Title: Security problems?
Last modified: February 8, 2017

---

# Security problems?

 *  [clawver](https://wordpress.org/support/users/clawver/)
 * (@clawver)
 * [9 years, 4 months ago](https://wordpress.org/support/topic/security-problems-4/)
 * I’ve had a few sites hacked today, and it appears that they may be getting in
   through this plugin. In one instance, they were able to create a new username.
   They appear to be adding a file called “Upgrade” to the wp-content folder and
   putting php files in a folder called wflog. Just thought you’d want to know…I
   don’t want to ruin your day or anything.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Thread Starter [clawver](https://wordpress.org/support/users/clawver/)
 * (@clawver)
 * [9 years, 4 months ago](https://wordpress.org/support/topic/security-problems-4/#post-8769862)
 * Here’s a screenshot of the wordfence alert:
    [https://www.screencast.com/t/7YczaS2z7c](https://www.screencast.com/t/7YczaS2z7c)
 *  Plugin Author [Mudassar Ali](https://wordpress.org/support/users/sahilbabu/)
 * (@sahilbabu)
 * [9 years, 4 months ago](https://wordpress.org/support/topic/security-problems-4/#post-8785621)
 * Hi [@clawver](https://wordpress.org/support/users/clawver/),
 * I appreciate your concern. I already added some security checks like
 *     ```
       /* * **** SECURITE / SECURITY ***** */
       if (!function_exists('add_action')) {
           header('Status: 403 Forbidden');
           header('HTTP/1.1 403 Forbidden');
           exit();
       }
   
       /**
        * SECURITE / SECURITY 
        *  if called directly
        */
       if (!defined('WPINC')) {
           die;
       }
       ```
   
 * Using this in code means no one can access direct files. But if your wp instance
   is compromised then they can do anything.
 * Because this plugin is only for WP-admin users no normal user can access this
   one.
 * SO this plugin is fully secure
 * If you have further discussion or concern please let me know. thanks

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security problems?’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/country-ip-specific-redirections_c7cec5.
   svg)
 * [Country IP Specific Redirections](https://wordpress.org/plugins/country-ip-specific-redirections/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/country-ip-specific-redirections/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/country-ip-specific-redirections/)
 * [Active Topics](https://wordpress.org/support/plugin/country-ip-specific-redirections/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/country-ip-specific-redirections/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/country-ip-specific-redirections/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [Mudassar Ali](https://wordpress.org/support/users/sahilbabu/)
 * Last activity: [9 years, 4 months ago](https://wordpress.org/support/topic/security-problems-4/#post-8785621)
 * Status: not resolved