• Tue. Aug 16th, 2022

WordPress safety rip-off

ByGavin Chahal

Aug 6, 2022
WordPress safety rip-off 1

Scams on the net are legion, from Nigerian to dream sellers… A brand new sort of rip-off appears to be rising and it considerations WordPress!

The dialogue you will learn beneath is a partial excerpt from a chat we had
on the assist of WP Server. Some “Alexandre” introduces himself as an Offensive Safety Professional for WordPress

arnaque expert wordpress

Alexandre
I’m not a buyer however an knowledgeable in offensive safety specialised in WordPress. I seen a number of safety flaws in your WPSERVEUR website on the degree of a number of plugins. It is perhaps a good suggestion to escalate the issue to your technical division!

SQL, XSS and different flaws… Do you’ve 5 minutes for me?

Celine from WPS
On which plugins? as a result of we use little or no

Alexandre
I am going to inform you which of them in 5 minutes

Celine from WPS
Can you permit me your contact particulars?

Alexandre
I am going to record it for you

Celine from WPS
Give me your contact particulars, Fabrice will contact you on the finish of his appointment

Alexandre
I can wait! Don’t fret I am not a hacker, I assist site owners to safe WordPress installations

Fabrice from WPS
Good day Alexander,
Céline instructed me about your comment regarding flaws in a few of our WordPress plugins?

Alexandre
Sure, you’re the supervisor of WPServeur?

Fabrice from WPS
Sure fairly

Alexandre
Alright, good! So like I stated to Céline, having no concern, I am not a hacker

Fabrice from WPS
I’m not often apprehensive, curious absolutely however not apprehensive

Alexandre
On the Web, beware! I end the few checks on the plugins there.
Are you utilizing Divi 2.4 in theme?

Fabrice from WPS
non !

Alexandre
Okay
You’re the French WP ENGINE 😉

Fabrice from WPS
we attempt

Alexandre
It is good ! Do you’ve a relationship with WPFORMATION?

Fabrice from WPS
We’re very shut certainly… Sic!

Alexandre
Okay, I noticed an promoting insert that is why

Fabrice from WPS
You did not have to inform us which plugins had been inflicting issues? That is fairly shocking as a result of we use only a few of them and our safety knowledgeable has already screened them.

Alexandre
If I am just about performed there. So Are you utilizing BlogVault plugin model 1.05?

Fabrice from WPS
Non !

Alexandre
Okay so in case you are on 1.17 the CSRF flaw has been mounted
Do you additionally use Contact Kind 7?

Fabrice from WPS
Additionally sure however updated

Alexandre
above 3.7.2?

Fabrice from WPS
Oui

Alexandre
Okay, is your Jetpack plugin model 2.9.3 or above?

Fabrice from WPS
Our plugins are all updated!

Alexandre
The record I provide you with tells me that a few of your plugins will not be all updated

Fabrice from WPS
It is your script that should not be updated then 😉

Alexandre
To err is human however there are a number of issues right here, it is good for the safety of your website

Fabrice from WPS
It appears to me that up to now you have not given me a single exploitable factor or a single flaw, proper?

Alexandre
Faulty plugins!

Fabrice from WPS
Which ?

Alexandre
Those who I’ve simply communicated to you

Fabrice from WPS
They don’t seem to be and are updated!

Alexandre
However I am not going to waste your time, you’ve a safety knowledgeable who I feel works on the safety of all of the plugins that make up your website, Iand want you an excellent day!

Fabrice from WPS
If in case you have one thing concrete, don’t hesitate to contact me!

Alexandre
Concrete it’s at all times doable to have each on the net and machine degree however I’ve a sure ethics and I solely work with contracts which permit to have agreements on the penetration of a system

Fabrice from WPS
Your strategy could be very shocking for somebody who has an ethic, not an identification, you search for flaws then you definately announce that there are issues, with out mentioning a single one ^^

Alexandre
I’ve simply quoted you the faulty plugins, you inform me that they’re all updated. Why not

Fabrice from WPS
and they’re…

Alexandre
I depart you to work, have a pleasant day

And that is how our knowledgeable leaves us… How unlucky, I’d have prolonged this instructive dialogue…

The precept is easy, this Alexandre whereas he was speaking to me was scanning the positioning, he was attempting to acquire the record of put in plugins. I additionally discovered traces of his scans on wpformation, wpserveur and another websites (apart from, right here is his ip 77.150.172.118 for information).

The concept then is to announce that some plugins include main safety flaws, and to supply its knowledgeable providers in offensive safety to assist us, for a charge, to safe our WordPress website! Nicely then 😉

You’ll discover that at no time does the knowledgeable give a reputation, a website or a phone quantity, and but it isn’t for lack of getting requested him! He’s additionally attempting to talk to the Supervisor. I attempted to push this dial so far as doable, whereas understanding from the primary query (the one regarding DIVI) that the knowledgeable was above all an knowledgeable in manipulation and that I used to be coping with a reasonably rip-off try.

Nonetheless, what would this dial have given with a newbie or much less seasoned WordPress consumer? So with out being alarmist, keep vigilant 😉


close

Leave your vote

Leave a Reply

Your email address will not be published.

GIPHY App Key not set. Please check settings

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.