WARNING: Plugin Duplicator vulnerability causes WordPress site to be hacked

Referring to the Plugin Duplicator, sure everyone knows its great features. This is to help pack Website and also help users save time when moving Website from Localhost to Hosting or transfer from one Hosting to another.

However, a problem occurred around the end of August, 2018, the hacker found the vulnerability of the Plugin Duplicator to insert malicious code ads to the website. Many users have been experiencing this worrying issue. Please refer to the article below to better understand the vulnerability and how to fix it!

Where does the Plugin Duplicator vulnerability come from?

When putting data through new hosting, most users still leave the installation files without deleting them. Installation files usually include Zip files, Database.sql, installer.php, etc. This is what causes your website to be hacked through this plugin.

Signs of recognition

After your website is hacked, you will encounter the following situations:

  • Website returns to the installation page due to missing wp-config.php file.
  • The database connection error (Error establishing a database connection).

See more: https://wordpress.org/support/topic/new-hack-with-file-temp-crawl-php/

How to fix the hacked Website due to the Plugin Duplicator vulnerability?

Here, we will guide you how to fix the hacked website as quickly as possible.

Prepare:

Backup your website before proceeding.

Step 1:

Check and ensure the data generated from the Duplicator include: Zip file, Database.sql, installer.php, etc. Delete them while ensuring the website is in good working condition.

Step 2:

Turn off or delete plugins when not really needed.

Step 3:

If your website has lost wp-config.php file then you refer to two ways:

  • Download and use the new wp-config.php from the WordPress.org home page, and then replace the database, username, and password values.
  • Restore this file from the latest backup.

In addition, there are some users who experience the status of the website with the ad code insert of https://ads.voipnewswire.net/ad.js. However, this situation has not been resolved thoroughly. We will update if there is a specific solution for you.

Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *