Is this a malicious plugin

  • Resolved girl_number_5

    (@trutherone)


    3 years, 8 months ago

    Hi,
    I was looking at the overall Site Health page by Redux which gives an overview of your entire site. I noticed an Active plugin named: Monetization Code plugin by aerin Singh – 1.0 – which stood out in the list of plugins because all other entries were hyperlinks which linked to the plugin authors/developers site. This one is not a link. I googled it and found several warnings about it being malicious code which injects unwanted URLs in your wp-options admin-option.

    My site isn’t live yet and I’ve not encountered problems but i must wonder what this plugin does?? Its not listed as a Must-Use or Drop-In plugin – in fact it does not appear anywhere in my site but its listed in site health as “Active”.

    There’s an article :
    here

    with advice on how to detect and cleanse your site of this plugin but i cannot access the page it suggests [your-site-URL]/wp-admin/options-general.php?page=monit, even though i have network-admin access over my entire Multisite.

    Anyone know if this plugin is safe or a real threat to wp ecommerce based sites or which plugin or theme installs it in the background?

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator James Huff

    (@macmanx)

    No, you should remove that.

    Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

    Thread Starter girl_number_5

    (@trutherone)

    Hi (@macmanx),
    Yes i found the rogue files which is now named, mplugin.php and admin_ips.txt – the code in mplugin.php matched exactly that shown in the link i provided before, so they’ve changed the name of it. I noticed that the admin ips text file listed every ip address i have used to login to my site; i use a VPN so it was quite alarming to see all the IPs listed in this file. I used a plugin called, GOTMLS Anti Malware for WordPress and it seems effective it found the files and quarantined them ready for deletion.

    Theres a great thread here on WP support about this malicious code here and a blog with in depth info about it including link to GOTMLS download site – its very well documented. Download the FREE version its enough to wipe this malicious code; donate $29 to get core protection too.

    Thanks for now, hope this helps someone else

    Looks like this is hackers marketing plugin. please also check your hosting for more attack. I found my site have issue from google search result to load the site. It’s redirect to another site.
    Filename: wp-content/plugins/mplugin.php

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Is this a malicious plugin’ is closed to new replies.