Title: Code injection after last update
Last modified: August 30, 2016

---

# Code injection after last update

 *  Resolved [donniam](https://wordpress.org/support/users/donniam/)
 * (@donniam)
 * [10 years, 5 months ago](https://wordpress.org/support/topic/code-injection-after-last-update/)
 * I updated all my sites to latest wp cache today. Started having some of the sites
   having my two step authentication show up when not logging in. Phoned my hosting
   company and he noticed a bunch of code in htaccess where wp super cache is. I
   am going to send this through email to automatic with screen shot of code in 
   htaccess.
    I am removing the plugin from all sites. Not giving any domain addy
   here.
 * [https://wordpress.org/plugins/wp-super-cache/](https://wordpress.org/plugins/wp-super-cache/)

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Plugin Author [Brandon Kraft](https://wordpress.org/support/users/kraftbj/)
 * (@kraftbj)
 * Code Wrangler
 * [10 years, 5 months ago](https://wordpress.org/support/topic/code-injection-after-last-update/#post-6859865)
 * [@donniam](https://wordpress.org/support/users/donniam/) – What address did you
   use? Since this is a potentially a security-related event, please contact us 
   via [https://hackerone.com/automattic/](https://hackerone.com/automattic/) and
   let me know when you’ve done so.
 * Cheers!
 *  [BuzzyBuzzy](https://wordpress.org/support/users/buzzybuzzy/)
 * (@buzzybuzzy)
 * [10 years, 5 months ago](https://wordpress.org/support/topic/code-injection-after-last-update/#post-6859974)
 * Hello,
 * Any follow up available on this? Is there a vulnerability or not?
 * Thank you.
 *  Plugin Author [Brandon Kraft](https://wordpress.org/support/users/kraftbj/)
 * (@kraftbj)
 * Code Wrangler
 * [10 years, 5 months ago](https://wordpress.org/support/topic/code-injection-after-last-update/#post-6859977)
 * I haven’t seen [@donniam](https://wordpress.org/support/users/donniam/)’s report
   yet, but I don’t believe this is one at this time. Information in an htaccess
   near where WP Super Cache’s rules are isn’t indicative that WPSC added them.
 *  Thread Starter [donniam](https://wordpress.org/support/users/donniam/)
 * (@donniam)
 * [10 years, 5 months ago](https://wordpress.org/support/topic/code-injection-after-last-update/#post-6859978)
 * Thanks I sent in a report on the automatic hacker area as you suggested. Originally
   I contacted automatic but was not aware of hacker page and the reply was check
   with my hosting. I explained prior my hosting only discovered it for me, but 
   you will see it is not a hosting issue.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Code injection after last update’ is closed to new replies.

 * ![](https://ps.w.org/wp-super-cache/assets/icon-256x256.png?rev=3506220)
 * [WP Super Cache](https://wordpress.org/plugins/wp-super-cache/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-super-cache/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-super-cache/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-super-cache/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-super-cache/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-super-cache/reviews/)

 * 4 replies
 * 3 participants
 * Last reply from: [donniam](https://wordpress.org/support/users/donniam/)
 * Last activity: [10 years, 5 months ago](https://wordpress.org/support/topic/code-injection-after-last-update/#post-6859978)
 * Status: resolved