Wordpres users: Is-human plugin?

apps

#1

Wordpress users using a plugin called ‘is-human’ might want to deinstall it and delete it. Found and ip address (178.137.167.112) looking for this on three of my websites. It’s a known exploitable plugin. I found it because they were trying the old ‘eval(base64_decode(’ command.

-Bill


#2

Just out of curiousity, does Wordpress check theme and plug-in updates available each time one logs in to WP admin, or is such checking procedure delegated to the themes and plug-ins themselves?


#3

every login it/all is checked for updates, but many plugins do not update or are “dead”


#4

Some plugins are less reliable than others, often times wordpress users fail to check out a plugin for complaints or lack of support. In my view, this is a real hole in the wordpress system. It would be REALLY great if wordpress could come up with an warning of breech. For example, I found a phpmyadmin script running today on one of my websites and it’s searching for places where people store phpmyadmin, one of the checks it made was for a plugin called ‘portable-phpmyadmin’ which seems to have been compromised. Having a reliable wordpress place where compromised plugins are documented would be helpful.

-Bill


#5

I thought perhaps they had handed the check to the themes and plug-ins. If the core is still handling update checks then it would be a simple matter to issue a Big Red Warning rather than an “update available” message. Pretty pathetic that they don’t do it, really.

Places like secunia catalogue exploited WP stuff.

http://secunia.com/advisories/search/?search=wordpress