Menü schliessen
Created: December 6th 2017
Last updated: May 1st 2020
Categories: Wordpress
Author: Marcus Fleuti

up_auto_log=true requests - What's that? ATTENTION! Hackers! UserPro Plugin security issues.

Tags:  Hacker,  LEXO Managed Webhosting,  Plugin,  Security,  UserPro,  wordpress
Donation Section: Background
Monero Badge: QR-Code
Monero Badge: Logo Icon Donate with Monero Badge: Logo Text
82uymVXLkvVbB4c4JpTd1tYm1yj1cKPKR2wqmw3XF8YXKTmY7JrTriP4pVwp2EJYBnCFdXhLq4zfFA6ic7VAWCFX5wfQbCC

Security issues with the UserPro Plugin

If you see a lot of requests on your website that go to the URL /?up_auto_log=true then most probably hackers are trying to find a way to hack your website. This can be very dangerous! A hacker can easily take over your website and thus the whole webhosting. This might lead to a non-working website and the loss of your online-reputation. Worst case: People will no longer find you in Google and other search engines because Google locks out hacked websites automatically for weeks, months or even longer.

Act now!

Login to your WordPress website and make sure, that all plugins are up-to-date:

  1. Create a backup of your WordPress website
  2. Update all plugins to newest version (especially when you're using the UserPro plugin)
  3. Update your WordPress website to newest version

In case you are not using the UserPro plugin you can safely block these requests:

  1. Edit the .htaccess file of your website. It's located within the web root: https://www.your-website.tld/.htaccess
  2. You cannot access this file with your webbrowser. You need to login to your website using your providers' hosting control panel or via a FTP application like FileZilla.

Add the following lines on the top of this file:

# Block all requests that contain the up_auto_log parameter in the query string
RewriteCond %{QUERY_STRING} up_auto_log=.+ [NC]
RewriteRule .* - [F,L]

What does this command do?

This command checks whether the URL contains the up_auto_log parameter and a value consisting of at least 1 character or more. If that is the case the RewriteRule parameter kicks in and tells the system that this URL is Forbidden [F] and that no further rules shall be evaluated [L] (=last rule). This means that the webserver will just show an error message in this case.

In case you are uncertain what to do: ask your security advisor or IT support.

This is very crucial. If your website is getting hacked you might lose your data and months of work. Also you might lose your online SEO web reputation which is very hard, costly and time consuming to build up again. We are resolving such incidents once in a while and by experience we can tell, that it's hard work to restore your websites' health.

Is WordPress insecure? How about extensions?

No. WordPress by itself is very reliable and secure. But plugins (extensions) are not. They are often developed by untrained freelance developers who offer to solve a problem very easy and quick. But the code quality of many plugins is rather bad. These extensions make your website slow and can destroy your SEO (web reputation). You should always think twice before you install any plugin from the WordPress plugin repository. We've made the experience that it's the plugins which make WordPress insecure and unstable. They also add an additional workload in supporting and updating your WordPress website. We've often come across the issue, that after updating a plugin, the whole website broke down. The Yoast SEO extension is such a candidate. It sometimes can break down and destroy the valuable content on your website. Also plugins like UserPro or Yoast go very deep into the WordPress core. If the plugin has a security issue and a hacker can use this security whole in that plugin, he immediately gains access to the core of your WordPress website and hence is able to do whatever he likes on your precious page.

How can I prevent such WordPress security risks in the future?

It's generally very simple:

  1. Update WordPress regularily
  2. Do not use Plugins (better to hire a professional that develops exactly those functions that you need)

But... Plugins are cheap, aren't they?

Yes and no. Yes, you can implement functions a lot faster and cheaper by using a plugin. In the beginning. It's cheaper in the first place. But it mostly is not in the long run because plugins offer:

  1. Bigger security risks (high costs when website is hacked + downtime costs)
  2. Slowed down website (lower SEO ranking, lower user experience, lower quality, less possible customers finding your business)
  3. Increased maintenance effort (increased support costs)
  4. Higher risks for the website to break down when updating (increased support costs)
  5. Overloaded system - more difficult and hence more time consuming to add content leading to more outdated content and thus a decrease in your SEO ranking

If you calculate all of these opportunity costs you will see, that you do not safe money by using plugins. In many cases we experience that our websites run a lot cheaper, faster, more secure and more reliable because we do not use any plugins. And since we are not bound to the functions of the plugin we can program exactly those functions that are required by the website - which makes it very easy to use.

LEXO Managed Webhosting customers can relax 🙂

In case you are our customer and your website is handled through our Managed Webhosting plan: No worries. We already took care of all things. Besides: We do never use such plugins so... you're safe from the beginning and not affected by this at all.

LEXO - We make the WordPress world a little safer 🙂

Links