Blogs
Beware of website infected with virus. After restoring, do not remove Duplicator plugin.
Nov
Attention to Those Who Purchased themespShop Source Code:
It has come to my attention that some buyers who used my source code to build websites have encountered viruses after a period of use and have reached out to me for assistance.
After checking, I have come to the following conclusions and would like to inform everyone:
If you restore a backup using the Duplicator plugin without deleting the executable files of the plugin or deactivating it, there’s a 90% chance of a virus infection due to a vulnerability in the Duplicator plugin. Some users who installed the outdated version of the WP Easy SMTP plugin have also been infected by redirect viruses or foreign language indexes.
Recommendations:
If you restore a website using the Duplicator plugin, please follow these steps as soon as you can access the admin panel:
- Go to Admin > Duplicator > Stored Data and delete the 3 executable files of the Duplicator plugin:
- Clean…
- Delete…
- Remove…
- Deactivate and delete the Duplicator plugin.
- Go to phpMyAdmin and remove the two rows generated by the Duplicator plugin (the row names contain “duplicator,” which should be easy to spot).
- Check if the WP Easy SMTP plugin is installed and update to the latest version immediately.
If you purchased source code that has been infected with a virus, please inbox me for guidance on how to resolve the issue!
