Plugin Security

  • Hello there,
    I ran a scan of my website with the Wordfence plug-in.

    However, it detected a virus in the plugin I used. The virus description is as follows:
    … The matched text in this file is: str_rot13 (based64_doceode (str_rot13 (“AwD1 ….); else {eval (. )

    I deleted the relevant file. However, the plugin no longer works. I contacted the plug-in owner. He told me that this is required for WordPress updates and is a code encryption technique for security.
    The content of the relevant file is as follows. Is this true ? Can you help me ?

    File content: image

Viewing 7 replies - 1 through 7 (of 7 total)

  • Is it a premium plugin or free plugin?

    Thread Starter loopforever

    (@loopforever)

    Pro plugin. However, it is not available on www.ads-software.com.
    I bought it from a website.

    OK, obviously this forum is not for discussing pro plugins as such.

    But from a developer of free and pro plugins perspective I can say, categorically that this sort of encryption is not required in anyway for www.ads-software.com updates to work.

    It could be that it is required for the way the pro plugin author manages off www.ads-software.com updates, which it is impossible to pass any comment on, except the pro plugins I create do not have any eval / base64 stuff to manage off www.ads-software.com updates.

    Thread Starter loopforever

    (@loopforever)

    Thank you for your help.
    As a result, should I continue to use it or not?
    Does it pose a risk?
    I could not fully understand.

    I couldn’t possibly say. Sorry.

    Thread Starter loopforever

    (@loopforever)

    Mr Alan,
    Will anyone ask this? Is this a bug for WordPress? Is not it ?
    Could it be a malware?
    Is my data safe? Is not it ?

    Sorry,

    No one here will be able to answer. It is a premium plugin which is not supported on these forums.

    If you are uncomfortable and unable to determine if it is safe you have two course of action
    1) not use it
    2) engage a security consultant

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Plugin Security’ is closed to new replies.