Title: Plugin Hacked or Updated? Last modified: October 14, 2017 --- # Plugin Hacked or Updated? * Resolved [richsadams](https://wordpress.org/support/users/richsadams/) * (@richsadams) * [8 years, 7 months ago](https://wordpress.org/support/topic/plugin-hacked-or-updated/) * I’m managing a WP site utilizing the Winning Agent Pro Theme on the Genesis platform. * Wordfence Security generated a warning that this supporting plugin Agent Press Listings’ file was changed/updated within the last 48 hours: * wp-content/plugins/agentpress-listings/includes/class-listings.php * Can someone confirm if this was an update by the developer? * Here is a screenshot of the changes from the original file to the current file: * [Agent Press Listings File Differences](https://imgur.com/RCcjj5C) * (Note that I changed line #40 from “Basement” to “Occupied” for the site owner.) * The warning is of concern as it also indicates that the plugin has been abandoned since no updates have been made since October 11, 2015. * TIA! - This topic was modified 8 years, 7 months ago by [richsadams](https://wordpress.org/support/users/richsadams/). - This topic was modified 8 years, 7 months ago by [richsadams](https://wordpress.org/support/users/richsadams/). Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Support [Nick C](https://wordpress.org/support/users/modernnerd/) * (@modernnerd) * [8 years, 7 months ago](https://wordpress.org/support/topic/plugin-hacked-or-updated/#post-9587891) * The plugin’s public commit history is visible here: - [https://github.com/copyblogger/agentpress-listings](https://github.com/copyblogger/agentpress-listings) - [https://plugins.trac.wordpress.org/browser/agentpress-listings/](https://plugins.trac.wordpress.org/browser/agentpress-listings/) * The latest version of `class-listings.php` uses `agentpress-listings` as the text domain, and not the `apl` from your screenshot. It also uses ‘public’ and not ‘var’. [https://plugins.trac.wordpress.org/browser/agentpress-listings/tags/1.2.6/includes/class-listings.php#L28](https://plugins.trac.wordpress.org/browser/agentpress-listings/tags/1.2.6/includes/class-listings.php#L28) * However, the change you mention does not look malicious to me; it seems like the result of a find-replace operation for `agentpress-listings` to `apl` and` public` to `var`. Perhaps such a change was made if you’ve already been editing the plugin files directly. * Although the plugin has not received a recent update, these forums are monitored and the plugin is safe to continue using. * Thread Starter [richsadams](https://wordpress.org/support/users/richsadams/) * (@richsadams) * [8 years, 7 months ago](https://wordpress.org/support/topic/plugin-hacked-or-updated/#post-9587928) * Thanks for the über fast response Nick! * It’s strange though…I had not changed anything outside of the “Basement” > “Occupied?” text in that file myself and that was more than a year ago, possibly longer. * So I let Wordfence roll it back to the original file and it reflects the “agent press-listings” again (mirroring the code that you linked). I updated line #39 from “Basement” to “Occupied?” again. * Afterward I ran a Wordfence scan and it picked up my change, but everything else matches: * [Agent Press Listing Update](https://imgur.com/NWQ0bpc) * The listings are still functioning normally and site appears to be working fine so there don’t appear to be any ill effects. * Still…it’s odd that the file was changed somehow. * Thanks again for the great support! * Plugin Support [Nick C](https://wordpress.org/support/users/modernnerd/) * (@modernnerd) * [8 years, 7 months ago](https://wordpress.org/support/topic/plugin-hacked-or-updated/#post-9587942) * You’re welcome! * Looking at the [commit history for that file](https://github.com/copyblogger/agentpress-listings/commit/f1eccbdef2ff3bc49f6afabcff417a74df85743e#diff-d0e4e717f62611ad50e03c1ce85e4db5), the text domain did used to be `apl`. Maybe you edited an old version locally and pushed the changes to the remote site (overwriting the longer text domain), or otherwise modified an older version. * Well done for putting it right, anyway. * Thread Starter [richsadams](https://wordpress.org/support/users/richsadams/) * (@richsadams) * [8 years, 7 months ago](https://wordpress.org/support/topic/plugin-hacked-or-updated/#post-9587966) * Thanks Nick. I’m sure you’re theory is right now that I think about it, makes perfect sense. Mistake on my part. * Odd that Wordfence only picked up on it just now though. Perhaps they recently updated their database, who knows? * Thanks again! Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Plugin Hacked or Updated?’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/agentpress-listings_46515d.svg) * [AgentPress Listings](https://wordpress.org/plugins/agentpress-listings/) * [Frequently Asked Questions](https://wordpress.org/plugins/agentpress-listings/#faq) * [Support Threads](https://wordpress.org/support/plugin/agentpress-listings/) * [Active Topics](https://wordpress.org/support/plugin/agentpress-listings/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/agentpress-listings/unresolved/) * [Reviews](https://wordpress.org/support/plugin/agentpress-listings/reviews/) * 4 replies * 2 participants * Last reply from: [richsadams](https://wordpress.org/support/users/richsadams/) * Last activity: [8 years, 7 months ago](https://wordpress.org/support/topic/plugin-hacked-or-updated/#post-9587966) * Status: resolved