What are these security threats?

Some VaultPress plans include daily security scanning, and our most advanced subscription includes one-click threat resolution. On this page, you’ll learn about some of the more common threats, and how to address them. If you have any questions, drop us a line.

Managing Threats

For security threats, you will see the following three options:

  • Repair Threat: Click this to fix the threat! Please note that not all threats will have this option. This option will only be available for supported plans.
  • Ignore Threat: Click this to ignore the threat. Only do so if you have contacted us or are sure that the threat has been addressed.
  • File Affected: Click this to see more information about the suspicious file.

Below is an example of what two different security threats look like and how the options are displayed for each:

File Affected

Under some threats, you might see next steps for you to take. An example of this might be to upgrade the plugin. If you do not see these next steps, don’t worry because that just means to contact us!

Changes to Core WordPress Files

VaultPress checks your WordPress installation to see if any core files have been changed or deleted. Generally these files should not be changed. WordPress functionality can and should be altered by using plugins and themes instead.

If you didn’t make the changes to your core files, you should consider the files suspicious, and consider replacing them. If you’re unsure of the changes you see, you can always contact us.

Web-Based Shells

Web-based shells give an attacker full access to your server — allowing them to execute malicious code, delete files, make changes to your database, and more.

Shells are usually found in files, and can be removed by deleting the file from your server, and replacing the file with a clean version from your backup. If you don’t have a clean backup, or have any questions about removing shells, drop us a line.

TimThumb Vulnerability

TimThumb is a popular script that allows users to resize images on the fly. Since it is sometimes present within themes and plugins, you might not even know you’re running it.

Older versions of TimThumb may include a vulnerability that allows third parties to upload and execute malicious code in the TimThumb cache directory.

The simplest way to repair this vulnerability is to update all copies of TimThumb to the latest version. Alternatively, you could delete all copies of TimThumb from your server. You can also use our repair feature shown here:

Tim Thumb Repair

By hitting repair, this will fix the vulnerability for you. Please note that deactivating a theme or plugin which uses TimThumb does not fix the vulnerability.

If you have any questions about security threats or suspicious code, you’re always welcome to contact us.