STAY TUNED, ALMOST THERE.

The Plus Add-ons was Hit With the Cyber Attack recently. Our Development Team immediately started working on the Patch and Launched a completely Secure & Safe Version 4.1.7 of The Plus Addons For Elementor In No Time. This had been re-verified by Security Expert at Wordfence.

If You’re a PRO user of The Plus Addons for Elementor then you should urgently update to the Latest Patched Version, The Newest Version released V4.1.7 can be downloaded from here. If by chance you don't receive an update notification in WP-Admin we suggest you download the zip file manually and Upload it in your repository.

digital crime by anonymous hacker 1 1 The Plus Addons for Elementor
Source: Freepik

Though our plugin is now Safe & Sound to Use, Making Sure Your Site isn't hacked would be beneficial for your Business. We Have Prepared a detailed Guide, To check whether or not your site was compromised, If you find any suspicious changes in your WordPress Files, we suggest you to do the necessaries as explained below.

We have also have attached some common problems into a FAQ that came under our light frequently while providing solutions to our users. If by chance you are facing a similar situation, then please check the respective Solution provided to the respective query

Before Moving Ahead Let's Take A Deep Dive into Understanding WordPress Vulnerabilities In-Details.

vulnerabilities 1 The Plus Addons for Elementor
Source: Freepik

What Are Vulnerabilities ?

This Blog Will Give You In Depth Information for Understanding Vulnerabilities in WordPress.

What Are Zero Day Exploits & Disclosures ?

To Understand This In Deep Check This Detailed Blog From Wordfence.

We Hope This Must Have Given A Better Understanding of Vulnerabilities. Now Let us Check How To Fix The Site Easily With This In-depth Guide.

How Can You Know that You’re Hacked or Not ?

So Here Are Fairly Obvious Indications That You've Been Compromised in Some Way :

  • Check Any New Suspicious Admins in Users Section
    (Common Emails found : [email protected], [email protected])
  • Access Your FTP and Check Wp-Content -> Plugin Folder and Check if You Find Any Unfamiliar Folders Like Wp-Strong, Wp-Staff
  • Run a Complete Site Scan Online / Offline (Using Wordfence and Sucuri)
  • Check For Any Suspicious Code / Encrypted URLs
  • Scan Database for Any Kind of Unknown Info
    • Look for iFrames
    • Look for Scripts:
    • Look for base64 : base64_decode
    • Look for eval()
  • Try to Find Suspicious Files in Uploads Folder (Eg. .php, .py, .exe, .sh)
  • Search Engine Perspective - Site:mydomain.com

If You Find You Are Infected With A Recent Vulnerability, Here Are The Steps You Should Take To Get Secured :

If You Have a Backup (Code Files + Database) :

  • Make Sure It's Dated Before 5th March, Then Safely Retrieve The Backup to Production And Update The Plus Addons For Elementor Plugin to V4.1.7 Immediately And Do a Complete Scan Using Wordfence Or Sucuri.
  • You Can be Rest Assured That Now Your Site is Clean And Safe.

If You Don’t Have A Backup or Cannot Afford to Lose Site Data :

  • Before Doing Any Changes Take a Backup Copy For Present Site Data.
  • After Wordfence Complete Scan Find the Section Where You See Change in Wp-Core Files and Click Repair.
  • (Only Do This After A Backup Copy) Delete All Themes and Plugins From FTP and Install A Fresh Copy For Each Plugin and Theme From Wp-Repository. To Know More Check This Link.
  • Clean Your Database From PhpMyAdmin And Check For Any Malicious Code Injection. Refer This Blog.

A Quick Fix Hacks in Simple 10 Steps

  • Delete WP-Includes, Wp-Admin (This is same for all)
  • Delete All Files in Public Html Apart from Wp-Content and Wp-config.php .
  • So now you are left with Only Wp-Content and WP-Config.php >
    in Wp-content Only check this index.php and delete the suspicious lines.
  • In Wp-Content/Plugins Delete all the Sub-folders (We have to Reinstall once we get wp-admin access fresh)
  • In Wp-Content Delete all Themes. And Import the Zip of your Theme a Fresh one in this folder.
    Eg. If you Use Hello Elementor Extract the Zip and Paste it theme Folder.
  • Now Get a Fresh WordPress ZIP from Here. Extract this in your directory and delete wp-config and wp-content folder and cuz have our Old Ones.
  • Access your PhpMyAdmin and open wp_Users and delete all the admins (common Emails: [email protected], [email protected])
  • In Wp_Post Search for "scripts" and delete them. [If you face difficulty here Please check the Video Link-( https://youtu.be/gViVT102m8w?t=195 )from the duration set for the next 5 Mins avoid the other Half because this 10-Step Guide will clean the FTP files easily for you ]
  • Make sure in Wp_Option In site URL and Home you have your Site URL

