – bug report – access page

  • Resolved naosim

    (@naosim)


    3 years ago

    Hi John,

    I faced a problem on WordPress 5.9 with Hide My WP ghost lite after automatic update, so I guess it comes from the version 5.
    The access to my WP admin was blocked, login page and admin page.
    It linked to this: website.com/public_html/create_autologin_62139213e2a9b.php

    Here is the report of Ninjascanner:
    Altered files:

    ./wp-content/plugins/hide-my-wp/view/Connect.php
./wp-content/plugins/hide-my-wp/view/Permalinks.php
./wp-content/plugins/hide-my-wp/view/assets/js/settings.min.js
./wp-content/plugins/hide-my-wp/view/assets/js/settings.js
./wp-content/plugins/hide-my-wp/controllers/Brute.php
./wp-content/plugins/hide-my-wp/controllers/Settings.php
./wp-content/plugins/hide-my-wp/classes/DisplayController.php
./wp-content/plugins/hide-my-wp/classes/Tools.php
./wp-content/plugins/hide-my-wp/models/Cache.php
./wp-content/plugins/hide-my-wp/models/Files.php
./wp-content/plugins/hide-my-wp/models/Compatibility.php
./wp-content/plugins/hide-my-wp/models/Rewrite.php
./wp-content/plugins/hide-my-wp/models/Rules.php

    And my firewall sent me that report:

    Someone accessed a script that was modified or created less than 10 hour(s) ago:

SCRIPT_FILENAME: website.com/public_html/create_autologin_6212b6e6e1ca1.php
REQUEST_URI: /create_autologin_6212b6e6e1ca1.php
Last changed on: February 20, 2022 @ 21:47:18 (UTC +0000)

SCRIPT_FILENAME: website.com/public_html/index.php
REQUEST_URI: /robots.txt
Last changed on: February 20, 2022 @ 22:04:24 (UTC +0000)

SCRIPT_FILENAME: website.com/public_html/wp-admin/admin-ajax.php
REQUEST_URI: /"accesspage"/admin-ajax.php?action=widget_css_google

SCRIPT_FILENAME: website.com/public_html/create_autologin_6212bbdbc690d.php
REQUEST_URI: /create_autologin_6212bbdbc690d.php
Last changed on: February 20, 2022 @ 22:08:27 (UTC +0000)

    I managed to desactivate the plugin in Cpanel and look for the previous stable version. But even that wasn’t easy: the custom login page is still active while plugin isn’t, and I had to quickly move through the Cpanel and shut off the plugin before all access were blocked.

    Have a nice day and hope this will help!

    Best regards,

    Simon

    • This topic was modified 3 years ago by naosim.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author John Darrel

    (@johndarrel)

    Hi @naosim,

    Thank you for the details. I will send them to devs for investigation.

    The custom login path is still available because of the rewrite rules in .htaccess

    Here is a tutorial about how to deactivate the plugin is case of errors:
    https://hidemywpghost.com/hide-my-wp-how-to-disable-the-lugin-in-case-of-error/

    I’ll let you know what we find about the compatibility issue.

    Best, John

    Plugin Author John Darrel

    (@johndarrel)

    Hi @naosim,

    The Ninjascanner probably identified that we added some small fixes in the same version of the plugin to avoid releasing a new version in the same day.

    If you install the HMWP Ghost plugin from WordPress now, does the Ninjascanner report anything?

    About the security report, we couldn’t find anything related to create_autologin_**.php online. Do you have any temporary login plugin installed?

    I see that the files were changed on Sunday. The plugin update was made on Friday.

    Did you try to scan the website using Wordfence plugin too?

    John

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Hide my WP Ghost lite v5 – bug report – access page’ is closed to new replies.