Julio Potier

Hello there, Julio, SecuPress owner.

We’re aware of this malware and finally found a way to really prevent user insertion, from wp_insert_user() or using a custom $wpdb query or even directly pushed in the DB outside of a WordPress env (yep we did that!).

Also we are aware of plugin hiding themselves or snippet hiding plugins, and finally found a way to always display every plugins on the plugin’s page.

Then we finally added a more accurate MalwareDB Scanner to find that kind of code in the DB now. And I’ll add you one more stuff to check, the CPT slug “'custom-css-js'” can contains JS scripts to redirect like you have shown.

Those 3 features already exists in SecuPress, but with a less effective way, the next version (release beta this month!) can help you with those 3 points. I would be happy if you could test it first and give me some feedback. Contact me “contact AT secupress.me”, the version is not ready yet, but will be soon, indeed.

We are actually working on 2 features, one that prevent the full load of the website if a file is included when it should not be, and another one when a http request parameter value is the same as a function, tricky because of false positives, but we’re trying, we really focus on WordPress malwares and spend time on R&D to find the best ways to prevent a website to be hacked. (you read that first here ^^)

Now, thank you very much for testing our plugins (not only mine, everyone here) and thank you for this report, it helps us and everyone mentioned to improve our products.

See you soon

Merci Ludwig, j’ai pris en compte cette remarque dans la version 2.2.5 d’il y a 2 mois déjà.

Je ne mets plus “bad” mais “warning” car je n’ai pas la remontée de l’info dans la free puisque cela dépend de mon API (que je paie mensuellement au nombre de requêtes), voilà pourquoi je ne peux pas me permettre de la mettre dans la free (40000 installations ?? merci !!)

Le but n’étant pas d’être anxiogène ni de “forcer” à passer en pro avec ce genre de message (pour moi on y passe si on a besoin, on peut même y passer, scanner, demande refund…) donc je préfère aussi utiliser un status moins dur que “bad”.

Merci pour ce retour !

Hello Paal
So the 55$ link is leading to the 7$ monthly, sorry about that, this plugin is so badly unmaintained that a promo link is leading to the wrong link! I hope the security features are ok ?? </joke>
Well, that said, thanks for the report, have a good day.

hello malakyto, please use https://secupress.me/support to get a better support via tickets, thank you.

hello malakyto, please use https://secupress.me/support to get a better support via tickets, thank you.

Hello ignace, a website can sometimes be “down”, the uptime is more than 99,9% so, bad luck.
Posting here to say “does not work” for 1 error 1 time is a lie and is bad ??

Hey Ruseau,

You can keep both but keep in mind that conflicts can happen, this is why there is a warning.

thank you for the feedback

Bonjour Nico,

Vous pouvez garder les 2 et ignorer le message d’avertissement MAIS ne vous étonnez pas si justement un conflit entre en jeu.
C’est une fa?on de se couvrir en gros ??

Bonne journée

Sorry but I don’t know what you are talking about.
“create or modify a rule” a rule of what? Where?
What is “Exclude from log”, it’s not from SecuPress. Same for “Override”.
Could you share screenshots?

Hello

There is no 2.0 here, you are a user of SecuPress Pro, not Free.
Please open a support ticket from the website /support.

Thank you

“Don’t even try to tell me that SecuPress was blocking Google Bot this whole time, since the last update in May 2020, or maybe even earlier?”
Nononono this kind of bug would have been patched in a day.
I was not talking about the SEO Bot, but some kind of API return done with a mathod blocked by SecuPress, only a few clients were affected but the SEO was not.

“That’s how you become Wordfence.” I don’t want to become Wordfence or a Wordfence company like, I know what it is be start at 3 and become 20, I was one of the 3 funders of WP Rocket, I left them in may 2017, it’s so better alone oO

Try it again, this 2.0 and the next ones (not in 10 months promise) are awesome.

Same here, biggest scam lol
Why not: You install a security plugin, tomorrow it becomes a social network share buttons
logical. -_-‘

Hello
I’m sorry Felipe, SecuPress didn’t correctly removed its own tables and options.
But since 2.0 (available on next monday) it’s done!

So for you, if you are now using it anymore, you can drop any table containing the word “secupress” in it.
Same for any option_name is the wp_options table.
Also same for any file in /wp-content/mu-plugins/

Thanks

Hey, can you be more precise with file and line number? Thank you

Hey there
It’s because you have a real robots.txt file
But when you use WordPress you should hook the “robots_txt” filter.
We use that so when the “/robots.txt” file is visited, it’s a 404 BUT WordPress will get that and replace the 404 by a real robots.txt content.
You can try it (even if you have a file) with “/?robots=1” at the end of your home URL.
So, TL;DR: it works ??