• AÉZA — CLOUD SERVERS FROM 0.02€/HOUR WITH ANTIDDOS PROTECTION

  • You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

(ask) how to check wp plugin are free from virus, malware etc...

andrewtane

andrewtane

Active member
Feb 3, 2019
181
77
28
Spore
Hi all,

Recent days one of my site was down caused by a wp plugin (got from other marketplace) infected with malware and php injection, and got 100% cpu warning for mail spam. My site are redirect to other site.
all files are injected with this :
<?php eval(gzuncompress(base64_decode('eNqNWflTE9n2/1daauqZIAPZQ7R88xCDwiAoYVEnU6mb7hsSk3TndXckmflOsZTbqDOUC6jlL1IIuOFC1WhZU1YhLjMiKo7Ccxn1X...
and
<?php eval(gzuncompress(base64_decode('eNpdUs1u00AQfpWNlYMdrDhO89dEOZTKolEpQYkBoRpZU+86u8TZtdZr1X6A3jhy.....

From this I start to learn how to check a wp plugin :
  1. zip and send to trusted online virus scanner, if pass...
  2. check for php injection code
Can you guys share and suggest me your experiences? especially check for injection code, because fixing this is pain to the a.... :)

thank you.
 
Last edited:
  • Like
Reactions: Monk
Try to use less plugins (only use those which are actually highly important) . . .
I use 9 plugins for my 2 different themes for WordPress blogs (both are purchased copy, as I many time require customization support from their developers) + 9 plugins (in which 3 are purchased by me (WP Rocket , iThemes Security Pro, WPForms as the're the most important plugins than all & Id never love to use nulled security plugins, come-one atleast use untouched version of them) . . . Rest plugins are from very trusted source like babiato (from babak only) etc. . . . Then I check them on virus checker tools - - - next i check some of the important .PHP files inside the .zip archive . . . . If nothing found then i proceed for installation . . . . After installation done - I use cPanel's inbuilt Virus Scanner to check the complete Home directory. .

That's all.

(PS: Never use null version of the most important stuffs if untouched versions does the same job + Never use stuffs from them who injects self-branding links . . . You can optionally learn how to null things, ex: I download Yoast SEO Premium untouched version, then i null it myself to remove ads & other nags alerts) . .
 
  • Like
Reactions: babai467, vanzina, purity and 2 others
I got started with WordPress in 2018, and I learned the hard way that there are creators and there are destroyers. As a design student with no startup cash is of course going to be enticed by nulled code to play with. I was no fool when it came to virus/malware of the app kind.
But never did it come to mind that some evil person would ruin someones work by injecting their hater-code.

Long story short.. While building a personal blog, I wanted to play with a plugin that i could not afford at the time. I wasn't even sure if the thing was going to do what I wanted it to do.

It ended up giving me the WP-VCD malware fuckery.

While the majority of the UX world and my Designfam are all about freebies and shared resources... This person/person(s) cheapshot me with their bullshit during my portfolio crunch-time. It was super nasty and hides itself inside your functions.php

So When I would delete the line of code...
it would actually re-appear... & spread to other files! LOL WUT
I heard stories about entire shared hosting boxes getting infected.
Like all your neighbors catching fire when you microwaved that pizzabagel too long.
So fucked up.

Thankfully, I enjoy research and nerdshit.
I took a beating, but at the end I was wiser for it.
I learned a ton. Experience is king.

I scan everything with tools like VirusTotal (Winja) before it touches my cloud, WordFence is one of the first plugins I install. I use web-based scanners like Sucuri WPScan, and others. I do not use nulled code for professional or personal projects unless It was something bought & given to me by someone I know & trust.

You know, true sharing. Like lending a friend a great music album.
Some things must be experienced first-hand.
Eventually, we buy the stuff & things because we are creators too.

I was finally able to kill the code after reading very helpful blog entries.
I was so salty about the situation, I made my portfolio with pure html.

All of you wp-bloggers are the true heroes.
The Noob Guardians.
Thank you.
 
Last edited:
  • Like
  • Love
Reactions: Kasabian01, criosites, Babak and 1 other person
CyberDeviL said:
Try to use less plugins (only use those which are actually highly important) . . .
I use 9 plugins for my 2 different themes for WordPress blogs (both are purchased copy, as I many time require customization support from their developers) + 9 plugins (in which 3 are purchased by me (WP Rocket , iThemes Security Pro, WPForms as the're the most important plugins than all & Id never love to use nulled security plugins, come-one atleast use untouched version of them) . . . Rest plugins are from very trusted source like babiato (from babak only) etc. . . . Then I check them on virus checker tools - - - next i check some of the important .PHP files inside the .zip archive . . . . If nothing found then i proceed for installation . . . . After installation done - I use cPanel's inbuilt Virus Scanner to check the complete Home directory. .

That's all.

(PS: Never use null version of the most important stuffs if untouched versions does the same job + Never use stuffs from them who injects self-branding links . . . You can optionally learn how to null things, ex: I download Yoast SEO Premium untouched version, then i null it myself to remove ads & other nags alerts) . .
Click to expand...