 

Now you can be 100% Sure your files are cleaned. After accessing Wp-admin do a Complete Site scan.

is-your-site-hacked

Common Fixes URLs :

  • Redirection Fix -  Link 
  • Unable to Access Wp-Admin - Link 
  • Fixing Database - Link 
anonymous hacker with no face typing code tries steal accesses 1 The Plus Addons for Elementor
Source: Freepik

Post Clean-Up Measures to Keep Your Site More Secure :

  • Make A Fresh New Copy of Backup After Cleaning
  • Change Wp-admin Login Credentials and Set Up 2FA
  • Update WordPress Core / PHP Version / All Plugins & Themes
  • Set Proper File Permissions For Wp Files.
  • Run A Final Scans Once Again
  • Check If Your Site Was Black Listed Or What - Google Search Console, Mcafee Siteadvisor, Yandex Webmaster If You Find Disrupts Then Request For Whitelisting.
  • Setup A Website Firewall.
  • Change Wp-salts Using This Free Plugin. Know Why They Are Important Change Here
  • Follow This Ultimate Guide, Which Has Best Possible Measures To Keep Your WordPress Site Safe.

How Can You Learn More About WordPress Security ?

We Wish That No User on Web Should Face This Kind-of Situation in His/Her Life. But Wishing About Things is Not a Cure. We Need to Be Prepared About What Can Happen.

We Have Listed Some Links For You to Have Some Insights on WordPress Security, Whether You've Got Compromised or Not During This Attack. 

  1. Blog from Wordfence 
  2. A Guide from Sucuri
  3. Blog from WebARX
  4. Blog from WpBeginner 

We hope the above information will help our Plus Addons Family to Keep their Sites Safe As Well as Resolve Issues Due to the Vulnerability.

We Have Taken Extra Measures and Have Increased the Security Check After Every Release Of Update. A Dedicated Team Will Re-Verify the Code to Avoid Inconsistencies In Future. While No System is 100% Secure, This Should Not Have Happened And We Apologise For This Vulnerability.

We will keep on updating this Blog if we find any new pattern. At the Same time Get ready for some Major Updates for ThePlusAddons to make your Elementor Workflow journey more Smooth and Exciting. Thanks a lot for keeping up with us.

Reach out to us for This Update or Any Query Regarding Our Products on our Support Portal or Write us at support[at]posimyth[dot]com.
hi tech shield cyber security digital data network protection 1 The Plus Addons for Elementor
Source: Freepik

Solutions of all known Bugs :

1. Monica Lopez - Cannot Enter in to WordPress Admin

image 2021 03 10T05 07 17 621Z The Plus Addons for Elementor

Solution:

https://blogvault.net/cant-access-wordpress-admin-login/ check this article this has all possible fixes for not accessing wp admin post hack.

2. Ian Phillips

Screenshot 2021 03 10 at 1.05.36 PM The Plus Addons for Elementor

Solution:

Access your FTP, or simply Install WP File Manager and go to Wp-Content-> Plugins and Check for any folder named WP-Strong or Wp-Staff and delete that immediately.Follow this guide to know how to clean Wp-Content Folder Link- https://www.malcare.com/blog/wp-content-uploads/

3. Laurent Drapeau

Screenshot 2021 03 10 at 1.10.59 PM The Plus Addons for Elementor

Solution:

After the 1st Patch v4.1.6 Wordfence Team addressed one more issue after which we have released a 2nd Final Patch 4.1.7. Which is completely safe and sound and has been verified by the Wordfence Team.

4. Jingu Youn

Screenshot 2021 03 10 at 1.11.51 PM The Plus Addons for Elementor

Solution:

Make a complete High sensitivity Scan from Wordfence to check for any malicious codes in WP-Core Files and Hit Repair to fix them.At the same time check for any malicious code in database follow this guide to know more: https://blogvault.net/scan-wordpress-database-for-malware/

5. Peter Ball

Screenshot 2021 03 10 at 1.13.24 PM The Plus Addons for Elementor

Solution:

After our Latest Release of The Plus AddOns for Elementor V4.1.7 You can be rest assured your site is Safe.Verified from Security expert at Wordfence

6. Steven Parsons

Screenshot 2021 03 10 at 1.14.07 PM The Plus Addons for Elementor

Solution:

Sometimes due to Hosting Issues or Delay in Cron Job sometimes sites won't see update notification in the Plugins sections. So you can fix this in 2 Ways:

7. Raphael Gattegno Gal

Screenshot 2021 03 10 at 1.15.05 PM The Plus Addons for Elementor

Solution:

Check for any unknown admin users.To check this go to Users section of your WordPress Site.Upto now we have seen common emails like ([email protected], [email protected]) and delete it immediately.

