Sorry to hear your site has been impacted.
What we have seen:
- For a couple months hackers have been targeting woocommerce installs. Different hacking patterns: brute forcing passwords, vulnerable plugins (especially file manager plugins), etc. Adding fake admins, and changing code via the dashboard code editor.
- More sophisticated hackers recently targeted some sites that connect to our API, by sending “fake payloads” or spoofing connection data. Our official API was not impacted.
V2.152 or greater implemented strict API IP Verification for #2.
We had/have also been adding other security features, like to stop any new admins being added from other WordPress plugin/theme vulnerabilities, disabling the wp dashboard code editor, disabling xlm-rpc, etc. And have a few other things we are releasing soon. Shouldn’t have really had to do that though, since its beyond the scope of a gateway. Also, the WordPress Plugin Team did an audit of the plugin code.
To make sure your site is 100% clean:
- Update WP, and all plugins/themes. Including MyCryptoCheckout.
- Refresh Connection: Go to Settings > MyCryptoCheckout and click “Refresh Account Data” at the bottom of the page. This resets your API security tokens and connection.
- Check All Plugins/Themes File Integrity – Recommendation: Sucuri Security https://ww.wp.xz.cn/plugins/sucuri-scanner/
- Check for “Rogue” Admins: Go to your WordPress Users list. Look for any Administrator accounts you do not recognize.
After that, retry a checkout and make sure the address matches your settings.
If you have further questions let us know.
Thanks for your reply @edward_plainview . is there a good email address we can reach you at to further discuss?
-
This reply was modified 4 months, 2 weeks ago by
blueblue5.