Thanks CyberDeviL for sharing your experiences, especially procedure to check and install.
 
  • Like
Reactions: Babak
Monk said:
I got started with WordPress in 2018, and I learned the hard way that there are creators and there are destroyers. As a design student with no startup cash is of course going to be enticed by nulled code to play with. I was no fool when it came to virus/malware of the app kind.
But never did it come to mind that some evil person would ruin someones work by injecting their hater-code.

Long story short.. While building a personal blog, I wanted to play with a plugin that i could not afford at the time. I wasn't even sure if the thing was going to do what I wanted it to do.

It ended up giving me the WP-VCD malware fuckery.

While the majority of the UX world and my Designfam are all about freebies and shared resources... This person/person(s) cheapshot me with their bullshit during my portfolio crunch-time. It was super nasty and hides itself inside your functions.php

So When I would delete the line of code...
it would actually re-appear... & spread to other files! LOL WUT
I heard stories about entire shared hosting boxes getting infected.
Like all your neighbors catching fire when you microwaved that pizzabagel too long.
So fucked up.

Thankfully, I enjoy research and nerdshit. Got my learn on!
I took a beating, but at the end I was wiser for it.
I learned a ton. Experience is king.

I can now open up code and read it like a book.

I scan everything with tools like VirusTotal (Winja) before it touches my cloud, WordFence is one of the first plugins I install. I use web-based scanners like Sucuri WPScan, and others. I do not use nulled code for professional or personal projects unless It was something bought & given to me by someone I know & trust.

You know, true sharing. Like lending a friend a great music album.
Some things must be experienced first-hand.
Eventually, we buy the stuff & things because we are creators too.

I was finally able to kill the code after reading very helpful blog entries.
I was so salty about the situation, I made my portfolio with pure html & bootstrap css in order to pass my course. Kept it old school, because I'm in my 30's now.

All of you wp-bloggers are the true heroes.
The Noob Guardians.
Thank you.
Click to expand...
Yes agree... Experience is King. Your past experiences are happening to me now :)
I surf your links suggestion and got important tools for my need. thank you very much Monk!
 
  • Like
Reactions: Babak and Monk
Personally, it's how I make sure I'm safe:

  1. load resources from trusted sources (Babiato, gpl coffee, gpldl)
  2. load untouched resources and null them myself (with instructions from the web)
  3. use security plugins like iThemes Security or the Sucuri Web Scanner
  4. scan resources myself with virustotal before
  5. use other plugins like Hide-My-WP, Bang Vulnerability Scanner and so on
  6. especially test nulled themes in a local environment (Turnkey Linux/Wordpress VM) before installing them on a live server
It would be nice if I could teach myself nulling, But I don't know enough about it.
 
Last edited:
  • Like
Reactions: Babak
purity said:
Personally, it's how I make sure I'm safe:

  1. load resources from trusted sources (Babiato, gpl coffee, gpldl)
  2. load untouched resources and zero them myself (with instructions from the web)
  3. use security plugins like iThemes Security or the Sucuri Scanner
  4. scan resources myself with virustotal before
  5. use other plugins like Hide-My-WP, Bang Vulnerability Scanner and so on
  6. especially test nulled themes in a local environment (Turnkey Linux/Wordpress VM) before installing them on a live server
It would be nice if I could teach myself nulling, But I don't know enough about it.
Click to expand...

I have doubts on stuffs of g*l coffee, some of their stuffs are detected by virus total as webscripts injected while the purchased copy is un-detected with same version . . .
I've checked some of my purchased items & compared with them for that earlier.

Makes difference:
For example: the iThemes security pro on babiato matches with purchased copy & doesn't show any virus alert on virustotal , but same version (ex: latest version 5.9.4) on g*lcoffee doesn't quite match & shows virus alert on virus total . . .

MORAL: Everyone who claims the're 100% genuine should be re-verified by your ownself to judge if even there's atleast %1 of their claim is false or not ;) Be wise - take smarter . ..


NOTE: Even on Babiato I've verified some stuffs shared by babak with my purchased copies, they matches 100% , even the .zip archive is directly from developers (not extracted & repacked).
So his claims "this file is untouched as purchased by me" can be blindly believed" . . .
 
  • Like
Reactions: haksxsx, Babak and purity
CyberDeviL said:
I have doubts on stuffs of g*l coffee, some of their stuffs are detected by virus total as webscripts injected while the purchased copy is un-detected with same version . . .
I've checked some of my purchased items & compared with them for that earlier.

Makes difference:
For example: the iThemes security pro on babiato matches with purchased copy & doesn't show any virus alert on virustotal , but same version (ex: latest version 5.9.4) on g*lcoffee doesn't quite match & shows virus alert on virus total . . .

MORAL: Everyone who claims the're 100% genuine should be re-verified by your ownself to judge if even there's atleast %1 of their claim is false or not ;) Be wise - take smarter . ..