8. Tony Dzines

Screenshot 2021 03 10 at 1.16.33 PM The Plus Addons for Elementor

Solution:

We have found that the sites to be safe before 5th March So try retrieving the backup before this date and Delete the older version of the Plus Addons and Install the Fresh New one V4.1.7 and Do a complete High sensitivity Scan from Wordfence to check for any malicious codes in WP-Core Files and Hit Repair to fix them.

9. Leah Matthews

Screenshot 2021 03 10 at 1.18.14 PM The Plus Addons for Elementor

Solution:

We have found that the sites to be safe before 5th March So try retrieving the backup before this date and Delete the older version of the Plus Addons and Install the Fresh New one V4.1.7 and Do a complete High sensitivity Scan from Wordfence to check for any malicious codes in WP-Core Files and Hit Repair to fix them.

10. Sonnenfluse2

Source: Helpdesk

Screenshot 2021 03 10 at 1.23.20 PM The Plus Addons for Elementor

Solution:

We have found that the sites to be safe before 5th March So try retrieving the backup before this date and Delete the older version of the Plus Addons and Install the Fresh New one V4.1.7 and Do a complete High sensitivity Scan from Wordfence to check for any malicious codes in WP-Core Files and Hit Repair to fix them.

11. Ehab

Source: Helpdesk

Screenshot 2021 03 10 at 1.27.18 PM The Plus Addons for Elementor

Solution:

Make a complete High sensitivity Scan from Wordfence to check for any malicious codes in WP-Core Files and Hit Repair to fix them.At the same time check for any malicious code in database follow this guide to know more: https://blogvault.net/scan-wordpress-database-for-malware/

12. Josh b

Source: Helpdesk

Screenshot 2021 03 10 at 1.29.48 PM The Plus Addons for Elementor

Solution:

After this Latest Update you can be rest assured that your site is Safe & Sound. Its verified from security experts at wordfence.

13. Carmine

Source: Helpdesk

Screenshot 2021 03 10 at 1.30.46 PM The Plus Addons for Elementor

Solution:

Access your FTP, or simply Install WP File Manager and go to Wp-Content-> Plugins and Check for any folder named WP-Strongs or Wp-Staff and delete that immediately. And Run a Complete Site Scan with Wordfence.

14. Carmine

Source: Helpdesk

Screenshot 2021 03 10 at 1.32.53 PM The Plus Addons for Elementor

Solution:

Follow the Blog to know the Complete analysis.And Yes the latest 4.1.7 is completely Safe for use.

15. arpeetao

Source: Helpdesk

Screenshot 2021 03 10 at 1.34.48 PM The Plus Addons for Elementor

Solution:

Check this detailed guide on how to Fix your site when you're unable to get the access for your wp-admin. Link- https://blogvault.net/cant-access-wordpress-admin-login/

16. Gokhan

Source: Helpdesk

Screenshot 2021 03 10 at 1.35.49 PM The Plus Addons for Elementor

Solution:

Access your FTP, or simply Install WP File Manager and go to Wp-Content-> Plugins and Check for any folder named WP-Strongs or Wp-Staff and delete that immediately and We have found that the sites to be safe before 5th March So try retrieving the backup before this date and Delete the older version of the Plus Addons and Install the Fresh New one V4.1.7 and Do a complete High sensitivity Scan from Wordfence to check for any malicious codes in WP-Core Files and Hit Repair to fix them.

17. Juri Krupenski

Source: Helpdesk

Screenshot 2021 03 10 at 1.37.13 PM The Plus Addons for Elementor

Solution:

Make a complete High sensitivity Scan from Wordfence to check for any malicious codes in WP-Core Files and Hit Repair to fix them.At the same time check for any malicious code in database follow this guide to know more: https://blogvault.net/scan-wordpress-database-for-malware/

18. Kevin

Source: Helpdesk

secure The Plus Addons for Elementor

Solution:

These steps worked for Kevin. Try if that help you as well.

Some Related Videos You Can Check Out :

Leave Your Comment

Follow Us

Subscribe

Subscribe us for Amazing Updates and News about Elementor.

X