Jetpack Premium and Professional plans include daily, automated security scanning and one-click threat resolution. On this page, you’ll learn about some of the more common threats that we look for and how to properly address them.
Changes to Core WordPress Files
We checks you WordPress installation to see if any core files have been changed or deleted. Generally, these files should never be changed, so please keep that in mind when working on your site. WordPress functionality can and should be altered by using plugins and themes instead.
If you didn’t make the changes to your core files, you should consider the files suspicious and consider replacing them. If you’re unsure of the changes you see, you can always contact us.
Web-Based Shells
Web-based shells give an attacker full access to your server — allowing them to execute malicious code, delete files, make changes to your database, and many more dangerous things.
Shells are usually found in files, and they can be removed by deleting any infected files from your server and replacing them with a clean version from your backup. If you don’t have a clean backup, or have any questions about removing shells, please get in touch.
TimThumb Vulnerability
TimThumb is a popular script that allows users to resize images on the fly. Since it is sometimes present within themes and plugins, you might not even know you’re running it.
Older versions of TimThumb may include a vulnerability that allows third parties to upload and execute malicious code in the TimThumb cache directory.
The simplest way to repair this vulnerability is to update all copies of TimThumb to the latest version. Alternatively, you could delete all copies of TimThumb from your server. You can also use our repair feature shown here:
By hitting repair, this will fix the vulnerability for you. Please note that deactivating a theme or plugin which uses TimThumb does not fix the vulnerability.
If you have any questions about security threats or suspicious code, you’re always welcome to contact us.
Privacy Information
This feature is deactivated by default, and requires an upgrade to the Premium or Professional plan to unlock/activate.
| Data Used | |
|---|---|
|
Site Owners / Users None. |
Site Visitors None. |
| Activity Tracked | |
|
Site Owners / Users None. |
Site Visitors None. |
| Data Synced (Read More) | |
|
Site Owners / Users None. |
Site Visitors None. |