NOTE: Even on Babiato I've verified some stuffs shared by babak with my purchased copies, they matches 100% , even the .zip archive is directly from developers (not extracted & repacked).
So his claims "this file is untouched as purchased by me" can be blindly believed" . . .
Click to expand...


You are right.
Which is also good, is to compare certain php files with tools like beyond compare (windows), but for that you have to make sure you have an untouched version of the plugin / theme, which you can compare.

Many who start small don't have these possibilities and have to trust others like you for example @CyberDeviL @Babak.

I don't know gpl coffee for long, I only personally had good experiences with it. But of course babiato is the best I know. And very trustable!

We also say "the man is himself" or "do it yourself"
Click to expand...
:)
 
  • Like
Reactions: chriperseo, Babak and CyberDeviL
Some good stuff here folks.
Thanks to all of you for giving good solid resources for people for free.
Babiato is only place thats truly clear of all virus that I can find = Kudos @Babak

One company of mine has an anti spam/protection product we're building out.
Product is designed for ANY type site, and currently we have working WordPress plugin of course.

We Need TESTERS and TEST SITES, so that we can gather more data on how all items work in all types of different business's, locations and hosting types.

Free to test, free for a year on basic and mid levels.

I'll have free available (first 50) after 4/27 date.
If interested pls do let me know thru here with an email address I can forward details to you.

@Babak if this is in wrong area to post please feel free to move where it needs to go~

Thanks in Advance
 
  • Like
Reactions: nevenx and Babak
KomissarMinsky said:
Some good stuff here folks.
Thanks to all of you for giving good solid resources for people for free.
Babiato is only place thats truly clear of all virus that I can find = Kudos @Babak

One company of mine has an anti spam/protection product we're building out.
Product is designed for ANY type site, and currently we have working WordPress plugin of course.

We Need TESTERS and TEST SITES, so that we can gather more data on how all items work in all types of different business's, locations and hosting types.

Free to test, free for a year on basic and mid levels.

I'll have free available (first 50) after 4/27 date.
If interested pls do let me know thru here with an email address I can forward details to you.

@Babak if this is in wrong area to post please feel free to move where it needs to go~

Thanks in Advance
Click to expand...
count on me
thanks
 
andrewtane said:
Hi all,

Recent days one of my site was down caused by a wp plugin (got from other marketplace) infected with malware and php injection, and got 100% cpu warning for mail spam. My site are redirect to other site.
all files are injected with this :
<?php eval(gzuncompress(base64_decode('eNqNWflTE9n2/1daauqZIAPZQ7R88xCDwiAoYVEnU6mb7hsSk3TndXckmflOsZTbqDOUC6jlL1IIuOFC1WhZU1YhLjMiKo7Ccxn1X...
and
<?php eval(gzuncompress(base64_decode('eNpdUs1u00AQfpWNlYMdrDhO89dEOZTKolEpQYkBoRpZU+86u8TZtdZr1X6A3jhy.....

From this I start to learn how to check a wp plugin :
  1. zip and send to trusted online virus scanner, if pass...
  2. check for php injection code
Can you guys share and suggest me your experiences? especially check for injection code, because fixing this is pain to the a.... :)

thank you.
Click to expand...
Hello @andrewtane,

I guess there is no need for me to put any time in writing anything else, the above ladies and gentlemen did a great job already :D
 
purity said:
Personally, it's how I make sure I'm safe:

  1. load resources from trusted sources (Babiato, gpl coffee, gpldl)
  2. load untouched resources and null them myself (with instructions from the web)
  3. use security plugins like iThemes Security or the Sucuri Web Scanner
  4. scan resources myself with virustotal before
  5. use other plugins like Hide-My-WP, Bang Vulnerability Scanner and so on
  6. especially test nulled themes in a local environment (Turnkey Linux/Wordpress VM) before installing them on a live server
It would be nice if I could teach myself nulling, But I don't know enough about it.
Click to expand...
how i can null my copy for wprocket
 
You must log in or register to reply here.

Similar threads

logg
[ASK] AppServ is stuck on PHP 7.3.10, needs help upgrade to PHP 8.1
Replies
2
Views
196
General Tech Discussion
logg
logg
Hzura
[Ask] What best safelink feature?
Replies
0
Views
273
General Tech Discussion
Hzura
Hzura
PangeranBima
[ASK] How To Hide Half Posts Wordpress?
Replies
5
Views
647
General Tech Discussion
tradesman
tradesman
M
#DROPPED! #ASK Elementor Addon : POSTS Design Customization - How to Make It Looks Alike Desktop Preview OR If Possible Using Ready to Use Widget
Replies
12
Views
1K
General Tech Discussion
mei2020
M
M
#SOLVED! #ASK Elementor~Wordpress : Have No images? But I Already Add It :(
Replies
14
Views
1K
General Tech Discussion
mei2020
M

Latest posts

Forum statistics

Threads
79,293
Messages
1,138,501
Members
247,785
Latest member
Wallacegrate

Share this page

Share this page
Top Bottom
Back
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock